X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fincludes%2Fdb%2Fsales_types_db.inc;h=a0279d3e5045f0947e71d9a5c3bd7e33f174793d;hb=d8d40a67b517dd35425a1fa0eb02f84c3f9fd843;hp=4bde37506bf08cc65b12fe54ff816b6fa8da8ec2;hpb=921b0e7df6265ed280080b7810105fa4d93d9aa6;p=fa-stable.git

diff --git a/sales/includes/db/sales_types_db.inc b/sales/includes/db/sales_types_db.inc
index 4bde3750..a0279d3e 100644
--- a/sales/includes/db/sales_types_db.inc
+++ b/sales/includes/db/sales_types_db.inc
@@ -1,12 +1,18 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 function add_sales_type($name, $tax_included, $factor)
 {
-	// maximum one base price list
-	  clear_base_sales_type();
-
-	$sql = "INSERT INTO ".TB_PREF."sales_types (sales_type,tax_included,factor) VALUES (".db_escape($name).",'$tax_included',$factor)";
-		
+	$sql = "INSERT INTO ".TB_PREF."sales_types (sales_type,tax_included,factor) VALUES (".db_escape($name).","
+		.db_escape($tax_included).",".db_escape($factor).")";
 	db_query($sql, "could not add sales type");		
 }
 
@@ -14,21 +20,23 @@ function update_sales_type($id, $name, $tax_included, $factor)
 {
 
 	$sql = "UPDATE ".TB_PREF."sales_types SET sales_type = ".db_escape($name).",
-	tax_included =$tax_included, factor=$factor WHERE id = $id";
+	tax_included =".db_escape($tax_included).", factor=".db_escape($factor)." WHERE id = ".db_escape($id);
 	
 	db_query($sql, "could not update sales type");			
 }
 
-function get_all_sales_types()
+function get_all_sales_types($all=false)
 {
 	$sql = "SELECT * FROM ".TB_PREF."sales_types";
+	if (!$all)
+		$sql .= " WHERE !inactive";
 	
 	return db_query($sql, "could not get all sales types");
 } 
 
 function get_sales_type($id)
 {
-	$sql = "SELECT * FROM ".TB_PREF."sales_types WHERE id=$id";
+	$sql = "SELECT * FROM ".TB_PREF."sales_types WHERE id=".db_escape($id);
 	
 	$result = db_query($sql, "could not get sales type");
 	
@@ -37,7 +45,7 @@ function get_sales_type($id)
 
 function get_sales_type_name($id)
 {
-	$sql = "SELECT sales_type FROM ".TB_PREF."sales_types WHERE id=$id";
+	$sql = "SELECT sales_type FROM ".TB_PREF."sales_types WHERE id=".db_escape($id);
 	
 	$result = db_query($sql, "could not get sales type");
 	
@@ -47,11 +55,10 @@ function get_sales_type_name($id)
 
 function delete_sales_type($id)
 {
-	$sql="DELETE FROM ".TB_PREF."sales_types WHERE id=$id";
+	$sql="DELETE FROM ".TB_PREF."sales_types WHERE id=".db_escape($id);
 	db_query($sql,"The Sales type record could not be deleted");
 
-	$sql ="DELETE FROM ".TB_PREF."prices WHERE sales_type_id='$id'";
+	$sql ="DELETE FROM ".TB_PREF."prices WHERE sales_type_id=".db_escape($id);
 	db_query($sql,"The Sales type prices could not be deleted");
 }
 
-?>
\ No newline at end of file