X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=manufacturing%2Fincludes%2Fdb%2Fwork_order_issues_db.inc;fp=manufacturing%2Fincludes%2Fdb%2Fwork_order_issues_db.inc;h=2bdffa266b61306c8d0afd7e614ad71a65c0bd1e;hb=8ea6c4dd0d9b31b3456d012b0c94339b801bee0c;hp=0e0999b0cb460725b555370b3222d9f29962162d;hpb=3ff9ed87cb909f19c8fe3e7dfda5df79d0c01a6c;p=fa-stable.git

diff --git a/manufacturing/includes/db/work_order_issues_db.inc b/manufacturing/includes/db/work_order_issues_db.inc
index 0e0999b0..2bdffa26 100644
--- a/manufacturing/includes/db/work_order_issues_db.inc
+++ b/manufacturing/includes/db/work_order_issues_db.inc
@@ -36,8 +36,8 @@ function add_work_order_issue($woid, $ref, $to_work_order, $items, $location, $w
 
 	// insert the actual issue
 	$sql = "INSERT INTO ".TB_PREF."wo_issues (workorder_id, reference, issue_date, loc_code, workcentre_id)
-		VALUES ($woid, ".db_escape($ref).", '" .
-		date2sql($date_) . "', ".db_escape($location).", $workcentre)";
+		VALUES (".db_escape($woid).", ".db_escape($ref).", '" .
+		date2sql($date_) . "', ".db_escape($location).", ".db_escape($workcentre).")";
 	db_query($sql,"The work order issue could not be added");
 
 	$number = db_insert_id();
@@ -53,7 +53,8 @@ function add_work_order_issue($woid, $ref, $to_work_order, $items, $location, $w
 			$location, $date_, $memo_, -$item->quantity, 0);
 
 		$sql = "INSERT INTO ".TB_PREF."wo_issue_items (issue_id, stock_id, qty_issued)
-			VALUES ('$number', '$item->stock_id', $item->quantity)";
+			VALUES (".db_escape($number).", ".db_escape($item->stock_id).", "
+			.db_escape($item->quantity).")";
 		db_query($sql,"A work order issue item could not be added");
 	}
 
@@ -70,7 +71,8 @@ function add_work_order_issue($woid, $ref, $to_work_order, $items, $location, $w
 
 function get_work_order_issues($woid)
 {
-	$sql = "SELECT * FROM ".TB_PREF."wo_issues WHERE workorder_id=$woid ORDER BY issue_no";
+	$sql = "SELECT * FROM ".TB_PREF."wo_issues WHERE workorder_id=".db_escape($woid)
+	." ORDER BY issue_no";
     return db_query($sql, "The work order issues could not be retrieved");
 }
 
@@ -79,7 +81,8 @@ function get_additional_issues($woid)
 	$sql = "SELECT ".TB_PREF."wo_issues.*, ".TB_PREF."wo_issue_items.*
 		FROM ".TB_PREF."wo_issues, ".TB_PREF."wo_issue_items
 		WHERE ".TB_PREF."wo_issues.issue_no=".TB_PREF."wo_issue_items.issue_id
-		AND ".TB_PREF."wo_issues.workorder_id=$woid ORDER BY ".TB_PREF."wo_issue_items.id";
+		AND ".TB_PREF."wo_issues.workorder_id=".db_escape($woid)
+		." ORDER BY ".TB_PREF."wo_issue_items.id";
     return db_query($sql, "The work order issues could not be retrieved");
 }
 //--------------------------------------------------------------------------------------
@@ -87,9 +90,11 @@ function get_additional_issues($woid)
 function get_work_order_issue($issue_no)
 {
 	$sql = "SELECT DISTINCT ".TB_PREF."wo_issues.*, ".TB_PREF."workorders.stock_id,
-		".TB_PREF."stock_master.description, ".TB_PREF."locations.location_name, ".TB_PREF."workcentres.name AS WorkCentreName
-		FROM ".TB_PREF."wo_issues, ".TB_PREF."workorders, ".TB_PREF."stock_master, ".TB_PREF."locations, ".TB_PREF."workcentres
-		WHERE issue_no='$issue_no'
+		".TB_PREF."stock_master.description, ".TB_PREF."locations.location_name, "
+		.TB_PREF."workcentres.name AS WorkCentreName
+		FROM ".TB_PREF."wo_issues, ".TB_PREF."workorders, ".TB_PREF."stock_master, "
+		.TB_PREF."locations, ".TB_PREF."workcentres
+		WHERE issue_no=".db_escape($issue_no)."
 		AND ".TB_PREF."workorders.id = ".TB_PREF."wo_issues.workorder_id
 		AND ".TB_PREF."locations.loc_code = ".TB_PREF."wo_issues.loc_code
 		AND ".TB_PREF."workcentres.id = ".TB_PREF."wo_issues.workcentre_id
@@ -103,9 +108,10 @@ function get_work_order_issue($issue_no)
 
 function get_work_order_issue_details($issue_no)
 {
-	$sql = "SELECT ".TB_PREF."wo_issue_items.*,".TB_PREF."stock_master.description, ".TB_PREF."stock_master.units
+	$sql = "SELECT ".TB_PREF."wo_issue_items.*,"
+	.TB_PREF."stock_master.description, ".TB_PREF."stock_master.units
 		FROM ".TB_PREF."wo_issue_items, ".TB_PREF."stock_master
-		WHERE issue_id=$issue_no
+		WHERE issue_id=".db_escape($issue_no)."
 		AND ".TB_PREF."stock_master.stock_id=".TB_PREF."wo_issue_items.stock_id
 		ORDER BY ".TB_PREF."wo_issue_items.id";
     return db_query($sql, "The work order issue items could not be retrieved");
@@ -115,7 +121,7 @@ function get_work_order_issue_details($issue_no)
 
 function exists_work_order_issue($issue_no)
 {
-	$sql = "SELECT issue_no FROM ".TB_PREF."wo_issues WHERE issue_no=$issue_no";
+	$sql = "SELECT issue_no FROM ".TB_PREF."wo_issues WHERE issue_no=".db_escape($issue_no);
 	$result = db_query($sql, "Cannot retreive a wo issue");
 
     return (db_num_rows($result) > 0);
@@ -128,7 +134,8 @@ function void_work_order_issue($type_no)
 	begin_transaction();
 
 	// void the actual issue items and their quantities
-	$sql = "UPDATE ".TB_PREF."wo_issue_items Set qty_issued = 0 WHERE issue_id=$type_no";
+	$sql = "UPDATE ".TB_PREF."wo_issue_items Set qty_issued = 0 WHERE issue_id="
+		.db_escape($type_no);
 	db_query($sql,"A work order issue item could not be voided");
 
 	// void all related stock moves