X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fpurchasing_data.php;h=b77a92bdac5778e94ac3dc058d942146e2c2d6aa;hb=777422e8d5a3ba188e7420719e33322098075313;hp=67b670ffd6a89c742da8a5c37a352aa45992be57;hpb=c09be0dad6b05131e240349a375af7a4b7bf3444;p=fa-stable.git diff --git a/inventory/purchasing_data.php b/inventory/purchasing_data.php index 67b670ff..b77a92bd 100644 --- a/inventory/purchasing_data.php +++ b/inventory/purchasing_data.php @@ -1,9 +1,19 @@ . +***********************************************************************/ +$page_security = 'SA_PURCHASEPRICING'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); -page(_("Supplier Purchasing Data")); +page(_($help_context = "Supplier Purchasing Data")); include_once($path_to_root . "/includes/date_functions.inc"); include_once($path_to_root . "/includes/ui.inc"); @@ -13,7 +23,9 @@ include_once($path_to_root . "/includes/data_checks.inc"); check_db_has_purchasable_items(_("There are no purchasable inventory items defined in the system.")); check_db_has_suppliers(_("There are no suppliers defined in the system.")); +//---------------------------------------------------------------------------------------- simple_page_mode(true); + //-------------------------------------------------------------------------------------------------- if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') @@ -46,20 +58,21 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') $sql = "INSERT INTO ".TB_PREF."purch_data (supplier_id, stock_id, price, suppliers_uom, conversion_factor, supplier_description) VALUES ("; - $sql .= "'".$_POST['supplier_id']."', '" . $_POST['stock_id'] . "', " . - input_num('price') . ", '" . $_POST['suppliers_uom'] . "', " . - input_num('conversion_factor') . ", '" . $_POST['supplier_description'] . "')"; + $sql .= db_escape($_POST['supplier_id']).", ".db_escape($_POST['stock_id']). ", " + .input_num('price',0) . ", ".db_escape( $_POST['suppliers_uom'] ). ", " + .input_num('conversion_factor') . ", " + .db_escape($_POST['supplier_description']) . ")"; db_query($sql,"The supplier purchasing details could not be added"); display_notification(_("This supplier purchasing data has been added.")); } else { - $sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price') . ", - suppliers_uom='" . $_POST['suppliers_uom'] . "', + $sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price',0) . ", + suppliers_uom=".db_escape($_POST['suppliers_uom']) . ", conversion_factor=" . input_num('conversion_factor') . ", - supplier_description='" . $_POST['supplier_description'] . "' - WHERE stock_id='" . $_POST['stock_id'] . "' AND - supplier_id='$selected_id'"; + supplier_description=" . db_escape($_POST['supplier_description']) . " + WHERE stock_id=".db_escape($_POST['stock_id']) . " AND + supplier_id=".db_escape($selected_id); db_query($sql,"The supplier purchasing details could not be updated"); display_notification(_("Supplier purchasing data has been updated.")); @@ -73,8 +86,8 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') if ($Mode == 'Delete') { - $sql = "DELETE FROM ".TB_PREF."purch_data WHERE supplier_id='$selected_id' - AND stock_id='" . $_POST['stock_id'] . "'"; + $sql = "DELETE FROM ".TB_PREF."purch_data WHERE supplier_id=".db_escape($selected_id)." + AND stock_id=".db_escape($_POST['stock_id']); db_query($sql,"could not delete purchasing data"); display_notification(_("The purchasing data item has been sucessfully deleted.")); @@ -92,17 +105,17 @@ if (isset($_POST['_selected_id_update']) ) $Ajax->activate('_page_body'); } -if (isset($_POST['_stock_id_update'])) +if (list_updated('stock_id')) $Ajax->activate('price_table'); //-------------------------------------------------------------------------------------------------- -start_form(false, true); +start_form(); if (!isset($_POST['stock_id'])) $_POST['stock_id'] = get_global_stock_item(); echo "