X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fincludes%2Fsales_db.inc;h=88727e80982a3fd0aa088bbfdc8ec2daf18c102e;hb=9478a0cdeaf9201d2f3947e11e58d90354050025;hp=de98c3b0ffbc6d4a97e2f05296b78c72c493a3c0;hpb=4a4e032fdf10fe2eacb0d268b97bed6ff06a3915;p=fa-stable.git

diff --git a/sales/includes/sales_db.inc b/sales/includes/sales_db.inc
index de98c3b0..88727e80 100644
--- a/sales/includes/sales_db.inc
+++ b/sales/includes/sales_db.inc
@@ -17,6 +17,8 @@ include_once($path_to_root . "/sales/includes/db/sales_invoice_db.inc");
 include_once($path_to_root . "/sales/includes/db/sales_delivery_db.inc");
 include_once($path_to_root . "/sales/includes/db/sales_types_db.inc");
 include_once($path_to_root . "/sales/includes/db/sales_points_db.inc");
+include_once($path_to_root . "/sales/includes/db/sales_groups_db.inc");
+include_once($path_to_root . "/sales/includes/db/recurrent_invoices_db.inc");
 include_once($path_to_root . "/sales/includes/db/custalloc_db.inc");
 include_once($path_to_root . "/sales/includes/db/cust_trans_db.inc");
 include_once($path_to_root . "/sales/includes/db/cust_trans_details_db.inc");
@@ -52,7 +54,7 @@ function add_gl_trans_customer($type, $type_no, $date_, $account, $dimension, $d
 
 	return add_gl_trans($type, $type_no, $date_, $account, $dimension, $dimension2, "", $amount,
 		get_customer_currency($customer_id),
-		payment_person_types::customer(), $customer_id, $err_msg, $rate);
+		PT_CUSTOMER, $customer_id, $err_msg, $rate);
 }
 
 //----------------------------------------------------------------------------------------
@@ -92,15 +94,15 @@ function get_price ($stock_id, $currency, $sales_type_id, $factor=null, $date=nu
 		$myrow = get_sales_type($sales_type_id);
 		$factor = $myrow['factor'];
 	}
-	    
+
 	$add_pct = get_company_pref('add_pct');
 	$base_id = get_base_sales_type();
     $home_curr = get_company_currency();
 	//	AND (sales_type_id = $sales_type_id	OR sales_type_id = $base_id)
 	$sql = "SELECT price, curr_abrev, sales_type_id
 		FROM ".TB_PREF."prices
-		WHERE stock_id = '$stock_id' 
-			AND (curr_abrev = '$currency' OR curr_abrev = '$home_curr')";
+		WHERE stock_id = ".db_escape($stock_id)."
+			AND (curr_abrev = ".db_escape($currency)." OR curr_abrev = ".db_escape($home_curr).")";
 
 	$result = db_query($sql, "There was a problem retrieving the pricing information for the part $stock_id for customer");
 	$num_rows = db_num_rows($result);
@@ -184,15 +186,16 @@ function set_document_parent($cart)
 
 	if (count($cart->src_docs) == 1) {
 
-	// if this child document has only one parent - update child link
-	$del_no = reset(array_keys($cart->src_docs));
+		// if this child document has only one parent - update child link
+		$src = array_keys($cart->src_docs);
+		$del_no = reset($src);
 
-	$sql = 'UPDATE '.TB_PREF.'debtor_trans SET trans_link = ' . $del_no .
-		' WHERE type='.$cart->trans_type.' AND trans_no='. $inv_no ;
-	db_query($sql, 'Child document link cannot be updated');
+		$sql = 'UPDATE '.TB_PREF.'debtor_trans SET trans_link = ' . $del_no .
+			' WHERE type='.db_escape($cart->trans_type).' AND trans_no='. $inv_no ;
+		db_query($sql, 'Child document link cannot be updated');
 
 	}
-	if ($cart->trans_type != 10)
+	if ($cart->trans_type != ST_SALESINVOICE)
 		return 0;
 
 	// the rest is batch invoice specific
@@ -220,7 +223,7 @@ function set_document_parent($cart)
 //--------------------------------------------------------------------------------------------------
 function get_parent_type($type)
 {
-	$parent_types = array( 11=>10, 10=>13, 13=>30 );
+	$parent_types = array( ST_CUSTCREDIT => ST_SALESINVOICE, ST_SALESINVOICE => ST_CUSTDELIVERY, ST_CUSTDELIVERY => ST_SALESORDER );
 	return isset($parent_types[$type]) ?  $parent_types[$type] : 0;
 }
 
@@ -233,14 +236,14 @@ function update_parent_line($doc_type, $line_id, $qty_dispatched)
 	if ($doc_type==0)
 		return false;
 	else {
-		if ($doc_type==30)
+		if ($doc_type==ST_SALESORDER)
 			$sql = "UPDATE ".TB_PREF."sales_order_details
 				SET qty_sent = qty_sent + $qty_dispatched
-				WHERE id=$line_id";
+				WHERE id=".db_escape($line_id);
 		else
 			$sql = "UPDATE ".TB_PREF."debtor_trans_details
 				SET qty_done = qty_done + $qty_dispatched
-				WHERE id=$line_id";
+				WHERE id=".db_escape($line_id);
 	}
 	db_query($sql, "The parent document detail record could not be updated");
 	return true;
@@ -253,7 +256,7 @@ function get_location(&$cart)
 {
 	$sql = "SELECT ".TB_PREF."locations.* FROM ".TB_PREF."stock_moves,"
 		.TB_PREF."locations".
-		" WHERE type=".$cart->trans_type.
+		" WHERE type=".db_escape($cart->trans_type).
 		" AND trans_no=".key($cart->trans_no).
 		" AND qty!=0 ".
 		" AND ".TB_PREF."locations.loc_code=".TB_PREF."stock_moves.loc_code";