X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fincludes%2Fdb%2Fcredit_status_db.inc;h=ab0ade98765ddc20d025cf07fb5ba723eaafb826;hb=e27f352665019d956e8bb4dc4b4086146f6e0535;hp=411cdfd5ad64b9a1ed5f962d6e00d029620117af;hpb=d567a10b7925c8bb97c734e213d6651a979af29d;p=fa-stable.git

diff --git a/sales/includes/db/credit_status_db.inc b/sales/includes/db/credit_status_db.inc
index 411cdfd5..ab0ade98 100644
--- a/sales/includes/db/credit_status_db.inc
+++ b/sales/includes/db/credit_status_db.inc
@@ -12,7 +12,7 @@
 function add_credit_status($description, $disallow_invoicing)
 {
 	$sql = "INSERT INTO ".TB_PREF."credit_status (reason_description, dissallow_invoices) 
-		VALUES (".db_escape($description).",$disallow_invoicing)";
+		VALUES (".db_escape($description).",".db_escape($disallow_invoicing).")";
 		
 	db_query($sql, "could not add credit status");		
 }
@@ -20,21 +20,22 @@ function add_credit_status($description, $disallow_invoicing)
 function update_credit_status($status_id, $description, $disallow_invoicing)
 {
 	$sql = "UPDATE ".TB_PREF."credit_status SET reason_description=".db_escape($description).",
-		dissallow_invoices=$disallow_invoicing WHERE id=$status_id";
+		dissallow_invoices=".db_escape($disallow_invoicing)." WHERE id=".db_escape($status_id);
 	
 	db_query($sql, "could not update credit status");			
 }
 
-function get_all_credit_status()
+function get_all_credit_status($all=false)
 {
 	$sql = "SELECT * FROM ".TB_PREF."credit_status";
-	
+	if (!$all) $sql .= " WHERE !inactive";
+
 	return db_query($sql, "could not get all credit status");
 } 
 
 function get_credit_status($status_id)
 {
-	$sql = "SELECT * FROM ".TB_PREF."credit_status WHERE id=$status_id";
+	$sql = "SELECT * FROM ".TB_PREF."credit_status WHERE id=".db_escape($status_id);
 	
 	$result = db_query($sql, "could not get credit status");
 	
@@ -43,7 +44,7 @@ function get_credit_status($status_id)
 
 function delete_credit_status($status_id)
 {
-	$sql="DELETE FROM ".TB_PREF."credit_status WHERE id=$status_id";
+	$sql="DELETE FROM ".TB_PREF."credit_status WHERE id=".db_escape($status_id);
 		
 	db_query($sql, "could not delete credit status");	
 }