X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Fincludes%2Fdb%2Finvoice_items_db.inc;h=e851f5734d76b4581a30674eafb269412d7915a9;hb=9a98bb3bc7a94f1a8e47f8dab45a87c8b4212080;hp=369573547264967b554a6b4b2c5c287f7adf1362;hpb=4e436722cb991b7273c08bdc1dc53b5390772972;p=fa-stable.git

diff --git a/purchasing/includes/db/invoice_items_db.inc b/purchasing/includes/db/invoice_items_db.inc
index 36957354..e851f573 100644
--- a/purchasing/includes/db/invoice_items_db.inc
+++ b/purchasing/includes/db/invoice_items_db.inc
@@ -1,13 +1,13 @@
 <?php
 /**********************************************************************
     Copyright (C) FrontAccounting, LLC.
-	Released under the terms of the GNU Affero General Public License,
-	AGPL, as published by the Free Software Foundation, either version 
-	3 of the License, or (at your option) any later version.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
-    See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
 //-------------------------------------------------------------------------------------------------------------
 
@@ -17,9 +17,11 @@ function add_supp_invoice_item($supp_trans_type, $supp_trans_no, $stock_id, $des
 {
 	$sql = "INSERT INTO ".TB_PREF."supp_invoice_items (supp_trans_type, supp_trans_no, stock_id, description, gl_code, unit_price, unit_tax, quantity,
 	  	grn_item_id, po_detail_item_id, memo_) ";
-	$sql .= "VALUES ($supp_trans_type, $supp_trans_no, ".db_escape($stock_id).
-	", ".db_escape($description).", ".db_escape($gl_code).", $unit_price, $unit_tax, $quantity,
-		$grn_item_id, $po_detail_item_id, ".db_escape($memo_).")";
+	$sql .= "VALUES (".db_escape($supp_trans_type).", ".db_escape($supp_trans_no).", "
+		.db_escape($stock_id).
+	", ".db_escape($description).", ".db_escape($gl_code).", ".db_escape($unit_price)
+	.", ".db_escape($unit_tax).", ".db_escape($quantity).",
+		".db_escape($grn_item_id).", ".db_escape($po_detail_item_id).", ".db_escape($memo_).")";
 
 	if ($err_msg == "")
 		$err_msg = "Cannot insert a supplier transaction detail record";
@@ -42,9 +44,11 @@ function add_supp_invoice_gl_item($supp_trans_type, $supp_trans_no, $gl_code, $a
 
 function get_supp_invoice_items($supp_trans_type, $supp_trans_no)
 {
-	$sql = "SELECT *, unit_price AS FullUnitPrice FROM ".TB_PREF."supp_invoice_items
-		WHERE supp_trans_type = $supp_trans_type
-		AND supp_trans_no = $supp_trans_no ORDER BY id";
+	$sql = "SELECT *, unit_price AS FullUnitPrice FROM "
+		.TB_PREF."supp_invoice_items inv LEFT JOIN ".TB_PREF."grn_items grn ON grn.id =inv.grn_item_id
+		WHERE supp_trans_type = ".db_escape($supp_trans_type)."
+		AND supp_trans_no = ".db_escape($supp_trans_no)
+		." ORDER BY inv.id";
 	return db_query($sql, "Cannot retreive supplier transaction detail records");
 }
 
@@ -53,7 +57,7 @@ function get_supp_invoice_items($supp_trans_type, $supp_trans_no)
 function void_supp_invoice_items($type, $type_no)
 {
 	$sql = "UPDATE ".TB_PREF."supp_invoice_items SET quantity=0, unit_price=0
-		WHERE supp_trans_type = $type AND supp_trans_no=$type_no";
+		WHERE supp_trans_type = ".db_escape($type)." AND supp_trans_no=".db_escape($type_no);
 	db_query($sql, "could not void supptrans details");
 }