X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fpurchasing_data.php;h=51464e04969cb3eb31386e7ba6d563b452a5d31a;hb=3ff9ed87cb909f19c8fe3e7dfda5df79d0c01a6c;hp=69d4b91eedcfd4f8f92370705fca736ab8028f61;hpb=cf7be1f00c6abe59755286e0c3108d9d3c0356da;p=fa-stable.git

diff --git a/inventory/purchasing_data.php b/inventory/purchasing_data.php
index 69d4b91e..51464e04 100644
--- a/inventory/purchasing_data.php
+++ b/inventory/purchasing_data.php
@@ -9,8 +9,8 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 4;
-$path_to_root="..";
+$page_security = 'SA_PURCHASEPRICING';
+$path_to_root = "..";
 include_once($path_to_root . "/includes/session.inc");
 
 page(_("Supplier Purchasing Data"));
@@ -59,17 +59,17 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
     		$sql = "INSERT INTO ".TB_PREF."purch_data (supplier_id, stock_id, price, suppliers_uom,
     			conversion_factor, supplier_description) VALUES (";
     		$sql .= "'".$_POST['supplier_id']."', '" . $_POST['stock_id'] . "', " .
-		    input_num('price') . ", '" . $_POST['suppliers_uom'] . "', " .
-    			input_num('conversion_factor') . ", '" . $_POST['supplier_description'] . "')";
+		    input_num('price',0) . ", '" . $_POST['suppliers_uom'] . "', " .
+    			input_num('conversion_factor') . ", " . db_escape($_POST['supplier_description']) . ")";
 
     		db_query($sql,"The supplier purchasing details could not be added");
     		display_notification(_("This supplier purchasing data has been added."));
        	} else
        	{
-          	$sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price') . ",
+          	$sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price',0) . ",
 				suppliers_uom='" . $_POST['suppliers_uom'] . "',
 				conversion_factor=" . input_num('conversion_factor') . ",
-				supplier_description='" . $_POST['supplier_description'] . "'
+				supplier_description=" . db_escape($_POST['supplier_description']) . "
 				WHERE stock_id='" . $_POST['stock_id'] . "' AND
 				supplier_id='$selected_id'";
           	db_query($sql,"The supplier purchasing details could not be updated");
@@ -157,7 +157,7 @@ else
 			alt_table_row_color($k);
 
             label_cell($myrow["supp_name"]);
-            amount_cell($myrow["price"]);
+            amount_decimal_cell($myrow["price"]);
             label_cell($myrow["curr_code"]);
             label_cell($myrow["suppliers_uom"]);
             qty_cell($myrow['conversion_factor'], false, user_exrate_dec());
@@ -181,6 +181,7 @@ else
 
 //-----------------------------------------------------------------------------------------------
 
+$dec2 = 6;
 if ($Mode =='Edit')
 {
 
@@ -194,7 +195,7 @@ if ($Mode =='Edit')
 	$myrow = db_fetch($result);
 
     $supp_name = $myrow["supp_name"];
-    $_POST['price'] = price_format($myrow["price"]);
+    $_POST['price'] = price_decimal_format($myrow["price"], $dec2);
     $_POST['suppliers_uom'] = $myrow["suppliers_uom"];
     $_POST['supplier_description'] = $myrow["supplier_description"];
     $_POST['conversion_factor'] = exrate_format($myrow["conversion_factor"]);
@@ -214,7 +215,7 @@ else
 	supplier_list_row(_("Supplier:"), 'supplier_id', null, false, true);
 	$_POST['price'] = $_POST['suppliers_uom'] = $_POST['conversion_factor'] = $_POST['supplier_description'] = "";
 }
-amount_row(_("Price:"), 'price', null,'', get_supplier_currency($selected_id));
+amount_row(_("Price:"), 'price', null,'', get_supplier_currency($selected_id), $dec2);
 text_row(_("Suppliers Unit of Measure:"), 'suppliers_uom', null, 50, 51);
 
 if (!isset($_POST['conversion_factor']) || $_POST['conversion_factor'] == "")