X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fincludes%2Fdb%2Fbranches_db.inc;h=97d6fa2040b120cd9ceefd816cd5b7f031cdb9fc;hb=e29ab37ef51f39c200c3772e07eeceef0ce39214;hp=2c4eb5228a32840fa70597394c6ea10296ec3d09;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/sales/includes/db/branches_db.inc b/sales/includes/db/branches_db.inc
index 2c4eb522..97d6fa20 100644
--- a/sales/includes/db/branches_db.inc
+++ b/sales/includes/db/branches_db.inc
@@ -1,12 +1,20 @@
 <?php
-
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 function get_branch($branch_id)
 {
 	$sql = "SELECT ".TB_PREF."cust_branch.*,".TB_PREF."salesman.salesman_name 
 		FROM ".TB_PREF."cust_branch, ".TB_PREF."salesman 
 		WHERE ".TB_PREF."cust_branch.salesman=".TB_PREF."salesman.salesman_code 
-		AND branch_code=$branch_id";
+		AND branch_code=".db_escape($branch_id);
 	
 	$result = db_query($sql, "Cannot retreive a customer branch");
 	
@@ -16,7 +24,7 @@ function get_branch($branch_id)
 function get_branch_accounts($branch_id)
 {
 	$sql = "SELECT receivables_account,sales_account, sales_discount_account, payment_discount_account 
-		FROM ".TB_PREF."cust_branch WHERE branch_code=$branch_id";
+		FROM ".TB_PREF."cust_branch WHERE branch_code=".db_escape($branch_id);
 	
 	$result = db_query($sql, "Cannot retreive a customer branch");
 	
@@ -26,7 +34,7 @@ function get_branch_accounts($branch_id)
 function get_branch_name($branch_id)
 {
 	$sql = "SELECT br_name FROM ".TB_PREF."cust_branch 
-		WHERE branch_code = '$branch_id'";
+		WHERE branch_code = ".db_escape($branch_id);
 
 	$result = db_query($sql,"could not retreive name for branch" . $branch_id);
 
@@ -34,4 +42,11 @@ function get_branch_name($branch_id)
 	return $myrow[0];
 }
 
+function get_cust_branches_from_group($group_no)
+{
+	$sql = "SELECT branch_code, debtor_no FROM ".TB_PREF."cust_branch 
+		WHERE group_no = ".db_escape($group_no);
+
+	return db_query($sql,"could not retreive branches for group " . $group_no);
+}
 ?>
\ No newline at end of file