X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Fincludes%2Fdb%2Fsuppliers_db.inc;h=dd72a6cf94efa8628354bc9648ffe26fc31c699c;hb=b5c5d915d8ce6e85605dce6efc5d2b61ea02f3ee;hp=eaead9ecb890e81c48c2a031129c0b5120f84fe6;hpb=d567a10b7925c8bb97c734e213d6651a979af29d;p=fa-stable.git

diff --git a/purchasing/includes/db/suppliers_db.inc b/purchasing/includes/db/suppliers_db.inc
index eaead9ec..dd72a6cf 100644
--- a/purchasing/includes/db/suppliers_db.inc
+++ b/purchasing/includes/db/suppliers_db.inc
@@ -21,7 +21,7 @@ function get_supplier_details($supplier_id, $to=null)
 	// removed - supp_trans.alloc from all summations
 
     $value = "(".TB_PREF."supp_trans.ov_amount + ".TB_PREF."supp_trans.ov_gst + ".TB_PREF."supp_trans.ov_discount)";
-	$due = "IF (".TB_PREF."supp_trans.type=20 OR ".TB_PREF."supp_trans.type=21,".TB_PREF."supp_trans.due_date,".TB_PREF."supp_trans.tran_date)";
+	$due = "IF (".TB_PREF."supp_trans.type=".ST_SUPPINVOICE." OR ".TB_PREF."supp_trans.type=".ST_SUPPCREDIT.",".TB_PREF."supp_trans.due_date,".TB_PREF."supp_trans.tran_date)";
     $sql = "SELECT ".TB_PREF."suppliers.supp_name, ".TB_PREF."suppliers.curr_code, ".TB_PREF."payment_terms.terms,
 
 		Sum($value) AS Balance,
@@ -60,7 +60,7 @@ function get_supplier_details($supplier_id, $to=null)
 				 ".TB_PREF."payment_terms
 			WHERE
 				 ".TB_PREF."suppliers.payment_terms = ".TB_PREF."payment_terms.terms_indicator
-				 AND ".TB_PREF."suppliers.supplier_id = '$supplier_id'";
+				 AND ".TB_PREF."suppliers.supplier_id = ".db_escape($supplier_id);
 
     	$result = db_query($sql,"The customer details could not be retrieved");
 
@@ -86,7 +86,7 @@ function get_supplier_details($supplier_id, $to=null)
 
 function get_supplier($supplier_id)
 {
-	$sql = "SELECT * FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+	$sql = "SELECT * FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
 
 	$result = db_query($sql, "could not get supplier");
 
@@ -95,7 +95,7 @@ function get_supplier($supplier_id)
 
 function get_supplier_name($supplier_id)
 {
-	$sql = "SELECT supp_name AS name FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+	$sql = "SELECT supp_name AS name FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
 
 	$result = db_query($sql, "could not get supplier");
 
@@ -106,7 +106,7 @@ function get_supplier_name($supplier_id)
 
 function get_supplier_accounts($supplier_id)
 {
-	$sql = "SELECT payable_account,purchase_account,payment_discount_account FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+	$sql = "SELECT payable_account,purchase_account,payment_discount_account FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
 
 	$result = db_query($sql, "could not get supplier");