X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Fincludes%2Fdb%2Fpo_db.inc;h=e89d96033a93714bdffa468d0953b8ed684c3beb;hb=14bede88ad8adbbd68b4cd422171d3938693d8b0;hp=350b828086d0074c5ab21c43a2dc446c777dac70;hpb=231addc23887aa8b906dca18ea0b2a6fe63c3c39;p=fa-stable.git diff --git a/purchasing/includes/db/po_db.inc b/purchasing/includes/db/po_db.inc index 350b8280..e89d9603 100644 --- a/purchasing/includes/db/po_db.inc +++ b/purchasing/includes/db/po_db.inc @@ -13,10 +13,10 @@ function delete_po($po) { - $sql = "DELETE FROM ".TB_PREF."purch_orders WHERE order_no=" . $po; + $sql = "DELETE FROM ".TB_PREF."purch_orders WHERE order_no=".db_escape($po); db_query($sql, "The order header could not be deleted"); - $sql = "DELETE FROM ".TB_PREF."purch_order_details WHERE order_no =" . $po; + $sql = "DELETE FROM ".TB_PREF."purch_order_details WHERE order_no =".db_escape($po); db_query($sql, "The order detail lines could not be deleted"); } @@ -24,14 +24,16 @@ function delete_po($po) function add_po(&$po_obj) { + global $Refs; + begin_transaction(); /*Insert to purchase order header record */ $sql = "INSERT INTO ".TB_PREF."purch_orders (supplier_id, Comments, ord_date, reference, requisition_no, into_stock_location, delivery_address) VALUES("; $sql .= db_escape($po_obj->supplier_id) . "," . db_escape($po_obj->Comments) . ",'" . - date2sql($po_obj->orig_order_date) . "', '" . - $po_obj->reference . "', " . + date2sql($po_obj->orig_order_date) . "', " . + db_escape($po_obj->reference) . ", " . db_escape($po_obj->requisition_no) . ", " . db_escape($po_obj->Location) . ", " . db_escape($po_obj->delivery_address) . ")"; @@ -50,17 +52,17 @@ function add_po(&$po_obj) $sql .= $po_obj->order_no . ", " . db_escape($po_line->stock_id). "," . db_escape($po_line->item_description). ",'" . date2sql($po_line->req_del_date) . "'," . - $po_line->price . ", " . - $po_line->quantity . ")"; + db_escape($po_line->price) . ", " . + db_escape($po_line->quantity). ")"; db_query($sql, "One of the purchase order detail records could not be inserted"); } } - references::save_last($po_obj->reference, systypes::po()); + $Refs->save(ST_PURCHORDER, $po_obj->order_no, $po_obj->reference); - //add_comments(systypes::po(), $po_obj->order_no, $po_obj->orig_order_date, $po_obj->Comments); + //add_comments(ST_PURCHORDER, $po_obj->order_no, $po_obj->orig_order_date, $po_obj->Comments); - add_audit_trail(systypes::po(), systypes::po(), $po_obj->orig_order_date); + add_audit_trail(ST_PURCHORDER, $po_obj->order_no, $po_obj->orig_order_date); commit_transaction(); return $po_obj->order_no; @@ -90,7 +92,7 @@ function update_po(&$po_obj) // Sherifoz 21.06.03 Handle deleting existing lines if ($po_line->po_detail_rec!='') { - $sql = "DELETE FROM ".TB_PREF."purch_order_details WHERE po_detail_item='" . $po_line->po_detail_rec . "'"; + $sql = "DELETE FROM ".TB_PREF."purch_order_details WHERE po_detail_item=".db_escape($po_line->po_detail_rec); db_query($sql, "could not query purch order details"); } } @@ -102,21 +104,21 @@ function update_po(&$po_obj) db_escape($po_line->stock_id). "," . db_escape($po_line->item_description). ",'" . date2sql($po_line->req_del_date) . "'," . - $po_line->price . ", " . $po_line->quantity . ")"; + db_escape($po_line->price) . ", ".db_escape($po_line->quantity) . ")"; } else { - $sql = "UPDATE ".TB_PREF."purch_order_details SET item_code='" . $po_line->stock_id . "', + $sql = "UPDATE ".TB_PREF."purch_order_details SET item_code=".db_escape($po_line->stock_id).", description =" . db_escape($po_line->item_description). ", delivery_date ='" . date2sql($po_line->req_del_date) . "', - unit_price=" . $po_line->price . ", - quantity_ordered=" . $po_line->quantity . " - WHERE po_detail_item=" . $po_line->po_detail_rec; + unit_price=".db_escape($po_line->price).", + quantity_ordered=".db_escape($po_line->quantity) . " + WHERE po_detail_item=".db_escape($po_line->po_detail_rec); } db_query($sql, "One of the purchase order detail records could not be updated"); } - //add_comments(systypes::po(), $po_obj->order_no, $po_obj->orig_order_date, $po_obj->Comments); + //add_comments(ST_PURCHORDER, $po_obj->order_no, $po_obj->orig_order_date, $po_obj->Comments); commit_transaction(); @@ -132,7 +134,7 @@ function read_po_header($order_no, &$order) FROM ".TB_PREF."purch_orders, ".TB_PREF."suppliers, ".TB_PREF."locations WHERE ".TB_PREF."purch_orders.supplier_id = ".TB_PREF."suppliers.supplier_id AND ".TB_PREF."locations.loc_code = into_stock_location - AND ".TB_PREF."purch_orders.order_no = " . $order_no; + AND ".TB_PREF."purch_orders.order_no = ".db_escape($order_no); $result = db_query($sql, "The order cannot be retrieved"); @@ -170,7 +172,7 @@ function read_po_items($order_no, &$order, $open_items_only=false) FROM ".TB_PREF."purch_order_details LEFT JOIN ".TB_PREF."stock_master ON ".TB_PREF."purch_order_details.item_code=".TB_PREF."stock_master.stock_id - WHERE order_no =$order_no "; + WHERE order_no =".db_escape($order_no); if ($open_items_only) $sql .= " AND (".TB_PREF."purch_order_details.quantity_ordered > ".TB_PREF."purch_order_details.quantity_received) "; @@ -184,13 +186,14 @@ function read_po_items($order_no, &$order, $open_items_only=false) while ($myrow = db_fetch($result)) { + $data = get_purchase_data($order->supplier_id, $myrow['item_code']); if ($data !== false) { if ($data['supplier_description'] != "") $myrow['description'] = $data['supplier_description']; - if ($data['suppliers_uom'] != "") - $myrow['units'] = $data['suppliers_uom']; + //if ($data['suppliers_uom'] != "") + // $myrow['units'] = $data['suppliers_uom']; } if (is_null($myrow["units"])) { @@ -201,13 +204,13 @@ function read_po_items($order_no, &$order, $open_items_only=false) $units = $myrow["units"]; } - $order->add_to_order($order->lines_on_order+1, $myrow["item_code"], + if ($order->add_to_order($order->lines_on_order+1, $myrow["item_code"], $myrow["quantity_ordered"],$myrow["description"], $myrow["unit_price"],$units, sql2date($myrow["delivery_date"]), - $myrow["qty_invoiced"], $myrow["quantity_received"]); - - $order->line_items[$order->lines_on_order]->po_detail_rec = $myrow["po_detail_item"]; - $order->line_items[$order->lines_on_order]->standard_cost = $myrow["std_cost_unit"]; /*Needed for receiving goods and GL interface */ + $myrow["qty_invoiced"], $myrow["quantity_received"])) { + $order->line_items[$order->lines_on_order]->po_detail_rec = $myrow["po_detail_item"]; + $order->line_items[$order->lines_on_order]->standard_cost = $myrow["std_cost_unit"]; /*Needed for receiving goods and GL interface */ + } } /* line po from purchase order details */ } //end of checks on returned data set } @@ -224,5 +227,126 @@ function read_po($order_no, &$order, $open_items_only=false) //---------------------------------------------------------------------------------------- +function get_po_items($order_no) +{ + $sql = "SELECT item_code, quantity_ordered, quantity_received, qty_invoiced + FROM ".TB_PREF."purch_order_details + WHERE order_no=".db_escape($order_no) + ." ORDER