X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Fincludes%2Fdb%2Fsupp_trans_db.inc;h=4ba8d7bac65d57517c4f6f1eb41f595c418e17a5;hb=45a035785b9a820621da56dec93078b3ccd9832e;hp=716929c8699ab34cc4525b4c224d18cecabec034;hpb=bf00f0e16df5974ecba17b59be8bc660bdf6b8a8;p=fa-stable.git

diff --git a/purchasing/includes/db/supp_trans_db.inc b/purchasing/includes/db/supp_trans_db.inc
index 716929c8..4ba8d7ba 100644
--- a/purchasing/includes/db/supp_trans_db.inc
+++ b/purchasing/includes/db/supp_trans_db.inc
@@ -1,5 +1,14 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 //-------------------------------------------------------------------------------------------------------------
 
 function add_supp_trans($type, $supplier_id, $date_, $due_date, $reference, $supp_reference,
@@ -21,13 +30,16 @@ function add_supp_trans($type, $supplier_id, $date_, $due_date, $reference, $sup
 
 	$sql = "INSERT INTO ".TB_PREF."supp_trans (trans_no, type, supplier_id, tran_date, due_date,
 		reference, supp_reference, ov_amount, ov_gst, rate, ov_discount) ";
-	$sql .= "VALUES ($trans_no, $type, $supplier_id, '$date', '$due_date',
-		".db_escape($reference).", ".db_escape($supp_reference).", $amount, $amount_tax, $rate, $discount)";
+	$sql .= "VALUES (".db_escape($trans_no).", ".db_escape($type)
+	.", ".db_escape($supplier_id).", '$date', '$due_date',
+		".db_escape($reference).", ".db_escape($supp_reference).", ".db_escape($amount)
+		.", ".db_escape($amount_tax).", ".db_escape($rate).", ".db_escape($discount).")";
 
 	if ($err_msg == "")
 		$err_msg = "Cannot insert a supplier transaction record";
 
 	db_query($sql, $err_msg);
+	add_audit_trail($type, $trans_no, $date_);
 
 	return $trans_no;
 }
@@ -39,7 +51,7 @@ function get_supp_trans($trans_no, $trans_type=-1)
 	$sql = "SELECT ".TB_PREF."supp_trans.*, (".TB_PREF."supp_trans.ov_amount+".TB_PREF."supp_trans.ov_gst+".TB_PREF."supp_trans.ov_discount) AS Total,
 		".TB_PREF."suppliers.supp_name AS supplier_name, ".TB_PREF."suppliers.curr_code AS SupplierCurrCode ";
 
-	if ($trans_type == 22)
+	if ($trans_type == ST_SUPPAYMENT)
 	{
 		// it's a payment so also get the bank account
 		$sql .= ", ".TB_PREF."bank_accounts.bank_name, ".TB_PREF."bank_accounts.bank_account_name, ".TB_PREF."bank_accounts.bank_curr_code,
@@ -49,23 +61,23 @@ function get_supp_trans($trans_no, $trans_type=-1)
 
 	$sql .= " FROM ".TB_PREF."supp_trans, ".TB_PREF."suppliers ";
 
-	if ($trans_type == 22)
+	if ($trans_type == ST_SUPPAYMENT)
 	{
 		// it's a payment so also get the bank account
 		$sql .= ", ".TB_PREF."bank_trans, ".TB_PREF."bank_accounts";
 	}
 
-	$sql .= " WHERE ".TB_PREF."supp_trans.trans_no=$trans_no
+	$sql .= " WHERE ".TB_PREF."supp_trans.trans_no=".db_escape($trans_no)."
 		AND ".TB_PREF."supp_trans.supplier_id=".TB_PREF."suppliers.supplier_id";
 
 	if ($trans_type > 0)
-		$sql .= " AND ".TB_PREF."supp_trans.type=$trans_type ";
+		$sql .= " AND ".TB_PREF."supp_trans.type=".db_escape($trans_type);
 
-	if ($trans_type == 22)
+	if ($trans_type == ST_SUPPAYMENT)
 	{
 		// it's a payment so also get the bank account
-		$sql .= " AND ".TB_PREF."bank_trans.trans_no =$trans_no
-			AND ".TB_PREF."bank_trans.type=$trans_type
+		$sql .= " AND ".TB_PREF."bank_trans.trans_no =".db_escape($trans_no)."
+			AND ".TB_PREF."bank_trans.type=".db_escape($trans_type)."
 			AND ".TB_PREF."bank_accounts.id=".TB_PREF."bank_trans.bank_act ";
 	}
 
@@ -95,8 +107,8 @@ function exists_supp_trans($type, $type_no)
 	if ($type == 25)
 		return exists_grn($type_no);
 
-	$sql = "SELECT trans_no FROM ".TB_PREF."supp_trans WHERE type=$type
-		AND trans_no=$type_no";
+	$sql = "SELECT trans_no FROM ".TB_PREF."supp_trans WHERE type=".db_escape($type)."
+		AND trans_no=".db_escape($type_no);
 	$result = db_query($sql, "Cannot retreive a supplier transaction");
 
     return (db_num_rows($result) > 0);
@@ -107,7 +119,7 @@ function exists_supp_trans($type, $type_no)
 function void_supp_trans($type, $type_no)
 {
 	$sql = "UPDATE ".TB_PREF."supp_trans SET ov_amount=0, ov_discount=0, ov_gst=0,
-		alloc=0 WHERE type=$type AND trans_no=$type_no";
+		alloc=0 WHERE type=".db_escape($type)." AND trans_no=".db_escape($type_no);
 
 	db_query($sql, "could not void supp transactions for type=$type and trans_no=$type_no");
 }
@@ -116,19 +128,19 @@ function void_supp_trans($type, $type_no)
 
 function post_void_supp_trans($type, $type_no)
 {
-	if ($type == 22)
+	if ($type == ST_SUPPAYMENT)
 	{
 		void_supp_payment($type, $type_no);
 		return true;
 	}
 
-	if ($type == 20 || $type == 21)
+	if ($type == ST_SUPPINVOICE || $type == ST_SUPPCREDIT)
 	{
 	 	void_supp_invoice($type, $type_no);
 		return true;
 	}
 
-	if ($type == 25)
+	if ($type == SUPPRECEIVE)
 	{
 	 	return void_grn($type_no);
 	}