X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Fincludes%2Fdb%2Fgrn_db.inc;h=84a2f938ad83de9ecb9eeddf6fbefe2484ffa6e0;hb=8ea6c4dd0d9b31b3456d012b0c94339b801bee0c;hp=3a9e45955515ffca5dbc8f67e97b680160807871;hpb=80dd97a37f674cc3691fa04af4c29607067566b2;p=fa-stable.git

diff --git a/purchasing/includes/db/grn_db.inc b/purchasing/includes/db/grn_db.inc
index 3a9e4595..84a2f938 100644
--- a/purchasing/includes/db/grn_db.inc
+++ b/purchasing/includes/db/grn_db.inc
@@ -21,12 +21,12 @@ function update_average_material_cost($supplier, $stock_id, $price, $qty, $date,
 		$price_in_home_currency = to_home_currency($price, $currency, $date);
 	else
 		$price_in_home_currency = $price;
-	$sql = "SELECT material_cost FROM ".TB_PREF."stock_master WHERE stock_id='$stock_id'";
+	$sql = "SELECT material_cost FROM ".TB_PREF."stock_master WHERE stock_id=".db_escape($stock_id);
 	$result = db_query($sql);
 	$myrow = db_fetch($result);
 	$material_cost = $myrow['material_cost'];
 	if ($adj_only)
-		$exclude = 13;
+		$exclude = ST_CUSTDELIVERY;
 	else
 		$exclude = 0;
 	$qoh = get_qoh_on_date($stock_id, null, $date, $exclude);
@@ -44,7 +44,7 @@ function update_average_material_cost($supplier, $stock_id, $price, $qty, $date,
 		$material_cost = ($qoh * $material_cost + $qty * $price_in_home_currency) /	($qoh + $qty);
 
 	$sql = "UPDATE ".TB_PREF."stock_master SET material_cost=".db_escape($material_cost)."
-		WHERE stock_id='$stock_id'";
+		WHERE stock_id=".db_escape($stock_id);
 	db_query($sql,"The cost details for the inventory item could not be updated");
 	return $material_cost;
 }
@@ -88,16 +88,16 @@ function add_grn(&$po, $date_, $reference, $location)
 				$order_line->standard_cost,	$order_line->receive_qty, $order_line->price);
 
 			/* Update location stock records - NB  a po cannot be entered for a service/kit parts */
-            add_stock_move(25, $order_line->stock_id, $grn, $location, $date_, "",
+            add_stock_move(ST_SUPPRECEIVE, $order_line->stock_id, $grn, $location, $date_, "",
             	$order_line->receive_qty, $order_line->standard_cost,
             	$po->supplier_id, 1, $order_line->price);
 
 		} /*quantity received is != 0 */
 	} /*end of order_line loop */
 
-	$Refs->save(25, $grn, $reference);
+	$Refs->save(ST_SUPPRECEIVE, $grn, $reference);
 
-	add_audit_trail(25, $grn, $date_);
+	add_audit_trail(ST_SUPPRECEIVE, $grn, $date_);
 
 	commit_transaction();
 
@@ -125,15 +125,17 @@ function add_grn_detail_item($grn_batch_id, $po_detail_item, $item_code, $descri
 	$quantity_received, $price)
 {
 	$sql = "UPDATE ".TB_PREF."purch_order_details
-        SET quantity_received = quantity_received + $quantity_received,
-        std_cost_unit=$standard_unit_cost,
-        act_price=$price
-        WHERE po_detail_item = $po_detail_item";
+        SET quantity_received = quantity_received + ".db_escape($quantity_received).",
+        std_cost_unit=".db_escape($standard_unit_cost).",
+        act_price=".db_escape($price)."
+        WHERE po_detail_item = ".db_escape($po_detail_item);
 
 	db_query($sql, "a purchase order details record could not be updated. This receipt of goods has not been processed ");
 
