X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fpurchasing_data.php;h=503689018ed0015251767bdcefee702c638b51d1;hb=8f7ac519b7aaf8ec219862597e878d3a28316ac6;hp=20cf75366e35817bc0bcd50975e7082aad810606;hpb=f018643dc04ce130f1729e16a65458af443308a0;p=fa-stable.git diff --git a/inventory/purchasing_data.php b/inventory/purchasing_data.php index 20cf7536..50368901 100644 --- a/inventory/purchasing_data.php +++ b/inventory/purchasing_data.php @@ -24,9 +24,8 @@ check_db_has_purchasable_items(_("There are no purchasable inventory items defin check_db_has_suppliers(_("There are no suppliers defined in the system.")); //---------------------------------------------------------------------------------------- -set_editor('supplier', 'supplier_id' , 'supplier_id'); - simple_page_mode(true); + //-------------------------------------------------------------------------------------------------- if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') @@ -60,17 +59,17 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') $sql = "INSERT INTO ".TB_PREF."purch_data (supplier_id, stock_id, price, suppliers_uom, conversion_factor, supplier_description) VALUES ("; $sql .= "'".$_POST['supplier_id']."', '" . $_POST['stock_id'] . "', " . - input_num('price') . ", '" . $_POST['suppliers_uom'] . "', " . - input_num('conversion_factor') . ", '" . $_POST['supplier_description'] . "')"; + input_num('price',0) . ", '" . $_POST['suppliers_uom'] . "', " . + input_num('conversion_factor') . ", " . db_escape($_POST['supplier_description']) . ")"; db_query($sql,"The supplier purchasing details could not be added"); display_notification(_("This supplier purchasing data has been added.")); } else { - $sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price') . ", + $sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price',0) . ", suppliers_uom='" . $_POST['suppliers_uom'] . "', conversion_factor=" . input_num('conversion_factor') . ", - supplier_description='" . $_POST['supplier_description'] . "' + supplier_description=" . db_escape($_POST['supplier_description']) . " WHERE stock_id='" . $_POST['stock_id'] . "' AND supplier_id='$selected_id'"; db_query($sql,"The supplier purchasing details could not be updated");