X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=manufacturing%2Fincludes%2Fdb%2Fwork_order_requirements_db.inc;h=a722c1ed96465a5b4fbd5e2e13111d48b392e1c5;hb=de09a35c9e55aceaf1c71052cbb40f44e4b3bbc7;hp=9c528db90a83df33ff81fba231d1557d21457081;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/manufacturing/includes/db/work_order_requirements_db.inc b/manufacturing/includes/db/work_order_requirements_db.inc
index 9c528db9..a722c1ed 100644
--- a/manufacturing/includes/db/work_order_requirements_db.inc
+++ b/manufacturing/includes/db/work_order_requirements_db.inc
@@ -1,16 +1,26 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 function get_wo_requirements($woid)
 {
 	$sql = "SELECT ".TB_PREF."wo_requirements.*, ".TB_PREF."stock_master.description,
 		".TB_PREF."stock_master.mb_flag, 
 		".TB_PREF."locations.location_name, 
 		".TB_PREF."workcentres.name AS WorkCentreDescription FROM 
-		".TB_PREF."wo_requirements, ".TB_PREF."locations, ".TB_PREF."workcentres INNER JOIN ".TB_PREF."stock_master ON 
+		(".TB_PREF."wo_requirements, ".TB_PREF."locations, "
+		.TB_PREF."workcentres) INNER JOIN ".TB_PREF."stock_master ON 
 		".TB_PREF."wo_requirements.stock_id = ".TB_PREF."stock_master.stock_id 
-		WHERE workorder_id=$woid
+		WHERE workorder_id=".db_escape($woid)."
 		AND ".TB_PREF."locations.loc_code = ".TB_PREF."wo_requirements.loc_code
-		AND ".TB_PREF."workcentres.id=workcentre";	
+		AND ".TB_PREF."workcentres.id=workcentre";
 
 	return db_query($sql, "The work order requirements could not be retrieved");    
 }
@@ -26,7 +36,7 @@ function create_wo_requirements($woid, $stock_id)
 	{
 		
 		$sql = "INSERT INTO ".TB_PREF."wo_requirements (workorder_id, stock_id, workcentre, units_req, loc_code)
-			VALUES ($woid, '" .
+			VALUES (".db_escape($woid).", '" .
 			$myrow["component"] . "', '"	.
 			$myrow["workcentre_added"] . "', '"	.
 			$myrow["quantity"] . "', '"	.
@@ -40,17 +50,17 @@ function create_wo_requirements($woid, $stock_id)
 
 function delete_wo_requirements($woid)
 {
-	$sql="DELETE FROM ".TB_PREF."wo_requirements WHERE workorder_id=$woid";
+	$sql="DELETE FROM ".TB_PREF."wo_requirements WHERE workorder_id=".db_escape($woid);
 	db_query($sql,"The work order requirements could not be deleted");	
 }
 
 
 //--------------------------------------------------------------------------------------
 
-function update_wo_requirement_issued($woReqID, $quantity)
+function update_wo_requirement_issued($woid, $stock_id, $quantity)
 {
-	$sql = "UPDATE ".TB_PREF."wo_requirements SET units_issued = units_issued + $quantity
-		WHERE id = '$woReqID'";
+	$sql = "UPDATE ".TB_PREF."wo_requirements SET units_issued = units_issued + ".db_escape($quantity)."
+		WHERE workorder_id = ".db_escape($woid)." AND stock_id = ".db_escape($stock_id);
 				
 	db_query($sql, "The work requirements issued quantity couldn't be updated");
 }
@@ -59,8 +69,9 @@ function update_wo_requirement_issued($woReqID, $quantity)
 
 function void_wo_requirements($woid)
 {
-	$sql = "UPDATE ".TB_PREF."wo_requirements SET units_issued = 0 WHERE workorder_id = $woid";
-				
+	$sql = "UPDATE ".TB_PREF."wo_requirements SET units_issued = 0 WHERE workorder_id = "
+	.db_escape($woid);
+
 	db_query($sql, "The work requirements issued quantity couldn't be voided");	
 }