 	$sql = "INSERT INTO ".TB_PREF."grn_items (grn_batch_id, po_detail_item, item_code, description, qty_recd)
-		VALUES ($grn_batch_id, $po_detail_item, ".db_escape($item_code).", ".db_escape($description).", $quantity_received)";
+		VALUES (".db_escape($grn_batch_id).", "
+		.db_escape($po_detail_item).", ".db_escape($item_code).", ".db_escape($description)
+		.", ".db_escape($quantity_received).")";
 
 	db_query($sql, "A GRN detail item could not be inserted.");
 
@@ -143,7 +145,7 @@ function add_grn_detail_item($grn_batch_id, $po_detail_item, $item_code, $descri
 //----------------------------------------------------------------------------------------
 function get_grn_batch_from_item($item)
 {
-	$sql = "SELECT grn_batch_id FROM ".TB_PREF."grn_items WHERE id=$item";
+	$sql = "SELECT grn_batch_id FROM ".TB_PREF."grn_items WHERE id=".db_escape($item);
 	$result = db_query($sql, "Could not retreive GRN batch id");
 	$row = db_fetch_row($result);
 	return $row[0];
@@ -151,7 +153,7 @@ function get_grn_batch_from_item($item)
 
 function get_grn_batch($grn)
 {
-	$sql = "SELECT * FROM ".TB_PREF."grn_batch WHERE id=$grn";
+	$sql = "SELECT * FROM ".TB_PREF."grn_batch WHERE id=".db_escape($grn);
 	$result = db_query($sql, "Could not retreive GRN batch id");
 	return db_fetch($result);
 }
@@ -164,41 +166,46 @@ function set_grn_item_credited(&$entered_grn, $supplier, $transno, $date)
  	$sql = "SELECT ".TB_PREF."grn_batch.*, ".TB_PREF."grn_items.*
     	FROM ".TB_PREF."grn_batch, ".TB_PREF."grn_items
     	WHERE ".TB_PREF."grn_items.grn_batch_id=".TB_PREF."grn_batch.id
-		AND ".TB_PREF."grn_items.id=$entered_grn->id
-    	AND ".TB_PREF."grn_items.item_code='$entered_grn->item_code' ";
+		AND ".TB_PREF."grn_items.id=".db_escape($entered_grn->id)."
+    	AND ".TB_PREF."grn_items.item_code=".db_escape($entered_grn->item_code);
 	$result = db_query($sql, "Could not retreive GRNS");
 	$myrow = db_fetch($result);
 
 	$sql = "UPDATE ".TB_PREF."purch_order_details
-        SET quantity_received = quantity_received + $entered_grn->this_quantity_inv,
-        quantity_ordered = quantity_ordered + $entered_grn->this_quantity_inv,
-        qty_invoiced = qty_invoiced + $entered_grn->this_quantity_inv,
-        std_cost_unit=$mcost,
-        act_price=$entered_grn->chg_price
+        SET quantity_received = quantity_received + "
+        	.db_escape($entered_grn->this_quantity_inv).",
+        quantity_ordered = quantity_ordered + "
+        .db_escape($entered_grn->this_quantity_inv).",
+        qty_invoiced = qty_invoiced + ".db_escape($entered_grn->this_quantity_inv).",
+        std_cost_unit=".db_escape($mcost).",
+        act_price=".db_escape($entered_grn->chg_price)."
         WHERE po_detail_item = ".$myrow["po_detail_item"];
 	db_query($sql, "a purchase order details record could not be updated. This receipt of goods has not been processed ");
 
 	//$sql = "UPDATE ".TB_PREF."grn_items SET qty_recd=0, quantity_inv=0 WHERE id=$entered_grn->id";
-	$sql = "UPDATE ".TB_PREF."grn_items SET qty_recd=qty_recd+$entered_grn->this_quantity_inv,
-		quantity_inv=quantity_inv+$entered_grn->this_quantity_inv WHERE id=$entered_grn->id";
+	$sql = "UPDATE ".TB_PREF."grn_items SET qty_recd=qty_recd+".db_escape($entered_grn->this_quantity_inv)
+	.",quantity_inv=quantity_inv+".db_escape($entered_grn->this_quantity_inv)
+	." WHERE id=".db_escape($entered_grn->id);
 	db_query($sql);
 
