X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=taxes%2Fdb%2Fitem_tax_types_db.inc;h=809f9f9ebe43e233f753c2c63be3ec7a18d64ef9;hb=41112dc462ea9222b584f9f2202e3cf45623b98b;hp=5989f1a8803feba945a8152a16f7434451dc286d;hpb=818719f38b8327cdca616d58b13913dbd174d96a;p=fa-stable.git

diff --git a/taxes/db/item_tax_types_db.inc b/taxes/db/item_tax_types_db.inc
index 5989f1a8..809f9f9e 100644
--- a/taxes/db/item_tax_types_db.inc
+++ b/taxes/db/item_tax_types_db.inc
@@ -1,20 +1,20 @@
 <?php
 /**********************************************************************
     Copyright (C) FrontAccounting, LLC.
-	Released under the terms of the GNU Affero General Public License,
-	AGPL, as published by the Free Software Foundation, either version 
-	3 of the License, or (at your option) any later version.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
-    See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
 function add_item_tax_type($name, $exempt, $exempt_from)
 {
 	begin_transaction();
 	
 	$sql = "INSERT INTO ".TB_PREF."item_tax_types (name, exempt) 
-		VALUES (".db_escape($name).",$exempt)";
+		VALUES (".db_escape($name).",".db_escape($exempt).")";
 		
 	db_query($sql, "could not add item tax type");	
 	
@@ -31,7 +31,7 @@ function update_item_tax_type($id, $name, $exempt, $exempt_from)
 	begin_transaction();
 	
 	$sql = "UPDATE ".TB_PREF."item_tax_types SET name=".db_escape($name).
-	",	exempt=$exempt WHERE id=$id";
+	",	exempt=".db_escape($exempt)." WHERE id=".db_escape($id);
 	
 	db_query($sql, "could not update item tax type");	
 	
@@ -42,16 +42,18 @@ function update_item_tax_type($id, $name, $exempt, $exempt_from)
 	commit_transaction();	
 }
 
-function get_all_item_tax_types()
+function get_all_item_tax_types($also_inactive=false)
 {
 	$sql = "SELECT * FROM ".TB_PREF."item_tax_types";
-	
+	if (!$also_inactive)
+		$sql .= " WHERE !inactive";
+
 	return db_query($sql, "could not get all item tax type");
 } 
 
 function get_item_tax_type($id)
 {
-	$sql = "SELECT * FROM ".TB_PREF."item_tax_types WHERE id=$id";
+	$sql = "SELECT * FROM ".TB_PREF."item_tax_types WHERE id=".db_escape($id);
 	
 	$result = db_query($sql, "could not get item tax type");
 	
@@ -60,8 +62,11 @@ function get_item_tax_type($id)
 
 function get_item_tax_type_for_item($stock_id)
 {
-	$sql = "SELECT ".TB_PREF."item_tax_types.* FROM ".TB_PREF."item_tax_types,".TB_PREF."stock_master WHERE ".TB_PREF."stock_master.stock_id='$stock_id'
-		AND ".TB_PREF."item_tax_types.id=".TB_PREF."stock_master.tax_type_id";
+	$sql = "SELECT item_tax_type.*
+		FROM ".TB_PREF."item_tax_types item_tax_type,"
+			.TB_PREF."stock_master item
+		WHERE item.stock_id=".db_escape($stock_id)."
+		AND item_tax_type.id=item.tax_type_id";
 	
 	$result = db_query($sql, "could not get item tax type");
 	
@@ -72,7 +77,7 @@ function delete_item_tax_type($id)
 {
 	begin_transaction();
 		
-	$sql = "DELETE FROM ".TB_PREF."item_tax_types WHERE id=$id";
+	$sql = "DELETE FROM ".TB_PREF."item_tax_types WHERE id=".db_escape($id);
 		
 	db_query($sql, "could not delete item tax type");
 	// also delete all exemptions
@@ -86,23 +91,22 @@ function add_item_tax_type_exemptions($id, $exemptions)
 	for ($i = 0; $i < count($exemptions); $i++) 
 	{
 		$sql = "INSERT INTO ".TB_PREF."item_tax_type_exemptions (item_tax_type_id, tax_type_id)
-			VALUES ($id,  " . $exemptions[$i] . ")";
+			VALUES (".db_escape($id).",  ".db_escape($exemptions[$i]).")";
 		db_query($sql, "could not add item tax type exemptions");					
 	}		
 }
 
 function delete_item_tax_type_exemptions($id)
 {
-	$sql = "DELETE FROM ".TB_PREF."item_tax_type_exemptions WHERE item_tax_type_id=$id";
+	$sql = "DELETE FROM ".TB_PREF."item_tax_type_exemptions WHERE item_tax_type_id=".db_escape($id);
 	
 	db_query($sql, "could not delete item tax type exemptions");					
 }
 
 function get_item_tax_type_exemptions($id)
 {
-	$sql = "SELECT * FROM ".TB_PREF."item_tax_type_exemptions WHERE item_tax_type_id=$id";
+	$sql = "SELECT * FROM ".TB_PREF."item_tax_type_exemptions WHERE item_tax_type_id=".db_escape($id);
 	
 	return db_query($sql, "could not get item tax type exemptions");
 }
 
-?>
\ No newline at end of file