X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Fincludes%2Fdb%2Fsupp_trans_db.inc;h=9c51f904dd368cecc7f20a9a2c7b34270a693683;hb=54d84ff9a67620ab38c676cdbcf87853632724f0;hp=975fe428001eb6fc4d024048434079be1b4742cd;hpb=654b2cb832f5ad2313cfbbd98832681fae05943a;p=fa-stable.git

diff --git a/purchasing/includes/db/supp_trans_db.inc b/purchasing/includes/db/supp_trans_db.inc
index 975fe428..9c51f904 100644
--- a/purchasing/includes/db/supp_trans_db.inc
+++ b/purchasing/includes/db/supp_trans_db.inc
@@ -1,5 +1,14 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 //-------------------------------------------------------------------------------------------------------------
 
 function add_supp_trans($type, $supplier_id, $date_, $due_date, $reference, $supp_reference,
@@ -21,8 +30,10 @@ function add_supp_trans($type, $supplier_id, $date_, $due_date, $reference, $sup
 
 	$sql = "INSERT INTO ".TB_PREF."supp_trans (trans_no, type, supplier_id, tran_date, due_date,
 		reference, supp_reference, ov_amount, ov_gst, rate, ov_discount) ";
-	$sql .= "VALUES ($trans_no, $type, $supplier_id, '$date', '$due_date',
-		".db_escape($reference).", ".db_escape($supp_reference).", $amount, $amount_tax, $rate, $discount)";
+	$sql .= "VALUES (".db_escape($trans_no).", ".db_escape($type)
+	.", ".db_escape($supplier_id).", '$date', '$due_date',
+		".db_escape($reference).", ".db_escape($supp_reference).", ".db_escape($amount)
+		.", ".db_escape($amount_tax).", ".db_escape($rate).", ".db_escape($discount).")";
 
 	if ($err_msg == "")
 		$err_msg = "Cannot insert a supplier transaction record";
@@ -43,7 +54,7 @@ function get_supp_trans($trans_no, $trans_type=-1)
 	{
 		// it's a payment so also get the bank account
 		$sql .= ", ".TB_PREF."bank_accounts.bank_name, ".TB_PREF."bank_accounts.bank_account_name, ".TB_PREF."bank_accounts.bank_curr_code,
-			".TB_PREF."bank_trans_types.name AS BankTransType, ".TB_PREF."bank_trans.amount AS BankAmount,
+			".TB_PREF."bank_accounts.account_type AS BankTransType, ".TB_PREF."bank_trans.amount AS BankAmount,
 			".TB_PREF."bank_trans.ref ";
 	}
 
@@ -52,22 +63,21 @@ function get_supp_trans($trans_no, $trans_type=-1)
 	if ($trans_type == 22)
 	{
 		// it's a payment so also get the bank account
-		$sql .= ", ".TB_PREF."bank_trans, ".TB_PREF."bank_accounts, ".TB_PREF."bank_trans_types ";
+		$sql .= ", ".TB_PREF."bank_trans, ".TB_PREF."bank_accounts";
 	}
 
-	$sql .= " WHERE ".TB_PREF."supp_trans.trans_no=$trans_no
+	$sql .= " WHERE ".TB_PREF."supp_trans.trans_no=".db_escape($trans_no)."
 		AND ".TB_PREF."supp_trans.supplier_id=".TB_PREF."suppliers.supplier_id";
 
 	if ($trans_type > 0)
-		$sql .= " AND ".TB_PREF."supp_trans.type=$trans_type ";
+		$sql .= " AND ".TB_PREF."supp_trans.type=".db_escape($trans_type);
 
 	if ($trans_type == 22)
 	{
 		// it's a payment so also get the bank account
-		$sql .= " AND ".TB_PREF."bank_trans.trans_no =$trans_no
-			AND ".TB_PREF."bank_trans.type=$trans_type
-			AND ".TB_PREF."bank_trans_types.id = ".TB_PREF."bank_trans.bank_trans_type_id
-			AND ".TB_PREF."bank_accounts.account_code=".TB_PREF."bank_trans.bank_act ";
+		$sql .= " AND ".TB_PREF."bank_trans.trans_no =".db_escape($trans_no)."
+			AND ".TB_PREF."bank_trans.type=".db_escape($trans_type)."
+			AND ".TB_PREF."bank_accounts.id=".TB_PREF."bank_trans.bank_act ";
 	}
 
 	$result = db_query($sql, "Cannot retreive a supplier transaction");
@@ -91,39 +101,13 @@ function get_supp_trans($trans_no, $trans_type=-1)
 
 //----------------------------------------------------------------------------------------
 
-function get_supplier_transactions($extra_fields=null, $extra_conditions=null, $extra_tables=null)
-{
-	$sql = "SELECT ".TB_PREF."supp_trans.*,
-		ov_amount+ov_gst+ov_discount AS Total,
-		".TB_PREF."suppliers.supp_name, ".TB_PREF."suppliers.address,
-		".TB_PREF."suppliers.curr_code ";
-
-	if ($extra_fields)
-		$sql .= ", $extra_fields ";
-
-	$sql .= " FROM ".TB_PREF."supp_trans, ".TB_PREF."suppliers ";
-	if ($extra_tables)
-		$sql .= " ,$extra_tables ";
-
-	$sql .= " WHERE ".TB_PREF."supp_trans.supplier_id=".TB_PREF."suppliers.supplier_id";
-
-	if ($extra_conditions)
-		$sql .= " AND $extra_conditions ";
-
-	$sql .= " ORDER BY trans_no";
-
-	return db_query($sql, "Cannot retreive supplier transactions");
-}
-
-//----------------------------------------------------------------------------------------
-
 function exists_supp_trans($type, $type_no)
 {
 	if ($type == 25)
 		return exists_grn($type_no);
 
-	$sql = "SELECT trans_no FROM ".TB_PREF."supp_trans WHERE type=$type
-		AND trans_no=$type_no";
+	$sql = "SELECT trans_no FROM ".TB_PREF."supp_trans WHERE type=".db_escape($type)."
+		AND trans_no=".db_escape($type_no);
 	$result = db_query($sql, "Cannot retreive a supplier transaction");
 
     return (db_num_rows($result) > 0);
@@ -134,7 +118,7 @@ function exists_supp_trans($type, $type_no)
 function void_supp_trans($type, $type_no)
 {
 	$sql = "UPDATE ".TB_PREF."supp_trans SET ov_amount=0, ov_discount=0, ov_gst=0,
-		alloc=0 WHERE type=$type AND trans_no=$type_no";
+		alloc=0 WHERE type=".db_escape($type)." AND trans_no=".db_escape($type_no);
 
 	db_query($sql, "could not void supp transactions for type=$type and trans_no=$type_no");
 }