X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fincludes%2Fdb%2Fsales_order_db.inc;h=ef66b0b7d72166792bb172c49be19cbe4d26fa46;hb=8429c2d2e1500cd879e084335391615e79fc3da3;hp=1b0273dfd7ff953fa81946102c4d3b551739b16f;hpb=e871e7b7f097ec86efa815e2005786710afb79e4;p=fa-stable.git

diff --git a/sales/includes/db/sales_order_db.inc b/sales/includes/db/sales_order_db.inc
index 1b0273df..ef66b0b7 100644
--- a/sales/includes/db/sales_order_db.inc
+++ b/sales/includes/db/sales_order_db.inc
@@ -1,5 +1,14 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 //----------------------------------------------------------------------------------------
 function get_demand_qty($stockid, $location)
 {
@@ -54,15 +63,20 @@ function add_sales_order(&$order)
 	$sql = "INSERT INTO ".TB_PREF."sales_orders (type, debtor_no, branch_code, customer_ref, comments, ord_date,
 		order_type, ship_via, deliver_to, delivery_address, contact_phone,
 		contact_email, freight_cost, from_stk_loc, delivery_date)
-		VALUES ('" . $order_type . "', '" . $order->customer_id . "', '" . $order->Branch . "', '".
-			$order->cust_ref ."','". db_escape($order->Comments) ."','" .
-			date2sql($order->document_date) . "', '" .
-			$order->sales_type . "', " .
-			$_POST['ship_via'] .",'" . $order->deliver_to . "', '" .
-			$order->delivery_address . "', '" .
-			$order->phone . "', '" . $order->email . "', " .
-			$order->freight_cost .", '" . $order->Location ."', '" .
-			$del_date . "')";
+		VALUES (" .db_escape($order_type) . "," . db_escape($order->customer_id) .
+		 ", " . db_escape($order->Branch) . ", ".
+			db_escape($order->cust_ref) .",". 
+			db_escape($order->Comments) .",'" . 
+			date2sql($order->document_date) . "', " .
+			db_escape($order->sales_type) . ", " .
+			db_escape($order->ship_via)."," . 
+			db_escape($order->deliver_to) . "," .
+			db_escape($order->delivery_address) . ", " .
+			db_escape($order->phone) . ", " . 
+			db_escape($order->email) . ", " .
+			db_escape($order->freight_cost) .", " . 
+			db_escape($order->Location) .", " .
+			db_escape($del_date) . ")";
 
 	db_query($sql, "order Cannot be Added");
 
@@ -106,7 +120,8 @@ function add_sales_order(&$order)
 
 		$sql = "INSERT INTO ".TB_PREF."sales_order_details (order_no, stk_code, description, unit_price, quantity, discount_percent) VALUES (";
 		$sql .= $order_no .
-				",'$line->stock_id', '$line->item_description', $line->price,
+				",".db_escape($line->stock_id).", "
+				.db_escape($line->item_description).", $line->price,
 				$line->quantity,
 				$line->discount_percent)";
 		db_query($sql, "order Details Cannot be Added");
@@ -177,24 +192,23 @@ function update_sales_order($order)
 	begin_transaction();
 
 	$sql = "UPDATE ".TB_PREF."sales_orders SET type =".$order->so_type." ,
-		debtor_no = '" . $order->customer_id . "',
-		branch_code = '" . $order->Branch . "',
-		customer_ref = '". $order->cust_ref ."',
-		comments = '". db_escape($order->Comments) ."',
-		ord_date = '" . $ord_date . "',
-		order_type = '" . $order->sales_type . "',
-		ship_via = " . $order->ship_via .",
-		deliver_to = '" . $order->deliver_to . "',
-		delivery_address = '" . $order->delivery_address . "',
-		contact_phone = '" . $order->phone . "',
-		contact_email = '" . $order->email . "',
-		freight_cost = " . $order->freight_cost .",
-		from_stk_loc = '" . $order->Location ."',
-		delivery_date = '" . $del_date . "',
+		debtor_no = " . db_escape($order->customer_id) . ",
+		branch_code = " . db_escape($order->Branch) . ",
+		customer_ref = ". db_escape($order->cust_ref) .",
+		comments = ". db_escape($order->Comments) .",
+		ord_date = " . db_escape($ord_date) . ",
+		order_type = " .db_escape($order->sales_type) . ",
+		ship_via = " . db_escape($order->ship_via) .",
+		deliver_to = " . db_escape($order->deliver_to) . ",
+		delivery_address = " . db_escape($order->delivery_address) . ",
+		contact_phone = " .db_escape($order->phone) . ",
+		contact_email = " .db_escape($order->email) . ",
+		freight_cost = " .db_escape($order->freight_cost) .",
+		from_stk_loc = " .db_escape($order->Location) .",
+		delivery_date = " .db_escape($del_date). ",
 		version = ".($version+1)."
 	 WHERE order_no=" . $order_no ."
 	 AND version=".$version;
-
 	db_query($sql, "order Cannot be Updated, this can be concurrent edition conflict");
 
