X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Finquiry%2Fsales_deliveries_view.php;h=e65602bf557f6a2fba83423691878fe92ad2f21d;hb=d2cc0860eccf02eaefcd90731ac3af141a841529;hp=7995696d20ea86fece0aeb446d28b29022830315;hpb=4d4371fb200bb27fd6b680ebd2d1aaa450a0be7e;p=fa-stable.git

diff --git a/sales/inquiry/sales_deliveries_view.php b/sales/inquiry/sales_deliveries_view.php
index 7995696d..e65602bf 100644
--- a/sales/inquiry/sales_deliveries_view.php
+++ b/sales/inquiry/sales_deliveries_view.php
@@ -9,8 +9,8 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 2;
-$path_to_root="../..";
+$page_security = 'SA_SALESINVOICE';
+$path_to_root = "../..";
 include($path_to_root . "/includes/db_pager.inc");
 include($path_to_root . "/includes/session.inc");
 
@@ -26,12 +26,12 @@ if ($use_date_picker)
 if (isset($_GET['OutstandingOnly']) && ($_GET['OutstandingOnly'] == true))
 {
 	$_POST['OutstandingOnly'] = true;
-	page(_("Search Not Invoiced Deliveries"), false, false, "", $js);
+	page(_($help_context = "Search Not Invoiced Deliveries"), false, false, "", $js);
 }
 else
 {
 	$_POST['OutstandingOnly'] = false;
-	page(_("Search All Deliveries"), false, false, "", $js);
+	page(_($help_context = "Search All Deliveries"), false, false, "", $js);
 }
 
 if (isset($_GET['selected_customer']))
@@ -115,11 +115,10 @@ hidden('OutstandingOnly', $_POST['OutstandingOnly']);
 end_row();
 
 end_table();
-end_form();
 //---------------------------------------------------------------------------------------------
 
 if (isset($_POST['SelectStockFromList']) && ($_POST['SelectStockFromList'] != "") &&
-	($_POST['SelectStockFromList'] != reserved_words::get_all()))
+	($_POST['SelectStockFromList'] != ALL_TEXT))
 {
  	$selected_stock_item = $_POST['SelectStockFromList'];
 }
@@ -131,7 +130,7 @@ else
 //---------------------------------------------------------------------------------------------
 function trans_view($trans, $trans_no)
 {
-	return get_customer_trans_view_str(13, $trans['trans_no']);
+	return get_customer_trans_view_str(ST_CUSTDELIVERY, $trans['trans_no']);
 }
 
 function batch_checkbox($row)
@@ -153,7 +152,7 @@ function edit_link($row)
 
 function prt_link($row)
 {
-	return print_document_link($row['trans_no'], _("Print"), true, 13, ICON_PRINT);
+	return print_document_link($row['trans_no'], _("Print"), true, ST_CUSTDELIVERY, ICON_PRINT);
 }
 
 function invoice_link($row)
@@ -191,7 +190,7 @@ $sql = "SELECT trans.trans_no,
 		WHERE
 		sorder.order_no = trans.order_ AND
 		trans.debtor_no = debtor.debtor_no
-			AND trans.type = 13
+			AND trans.type = ".ST_CUSTDELIVERY."
 			AND line.debtor_trans_no = trans.trans_no
 			AND line.debtor_trans_type = trans.type
 			AND trans.branch_code = branch.branch_code
@@ -204,7 +203,8 @@ if ($_POST['OutstandingOnly'] == true) {
 //figure out the sql required from the inputs available
 if (isset($_POST['DeliveryNumber']) && $_POST['DeliveryNumber'] != "")
 {
-	$sql .= " AND trans.trans_no LIKE '%". $_POST['DeliveryNumber'] ."'";
+	$delivery = "%".$_POST['DeliveryNumber'];
+	$sql .= " AND trans.trans_no LIKE ".db_escape($delivery);
  	$sql .= " GROUP BY trans.trans_no";
 }
 else
@@ -213,13 +213,13 @@ else
 	$sql .= " AND trans.tran_date <= '".date2sql($_POST['DeliveryToDate'])."'";
 
 	if ($selected_customer != -1)
-		$sql .= " AND trans.debtor_no='" . $selected_customer . "' ";
+		$sql .= " AND trans.debtor_no=".db_escape($selected_customer)." ";
 
 	if (isset($selected_stock_item))
-		$sql .= " AND line.stock_id='". $selected_stock_item ."' ";
+		$sql .= " AND line.stock_id=".db_escape($selected_stock_item)." ";
 
-	if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != reserved_words::get_all())
-		$sql .= " AND sorder.from_stk_loc = '". $_POST['StockLocation'] . "' ";
+	if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT)
+		$sql .= " AND sorder.from_stk_loc = ".db_escape($_POST['StockLocation'])." ";
 
 	$sql .= " GROUP BY trans.trans_no ";
 
@@ -255,14 +255,8 @@ if (isset($_SESSION['Batch']))
 $table =& new_db_pager('deliveries_tbl', $sql, $cols);
 $table->set_marker('check_overdue', _("Marked items are overdue."));
 
-if (get_post('SearchOrders')) {
-	$table->set_sql($sql);
-	$table->set_columns($cols);
-}
 //$table->width = "92%";
 
-start_form();
-
 display_db_pager($table);
 
 end_form();