X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=reporting%2Frep103.php;h=8ee0abbe62971dcf34bee9d819566a171822829e;hb=71575c1115361f37b2035b77917242f60b4bd5c7;hp=f7ae195e8ab2fa9b164487647d511deb439e9013;hpb=d567a10b7925c8bb97c734e213d6651a979af29d;p=fa-stable.git

diff --git a/reporting/rep103.php b/reporting/rep103.php
index f7ae195e..8ee0abbe 100644
--- a/reporting/rep103.php
+++ b/reporting/rep103.php
@@ -9,7 +9,7 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 2;
+$page_security = 'SA_CUSTBULKREP';
 // ----------------------------------------------------------------
 // $ Revision:	2.0 $
 // Creator:	Joe Hunt
@@ -56,18 +56,18 @@ function get_customer_details_for_report($area=0, $salesid=0)
 	if ($area != 0)
 	{
 		if ($salesid != 0)
-			$sql .= " WHERE ".TB_PREF."salesman.salesman_code='$salesid' 
-				AND ".TB_PREF."areas.area_code='$area'";
+			$sql .= " WHERE ".TB_PREF."salesman.salesman_code=".db_escape($salesid)." 
+				AND ".TB_PREF."areas.area_code=".db_escape($area);
 		else		
-			$sql .= " WHERE ".TB_PREF."areas.area_code='$area'";
+			$sql .= " WHERE ".TB_PREF."areas.area_code=".db_escape($area);
 	}
 	elseif ($salesid != 0)
-		$sql .= " WHERE ".TB_PREF."salesman.salesman_code='$salesid'";
+		$sql .= " WHERE ".TB_PREF."salesman.salesman_code=".db_escape($salesid);
 	$sql .= " ORDER BY description,
 			".TB_PREF."salesman.salesman_name,
 			".TB_PREF."debtors_master.debtor_no,
 			".TB_PREF."cust_branch.branch_code";
-					
+
     return db_query($sql,"No transactions were returned");
 }
 
@@ -78,11 +78,11 @@ function getTransactions($debtorno, $branchcode, $date)
 
 	$sql = "SELECT SUM((ov_amount+ov_freight+ov_discount)*rate) AS Turnover
 		FROM ".TB_PREF."debtor_trans
-		WHERE debtor_no='$debtorno'
-		AND branch_code='$branchcode'
-		AND (type=10 or type=11)
+		WHERE debtor_no=".db_escape($debtorno)."
+		AND branch_code=".db_escape($branchcode)."
+		AND (type=".ST_SALESINVOICE." OR type=".ST_CUSTCREDIT.")
 		AND trandate >='$date'";
-		
+
     $result = db_query($sql,"No transactions were returned");
 
 	$row = db_fetch_row($result);
@@ -109,9 +109,9 @@ function print_customer_details_listing()
     
     $dec = 0;
 
-	if ($area == reserved_words::get_all_numeric())
+	if ($area == ALL_NUMERIC)
 		$area = 0;
-	if ($folk == reserved_words::get_all_numeric())
+	if ($folk == ALL_NUMERIC)
 		$folk = 0;
 
 	if ($area == 0)