X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Fincludes%2Fdb%2Fsuppliers_db.inc;h=dd72a6cf94efa8628354bc9648ffe26fc31c699c;hb=508b54ee5cef13ac64f1532dfedfb7b242aa9077;hp=69acd8dc6c5e23791ccc335ee2d86bd22a763ca6;hpb=c09be0dad6b05131e240349a375af7a4b7bf3444;p=fa-stable.git

diff --git a/purchasing/includes/db/suppliers_db.inc b/purchasing/includes/db/suppliers_db.inc
index 69acd8dc..dd72a6cf 100644
--- a/purchasing/includes/db/suppliers_db.inc
+++ b/purchasing/includes/db/suppliers_db.inc
@@ -1,5 +1,14 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 function get_supplier_details($supplier_id, $to=null)
 {
 
@@ -12,7 +21,7 @@ function get_supplier_details($supplier_id, $to=null)
 	// removed - supp_trans.alloc from all summations
 
     $value = "(".TB_PREF."supp_trans.ov_amount + ".TB_PREF."supp_trans.ov_gst + ".TB_PREF."supp_trans.ov_discount)";
-	$due = "IF (".TB_PREF."supp_trans.type=20 OR ".TB_PREF."supp_trans.type=21,".TB_PREF."supp_trans.due_date,".TB_PREF."supp_trans.tran_date)";
+	$due = "IF (".TB_PREF."supp_trans.type=".ST_SUPPINVOICE." OR ".TB_PREF."supp_trans.type=".ST_SUPPCREDIT.",".TB_PREF."supp_trans.due_date,".TB_PREF."supp_trans.tran_date)";
     $sql = "SELECT ".TB_PREF."suppliers.supp_name, ".TB_PREF."suppliers.curr_code, ".TB_PREF."payment_terms.terms,
 
 		Sum($value) AS Balance,
@@ -51,7 +60,7 @@ function get_supplier_details($supplier_id, $to=null)
 				 ".TB_PREF."payment_terms
 			WHERE
 				 ".TB_PREF."suppliers.payment_terms = ".TB_PREF."payment_terms.terms_indicator
-				 AND ".TB_PREF."suppliers.supplier_id = '$supplier_id'";
+				 AND ".TB_PREF."suppliers.supplier_id = ".db_escape($supplier_id);
 
     	$result = db_query($sql,"The customer details could not be retrieved");
 
@@ -77,7 +86,7 @@ function get_supplier_details($supplier_id, $to=null)
 
 function get_supplier($supplier_id)
 {
-	$sql = "SELECT * FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+	$sql = "SELECT * FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
 
 	$result = db_query($sql, "could not get supplier");
 
@@ -86,7 +95,7 @@ function get_supplier($supplier_id)
 
 function get_supplier_name($supplier_id)
 {
-	$sql = "SELECT supp_name AS name FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+	$sql = "SELECT supp_name AS name FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
 
 	$result = db_query($sql, "could not get supplier");
 
@@ -97,7 +106,7 @@ function get_supplier_name($supplier_id)
 
 function get_supplier_accounts($supplier_id)
 {
-	$sql = "SELECT payable_account,purchase_account,payment_discount_account FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+	$sql = "SELECT payable_account,purchase_account,payment_discount_account FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
 
 	$result = db_query($sql, "could not get supplier");