BY po_detail_item"; + + $result = db_query($sql, "could not query purch order details"); + check_db_error("Could not check that the details of the purchase order had not been changed by another user ", $sql); + return $result; +} +//---------------------------------------------------------------------------------------- + +function get_short_info($stock_id) +{ + $sql = "SELECT description, units, mb_flag + FROM ".TB_PREF."stock_master WHERE stock_id = ".db_escape($stock_id); + + return db_query($sql,"The stock details for " . $stock_id . " could not be retrieved"); +} + +function get_sql_for_po_search_completed() +{ + global $order_number, $selected_stock_item;; + + $sql = "SELECT + porder.order_no, + porder.reference, + supplier.supp_name, + location.location_name, + porder.requisition_no, + porder.ord_date, + supplier.curr_code, + Sum(line.unit_price*line.quantity_ordered) AS OrderValue, + porder.into_stock_location + FROM ".TB_PREF."purch_orders as porder, " + .TB_PREF."purch_order_details as line, " + .TB_PREF."suppliers as supplier, " + .TB_PREF."locations as location + WHERE porder.order_no = line.order_no + AND porder.supplier_id = supplier.supplier_id + AND location.loc_code = porder.into_stock_location "; + + if (isset($order_number) && $order_number != "") + { + $sql .= "AND porder.reference LIKE ".db_escape('%'. $order_number . '%'); + } + else + { + + $data_after = date2sql($_POST['OrdersAfterDate']); + $date_before = date2sql($_POST['OrdersToDate']); + + $sql .= " AND porder.ord_date >= '$data_after'"; + $sql .= " AND porder.ord_date <= '$date_before'"; + if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT) + { + $sql .= " AND porder.into_stock_location = ".db_escape($_POST['StockLocation']); + } + if (isset($selected_stock_item)) + { + $sql .= " AND line.item_code=".db_escape($selected_stock_item); + } + + } //end not order number selected + + $sql .= " GROUP BY porder.order_no"; + return $sql; +} + +function get_sql_for_po_search() +{ + global $all_items, $order_number, $selected_stock_item;; + + $sql = "SELECT + porder.order_no, + porder.reference, + supplier.supp_name, + location.location_name, + porder.requisition_no, + porder.ord_date, + supplier.curr_code, + Sum(line.unit_price*line.quantity_ordered) AS OrderValue, + Sum(line.delivery_date < '". date2sql(Today()) ."' + AND (line.quantity_ordered > line.quantity_received)) As OverDue + FROM " + .TB_PREF."purch_orders as porder, " + .TB_PREF."purch_order_details as line, " + .TB_PREF."suppliers as supplier, " + .TB_PREF."locations as location + WHERE porder.order_no = line.order_no + AND porder.supplier_id = supplier.supplier_id + AND location.loc_code = porder.into_stock_location + AND (line.quantity_ordered > line.quantity_received) "; + + if (isset($order_number) && $order_number != "") + { + $sql .= "AND porder.reference LIKE ".db_escape('%'. $order_number . '%'); + } + else + { + $data_after = date2sql($_POST['OrdersAfterDate']); + $data_before = date2sql($_POST['OrdersToDate']); + + $sql .= " AND porder.ord_date >= '$data_after'"; + $sql .= " AND porder.ord_date <= '$data_before'"; + + if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != $all_items) + { + $sql .= " AND porder.into_stock_location = ".db_escape($_POST['StockLocation']); + } + + if (isset($selected_stock_item)) + { + $sql .= " AND line.item_code=".db_escape($selected_stock_item); + } + } //end not order number selected + + $sql .= " GROUP BY porder.order_no"; + return $sql; +} ?> \ No newline at end of file