X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fincludes%2Fdb%2Fcust_trans_details_db.inc;h=9296a04cb028affccf837a62aac6118eb80a56d5;hb=0c1ab57c09d87eed2bd248892dbfe3f256767a82;hp=17c30c199571fb31d4f565537c7eb82991a05599;hpb=a5242af68e65661edb7175412444dce536a7f311;p=fa-stable.git

diff --git a/sales/includes/db/cust_trans_details_db.inc b/sales/includes/db/cust_trans_details_db.inc
index 17c30c19..9296a04c 100644
--- a/sales/includes/db/cust_trans_details_db.inc
+++ b/sales/includes/db/cust_trans_details_db.inc
@@ -19,18 +19,18 @@ if (!is_array($debtor_trans_no))
 	$sql = "SELECT ".TB_PREF."debtor_trans_details.*,
 		".TB_PREF."debtor_trans_details.unit_price+".TB_PREF."debtor_trans_details.unit_tax AS FullUnitPrice,
 		".TB_PREF."debtor_trans_details.description As StockDescription,
-		".TB_PREF."stock_master.units
-		FROM ".TB_PREF."debtor_trans_details,".TB_PREF."stock_master
+		".TB_PREF."stock_master.units, ".TB_PREF."stock_master.mb_flag
+		FROM ".TB_PREF."debtor_trans_details, ".TB_PREF."stock_master
 		WHERE (";
 
 	$tr=array();
 	foreach ($debtor_trans_no as $trans_no)
-		$tr[] = 'debtor_trans_no='.$trans_no;
+		$tr[] = 'debtor_trans_no='.db_escape($trans_no);
 
 	$sql .= implode(' OR ', $tr);
 
 
-	$sql.=	") AND debtor_trans_type=$debtor_trans_type
+	$sql.=	") AND debtor_trans_type=".db_escape($debtor_trans_type)."
 		AND ".TB_PREF."stock_master.stock_id=".TB_PREF."debtor_trans_details.stock_id
 		ORDER BY id";
 	return db_query($sql, "The debtor transaction detail could not be queried");
@@ -41,9 +41,9 @@ if (!is_array($debtor_trans_no))
 function void_customer_trans_details($type, $type_no)
 {
 	$sql = "UPDATE ".TB_PREF."debtor_trans_details SET quantity=0, unit_price=0,
-		unit_tax=0, discount_percent=0, standard_cost=0
-		WHERE debtor_trans_no=$type_no
-		AND debtor_trans_type=$type";
+		unit_tax=0, discount_percent=0, standard_cost=0, src_id=0
+		WHERE debtor_trans_no=".db_escape($type_no)."
+		AND debtor_trans_type=".db_escape($type);
 
 	db_query($sql, "The debtor transaction details could not be voided");
 
@@ -53,7 +53,7 @@ function void_customer_trans_details($type, $type_no)
 //----------------------------------------------------------------------------------------
 
 function write_customer_trans_detail_item($debtor_trans_type, $debtor_trans_no, $stock_id, $description,
-	$quantity, $unit_price, $unit_tax, $discount_percent, $std_cost, $line_id=0)
+	$quantity, $unit_price, $unit_tax, $discount_percent, $std_cost, $src_id, $line_id=0)
 {
 	if ($line_id!=0)
 		$sql = "UPDATE ".TB_PREF."debtor_trans_details SET
@@ -63,15 +63,17 @@ function write_customer_trans_detail_item($debtor_trans_type, $debtor_trans_no,
 			unit_price=$unit_price,
 			unit_tax=$unit_tax,
 			discount_percent=$discount_percent,
-			standard_cost=$std_cost WHERE
-			id=$line_id";
+			standard_cost=$std_cost,
+			src_id=".db_escape($src_id)." WHERE
+			id=".db_escape($line_id);
 	else
 			$sql = "INSERT INTO ".TB_PREF."debtor_trans_details (debtor_trans_no,
 				debtor_trans_type, stock_id, description, quantity, unit_price,
-				unit_tax, discount_percent, standard_cost)
-			VALUES ($debtor_trans_no, $debtor_trans_type, ".db_escape($stock_id).
+				unit_tax, discount_percent, standard_cost, src_id)
+			VALUES (".db_escape($debtor_trans_no).", ".db_escape($debtor_trans_type).", ".db_escape($stock_id).
 			", ".db_escape($description).",
-				$quantity, $unit_price, $unit_tax, $discount_percent, $std_cost)";
+				$quantity, $unit_price, $unit_tax, 
+				$discount_percent, $std_cost,".db_escape($src_id).")";
 
 	db_query($sql, "The debtor transaction detail could not be written");
 }