-    add_stock_move(21, $entered_grn->item_code, $transno, $myrow['loc_code'], $date, "",
+    add_stock_move(ST_SUPPCREDIT, $entered_grn->item_code, $transno, $myrow['loc_code'], $date, "",
        	$entered_grn->this_quantity_inv, $mcost, $supplier, 1, $entered_grn->chg_price);
 }
 
 function get_grn_items($grn_batch_id=0, $supplier_id="", $outstanding_only=false,
 	$is_invoiced_only=false, $invoice_no=0, $begin="", $end="")
 {
-    $sql = "SELECT ".TB_PREF."grn_batch.*, ".TB_PREF."grn_items.*, ".TB_PREF."purch_order_details.unit_price,
+    $sql = "SELECT ".TB_PREF."grn_batch.*, ".TB_PREF."grn_items.*, "
+    	.TB_PREF."purch_order_details.unit_price,
 		".TB_PREF."purch_order_details.std_cost_unit, units
-    	FROM ".TB_PREF."grn_batch, ".TB_PREF."grn_items, ".TB_PREF."purch_order_details, ".TB_PREF."stock_master";
+    	FROM ".TB_PREF."grn_batch, ".TB_PREF."grn_items, "
+    	.TB_PREF."purch_order_details, ".TB_PREF."stock_master";
     if ($invoice_no != 0)
     	$sql .= ", ".TB_PREF."supp_invoice_items";
     $sql .= " WHERE ".TB_PREF."grn_items.grn_batch_id=".TB_PREF."grn_batch.id
 		AND ".TB_PREF."grn_items.po_detail_item=".TB_PREF."purch_order_details.po_detail_item";
 	if ($invoice_no != 0)
-		$sql .= " AND ".TB_PREF."supp_invoice_items.supp_trans_type=20 AND 
+		$sql .= " AND ".TB_PREF."supp_invoice_items.supp_trans_type=".ST_SUPPINVOICE." AND 
 			".TB_PREF."supp_invoice_items.supp_trans_no=$invoice_no AND
 			".TB_PREF."grn_items.id=".TB_PREF."supp_invoice_items.grn_item_id";
 	$sql .= " AND ".TB_PREF."stock_master.stock_id=".TB_PREF."grn_items.item_code ";
@@ -208,7 +215,8 @@ function get_grn_items($grn_batch_id=0, $supplier_id="", $outstanding_only=false
 	if ($end != "")
 		$sql .= " AND ".TB_PREF."grn_batch.delivery_date<='".date2sql($end)."'";
 	if ($grn_batch_id != 0)
-		$sql .= " AND ".TB_PREF."grn_batch.id=$grn_batch_id AND ".TB_PREF."grn_items.grn_batch_id=$grn_batch_id ";
+		$sql .= " AND ".TB_PREF."grn_batch.id=".db_escape($grn_batch_id)
+			." AND ".TB_PREF."grn_items.grn_batch_id=".db_escape($grn_batch_id);
 
 	if ($is_invoiced_only)
 		$sql .= " AND ".TB_PREF."grn_items.quantity_inv > 0";
@@ -217,7 +225,7 @@ function get_grn_items($grn_batch_id=0, $supplier_id="", $outstanding_only=false
     	$sql .= " AND ".TB_PREF."grn_items.qty_recd - ".TB_PREF."grn_items.quantity_inv > 0";
 
 	if ($supplier_id != "")
-		$sql .= " AND ".TB_PREF."grn_batch.supplier_id ='$supplier_id' ";
+		$sql .= " AND ".TB_PREF."grn_batch.supplier_id =".db_escape($supplier_id);
 