 	$sql = "DELETE FROM ".TB_PREF."sales_order_details WHERE order_no =" . $order_no;
@@ -242,13 +256,13 @@ function update_sales_order($order)
 		 (order_no, stk_code,  description, unit_price, quantity,
 		  discount_percent, qty_sent)
 		 VALUES (";
-		$sql .= $order_no . ",'"
-		  .$line->stock_id . "','"
-		  .$line->item_description . "', "
-		  .$line->price . ", "
-		  .$line->quantity . ", "
-		  .$line->discount_percent . ", "
-		  .$line->qty_done ." )";
+		$sql .= $order_no . ","
+		  .db_escape($line->stock_id) . ","
+		  .db_escape($line->item_description) . ", "
+		  .db_escape($line->price) . ", "
+		  .db_escape($line->quantity) . ", "
+		  .db_escape($line->discount_percent) . ", "
+		  .db_escape($line->qty_done) ." )";
 
 		db_query($sql, "Old order Cannot be Inserted");
 
@@ -357,7 +371,8 @@ function read_sales_order($order_no, &$order)
 	$order->set_branch($myrow["branch_code"], $myrow["tax_group_id"],
 	  $myrow["tax_group_name"], $myrow["contact_phone"], $myrow["contact_email"]);
 
-	$order->set_sales_type($myrow["sales_type_id"], $myrow["sales_type"], $myrow["tax_included"]);
+	$order->set_sales_type($myrow["sales_type_id"], $myrow["sales_type"], 
+	    $myrow["tax_included"], 0); // no default price calculations on edit
 
 	$order->set_location($myrow["from_stk_loc"], $myrow["location_name"]);
 
@@ -419,7 +434,7 @@ function get_invoice_duedate($debtorno, $invdate)
 {
 	if (!is_date($invdate))
 	{
-		return Today();
+		return new_doc_date();
 	}
 	$sql = "SELECT ".TB_PREF."debtors_master.debtor_no, ".TB_PREF."debtors_master.payment_terms, ".TB_PREF."payment_terms.* FROM ".TB_PREF."debtors_master,
 		".TB_PREF."payment_terms WHERE ".TB_PREF."debtors_master.payment_terms = ".TB_PREF."payment_terms.terms_indicator AND
@@ -444,10 +459,14 @@ function get_customer_to_order($customer_id) {
 		  .TB_PREF."debtors_master.address, "
 		  .TB_PREF."credit_status.dissallow_invoices, "
 		  .TB_PREF."debtors_master.sales_type AS salestype, "
+		  .TB_PREF."debtors_master.dimension_id, "
+		  .TB_PREF."debtors_master.dimension2_id, "
 		  .TB_PREF."sales_types.sales_type, "
 		  .TB_PREF."sales_types.tax_included, "
+		  .TB_PREF."sales_types.factor, "
 		  .TB_PREF."debtors_master.curr_code, "
-		  .TB_PREF."debtors_master.discount
+		  .TB_PREF."debtors_master.discount,"
+		  .TB_PREF."debtors_master.pymt_discount
 		FROM ".TB_PREF."debtors_master, "
 		  .TB_PREF."credit_status, "
 		  .TB_PREF."sales_types