X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fmanage%2Fsales_people.php;h=ff45e3e043ce9fb215c84ddaded95e25149d240a;hb=e364d7f526ead371805d80e0ce66ac90a090dbee;hp=b8bc94bc8ac1e19300a5f31d653dee291c57c682;hpb=217f175953339fd10cd5aee5942cc263a4092323;p=fa-stable.git

diff --git a/sales/manage/sales_people.php b/sales/manage/sales_people.php
index b8bc94bc..ff45e3e0 100644
--- a/sales/manage/sales_people.php
+++ b/sales/manage/sales_people.php
@@ -30,20 +30,30 @@ if (isset($_POST['ADD_ITEM']) || isset($_POST['UPDATE_ITEM']))
 		$input_error = 1;
 		display_error(_("The sales person name cannot be empty."));
 	}
-
+	$pr1 = check_num('provision', 0,100);
+	if (!$pr1 || !check_num('provision2', 0, 100)) {
+		$input_error = 1;
+		display_error( _("Salesman provision cannot be less than 0 or more than 100%."));
+		set_focus(!$pr1 ? 'provision' : 'provision2');
+	}
+	if (!check_num('break_pt', 0)) {
+		$input_error = 1;
+		display_error( _("Salesman provision breakpoint must be numeric and not less than 0."));
+		set_focus('break_pt');
+	}
 	if ($input_error != 1)
 	{
     	if (isset($selected_id))
     	{
     		/*selected_id could also exist if submit had not been clicked this code would not run in this case cos submit is false of course  see the delete code below*/
 
-    		$sql = "UPDATE ".TB_PREF."salesman SET salesman_name='" . $_POST['salesman_name'] . "',
-    			salesman_phone='" . $_POST['salesman_phone'] . "',
-    			salesman_fax='" . $_POST['salesman_fax'] . "',
-    			salesman_email='" . $_POST['salesman_email'] . "',
-    			provision=".$_POST['provision'].",
-    			break_pt=".$_POST['break_pt'].",
-    			provision2=".$_POST['provision2']."
+    		$sql = "UPDATE ".TB_PREF."salesman SET salesman_name=".db_escape($_POST['salesman_name']) . ",
+    			salesman_phone=".db_escape($_POST['salesman_phone']) . ",
+    			salesman_fax=".db_escape($_POST['salesman_fax']) . ",
+    			salesman_email=".db_escape($_POST['salesman_email']) . ",
+    			provision=".input_num('provision').",
+    			break_pt=".input_num('break_pt').",
+    			provision2=".input_num('provision2')."
     			WHERE salesman_code = '$selected_id'";
     	}
     	else
@@ -51,8 +61,12 @@ if (isset($_POST['ADD_ITEM']) || isset($_POST['UPDATE_ITEM']))
     		/*Selected group is null cos no item selected on first time round so must be adding a record must be submitting new entries in the new Sales-person form */
     		$sql = "INSERT INTO ".TB_PREF."salesman (salesman_name, salesman_phone, salesman_fax, salesman_email,
     			provision, break_pt, provision2)
-    			VALUES ('" . $_POST['salesman_name'] . "', '" . $_POST['salesman_phone'] . "', '" . $_POST['salesman_fax'] . "', '" . $_POST['salesman_email'] . "', ".
-    			$_POST['provision'].", ".$_POST['break_pt'].", ".$_POST['provision2'].")";
+    			VALUES (".db_escape($_POST['salesman_name']) . ", "
+				  .db_escape($_POST['salesman_phone']) . ", "
+				  .db_escape($_POST['salesman_fax']) . ", "
+				  .db_escape($_POST['salesman_email']) . ", ".
+    			input_num('provision').", ".input_num('break_pt').", "
+				.input_num('provision2').")";
     	}
 
     	//run the sql from either of the above possibilites
@@ -103,9 +117,9 @@ while ($myrow = db_fetch($result))
    	label_cell($myrow["salesman_phone"]);
    	label_cell($myrow["salesman_fax"]);
    	label_cell($myrow["salesman_email"]);
-   	percent_cell($myrow["provision"]);
+	label_cell(percent_format($myrow["provision"])." %", "nowrap align=right");
    	amount_cell($myrow["break_pt"]);
-   	percent_cell($myrow["provision2"]);
+	label_cell(percent_format($myrow["provision2"])." %", "nowrap align=right");
 	edit_link_cell(SID . "selected_id=" . $myrow["salesman_code"]);
    	delete_link_cell(SID . "selected_id=" . $myrow["salesman_code"]. "&delete=1");
   	end_row();
@@ -134,9 +148,9 @@ if (isset($selected_id))
 	$_POST['salesman_phone'] = $myrow["salesman_phone"];
 	$_POST['salesman_fax'] = $myrow["salesman_fax"];
 	$_POST['salesman_email'] = $myrow["salesman_email"];
-	$_POST['provision'] = $myrow["provision"];
-	$_POST['break_pt'] = $myrow["break_pt"];
-	$_POST['provision2'] = $myrow["provision2"];
+	$_POST['provision'] = percent_format($myrow["provision"]);
+	$_POST['break_pt'] = price_format($myrow["break_pt"]);
+	$_POST['provision2'] = percent_format($myrow["provision2"]);
 
 	hidden('selected_id', $selected_id);
 }
@@ -147,9 +161,9 @@ text_row_ex(_("Sales person name:"), 'salesman_name', 30);
 text_row_ex(_("Telephone number:"), 'salesman_phone', 20);
 text_row_ex(_("Fax number:"), 'salesman_fax', 20);
 text_row_ex(_("Email:"), 'salesman_email', 40);
-percent_row(_("Provision"), 'provision');
+percent_row(_("Provision").':', 'provision');
 amount_row(_("Break Pt.:"), 'break_pt');
-percent_row(_("Provision")." 2", 'provision2');
+percent_row(_("Provision")." 2:", 'provision2');
 end_table(1);
 
 submit_add_or_update_center(!isset($selected_id));