 	$sql .= " ORDER BY ".TB_PREF."grn_batch.delivery_date, ".TB_PREF."grn_batch.id, ".TB_PREF."grn_items.id";
 
@@ -236,7 +244,7 @@ function get_grn_item_detail($grn_item_no)
 		FROM ".TB_PREF."grn_items, ".TB_PREF."purch_order_details, ".TB_PREF."stock_master
 		WHERE ".TB_PREF."grn_items.po_detail_item=".TB_PREF."purch_order_details.po_detail_item
  			AND ".TB_PREF."stock_master.stock_id=".TB_PREF."grn_items.item_code
-			AND ".TB_PREF."grn_items.id=$grn_item_no";
+			AND ".TB_PREF."grn_items.id=".db_escape($grn_item_no);
 
 	$result = db_query($sql, "could not retreive grn item details");
 	return db_fetch($result);
@@ -279,7 +287,7 @@ function read_grn_items_to_order($grn_batch, &$order)
 
 function read_grn($grn_batch, &$order)
 {
-	$sql= "SELECT *	FROM ".TB_PREF."grn_batch WHERE id=$grn_batch";
+	$sql= "SELECT *	FROM ".TB_PREF."grn_batch WHERE id=".db_escape($grn_batch);
 
 	$result = db_query($sql, "The grn sent is not valid");
 
@@ -305,7 +313,7 @@ function read_grn($grn_batch, &$order)
 
 function get_po_grns($po_number)
 {
-    $sql = "SELECT * FROM ".TB_PREF."grn_batch WHERE purch_order_no=$po_number";
+    $sql = "SELECT * FROM ".TB_PREF."grn_batch WHERE purch_order_no=".db_escape($po_number);
 
 	return db_query($sql, "The grns for the po $po_number could not be retreived");
 }
@@ -314,7 +322,7 @@ function get_po_grns($po_number)
 
 function exists_grn($grn_batch)
 {
-	$sql = "SELECT id FROM ".TB_PREF."grn_batch WHERE id=$grn_batch";
+	$sql = "SELECT id FROM ".TB_PREF."grn_batch WHERE id=".db_escape($grn_batch);
 	$result = db_query($sql, "Cannot retreive a grn");
 
     return (db_num_rows($result) > 0);
@@ -327,7 +335,7 @@ function exists_grn_on_invoices($grn_batch)
 	$sql = "SELECT ".TB_PREF."supp_invoice_items.id FROM ".TB_PREF."supp_invoice_items,".TB_PREF."grn_items
 		WHERE ".TB_PREF."supp_invoice_items.grn_item_id=".TB_PREF."grn_items.id
 		AND quantity != 0
-		AND grn_batch_id=$grn_batch";
+		AND grn_batch_id=".db_escape($grn_batch);
 	$result = db_query($sql, "Cannot query GRNs");
 
     return (db_num_rows($result) > 0);
@@ -344,8 +352,8 @@ function void_grn($grn_batch)
 
 	begin_transaction();
 
-	void_bank_trans(25, $grn_batch, true);
-	void_gl_trans(25, $grn_batch, true);
+	void_bank_trans(ST_SUPPRECEIVE, $grn_batch, true);
+	void_gl_trans(ST_SUPPRECEIVE, $grn_batch, true);
 
 	// clear the quantities of the grn items in the POs and invoices
 	$result = get_grn_items($grn_batch);
@@ -366,12 +374,12 @@ function void_grn($grn_batch)
 
 	// clear the quantities in the grn items
 	$sql = "UPDATE ".TB_PREF."grn_items SET qty_recd=0, quantity_inv=0
-		WHERE grn_batch_id=$grn_batch";
+		WHERE grn_batch_id=".db_escape($grn_batch);
 
 	db_query($sql, "A grn detail item could not be voided.");
 
     // clear the stock move items
-    void_stock_move(25, $grn_batch);
+    void_stock_move(ST_SUPPRECEIVE, $grn_batch);
 
 	commit_transaction();