X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=taxes%2Fdb%2Ftax_groups_db.inc;h=5c217aa275bb0457c67a8285b57bf0ff4f509fca;hb=66a62190f99d83f958bb98195b5756b8b307e378;hp=7823bcb93729cf58c6885621d9e79bf95fc31e25;hpb=818719f38b8327cdca616d58b13913dbd174d96a;p=fa-stable.git

diff --git a/taxes/db/tax_groups_db.inc b/taxes/db/tax_groups_db.inc
index 7823bcb9..5c217aa2 100644
--- a/taxes/db/tax_groups_db.inc
+++ b/taxes/db/tax_groups_db.inc
@@ -1,13 +1,13 @@
 <?php
 /**********************************************************************
     Copyright (C) FrontAccounting, LLC.
-	Released under the terms of the GNU Affero General Public License,
-	AGPL, as published by the Free Software Foundation, either version 
-	3 of the License, or (at your option) any later version.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
-    See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
 function clear_shipping_tax_group() {
 	  $sql = "UPDATE ".TB_PREF."tax_groups SET tax_shipping=0 WHERE 1";
@@ -21,7 +21,7 @@ function add_tax_group($name, $tax_shipping, $taxes, $rates)
 	if($tax_shipping) 	// only one tax group for shipping
 	  clear_shipping_tax_group();
 		
-	$sql = "INSERT INTO ".TB_PREF."tax_groups (name, tax_shipping) VALUES (".db_escape($name).", $tax_shipping)";
+	$sql = "INSERT INTO ".TB_PREF."tax_groups (name, tax_shipping) VALUES (".db_escape($name).", ".db_escape($tax_shipping).")";
 	db_query($sql, "could not add tax group");
 	
 	$id = db_insert_id();
@@ -38,7 +38,7 @@ function update_tax_group($id, $name, $tax_shipping, $taxes, $rates)
 	if($tax_shipping) 	// only one tax group for shipping
 	  clear_shipping_tax_group();
 	
-    $sql = "UPDATE ".TB_PREF."tax_groups SET name=".db_escape($name).",tax_shipping=$tax_shipping WHERE id=$id";
+    $sql = "UPDATE ".TB_PREF."tax_groups SET name=".db_escape($name).",tax_shipping=".db_escape($tax_shipping)." WHERE id=".db_escape($id);
 	db_query($sql, "could not update tax group");
 	
 	delete_tax_group_items($id);
@@ -47,16 +47,17 @@ function update_tax_group($id, $name, $tax_shipping, $taxes, $rates)
 	commit_transaction();			
 }
 
-function get_all_tax_groups()
+function get_all_tax_groups($all=false)
 {
 	$sql = "SELECT * FROM ".TB_PREF."tax_groups";
+	if (!$all) $sql .= " WHERE !inactive";
 	
 	return db_query($sql, "could not get all tax group");
 } 
 
 function get_tax_group($type_id)
 {
-	$sql = "SELECT * FROM ".TB_PREF."tax_groups WHERE id=$type_id";
+	$sql = "SELECT * FROM ".TB_PREF."tax_groups WHERE id=".db_escape($type_id);
 	
 	$result = db_query($sql, "could not get tax group");
 	
@@ -67,7 +68,7 @@ function delete_tax_group($id)
 {
 	begin_transaction();
 		
-	$sql = "DELETE FROM ".TB_PREF."tax_groups WHERE id=$id";
+	$sql = "DELETE FROM ".TB_PREF."tax_groups WHERE id=".db_escape($id);
 		
 	db_query($sql, "could not delete tax group");
 	
@@ -81,24 +82,24 @@ function add_tax_group_items($id, $items, $rates)
 	for ($i=0; $i < count($items); $i++) 
 	{
 		$sql = "INSERT INTO ".TB_PREF."tax_group_items (tax_group_id, tax_type_id, rate)
-			VALUES ($id,  " . $items[$i] . ", " . $rates[$i] .")";
+			VALUES (".db_escape($id).",  ".db_escape($items[$i]).", " . $rates[$i] .")";
 		db_query($sql, "could not add item tax group item");					
 	}		
 }
 
 function delete_tax_group_items($id)
 {
-	$sql = "DELETE FROM ".TB_PREF."tax_group_items WHERE tax_group_id=$id";
+	$sql = "DELETE FROM ".TB_PREF."tax_group_items WHERE tax_group_id=".db_escape($id);
 	
 	db_query($sql, "could not delete item tax group items");					
 }
 
 function get_tax_group_items($id)
 {
-	$sql = "SELECT ".TB_PREF."tax_group_items.*, ".TB_PREF."tax_types.name AS tax_type_name, 
+	$sql = "SELECT ".TB_PREF."tax_group_items.*, ".TB_PREF."tax_types.name AS tax_type_name, ".TB_PREF."tax_types.rate, 
 		".TB_PREF."tax_types.sales_gl_code, ".TB_PREF."tax_types.purchasing_gl_code  
 		FROM ".TB_PREF."tax_group_items, ".TB_PREF."tax_types 
-		WHERE tax_group_id=$id
+		WHERE tax_group_id=".db_escape($id)."
 			AND ".TB_PREF."tax_types.id=tax_type_id";
 	
 	return db_query($sql, "could not get item tax type group items");
@@ -127,7 +128,7 @@ function get_tax_group_items_as_array($id)
 function get_shipping_tax_group_items()
 {
 
-	$sql = "SELECT ".TB_PREF."tax_group_items.*, ".TB_PREF."tax_types.name AS tax_type_name, 
+	$sql = "SELECT ".TB_PREF."tax_group_items.*, ".TB_PREF."tax_types.name AS tax_type_name, ".TB_PREF."tax_types.rate,
 		".TB_PREF."tax_types.sales_gl_code, ".TB_PREF."tax_types.purchasing_gl_code  
 		FROM " .TB_PREF."tax_group_items, ".TB_PREF."tax_types, ".TB_PREF."tax_groups
 		WHERE " .TB_PREF."tax_groups.tax_shipping=1