X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=reporting%2Frep209.php;h=b6b88a4572ee85b310b3493d5109b019c5594441;hb=af78fbb535a6fedbc2eb70a26ddc39739be2b986;hp=7bd5c4ae1cbe5635ca880bc5ba12e474529d15b1;hpb=902f1015d874c33bd7946b17de2ad80b4f2144b6;p=fa-stable.git diff --git a/reporting/rep209.php b/reporting/rep209.php index 7bd5c4ae..b6b88a45 100644 --- a/reporting/rep209.php +++ b/reporting/rep209.php @@ -37,7 +37,7 @@ function get_po($order_no) FROM ".TB_PREF."purch_orders, ".TB_PREF."suppliers, ".TB_PREF."locations WHERE ".TB_PREF."purch_orders.supplier_id = ".TB_PREF."suppliers.supplier_id AND ".TB_PREF."locations.loc_code = into_stock_location - AND ".TB_PREF."purch_orders.order_no = " . $order_no; + AND ".TB_PREF."purch_orders.order_no = ".db_escape($order_no); $result = db_query($sql, "The order cannot be retrieved"); return db_fetch($result); } @@ -48,7 +48,7 @@ function get_po_details($order_no) FROM ".TB_PREF."purch_order_details LEFT JOIN ".TB_PREF."stock_master ON ".TB_PREF."purch_order_details.item_code=".TB_PREF."stock_master.stock_id - WHERE order_no =$order_no "; + WHERE order_no =".db_escape($order_no)." "; $sql .= " ORDER BY po_detail_item"; return db_query($sql, "Retreive order Line Items"); } @@ -62,9 +62,8 @@ function print_po() $from = $_POST['PARAM_0']; $to = $_POST['PARAM_1']; $currency = $_POST['PARAM_2']; - $bankaccount = $_POST['PARAM_3']; - $email = $_POST['PARAM_4']; - $comments = $_POST['PARAM_5']; + $email = $_POST['PARAM_3']; + $comments = $_POST['PARAM_4']; if ($from == null) $from = 0; @@ -77,10 +76,8 @@ function print_po() // $headers in doctext.inc $aligns = array('left', 'left', 'left', 'right', 'left', 'right', 'right'); - $params = array('comments' => $comments, - 'bankaccount' => $bankaccount); + $params = array('comments' => $comments); - $baccount = get_bank_account($params['bankaccount']); $cur = get_company_Pref('curr_default'); if ($email == 0) @@ -94,6 +91,8 @@ function print_po() for ($i = $from; $i <= $to; $i++) { $myrow = get_po($i); + $baccount = get_default_bank_account($myrow['curr_code']); + $params['bankaccount'] = $baccount['id']; if ($email == 1) {