projects / fa-stable.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security statements update against sql injection attacks.
[fa-stable.git] / gl / includes / db / gl_db_accounts.inc
1 <?php
2 /**********************************************************************
3     Copyright (C) FrontAccounting, LLC.
4         Released under the terms of the GNU General Public License, GPL, 
5         as published by the Free Software Foundation, either version 3 
6         of the License, or (at your option) any later version.
7     This program is distributed in the hope that it will be useful,
8     but WITHOUT ANY WARRANTY; without even the implied warranty of
9     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
10     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
11 ***********************************************************************/
12 function add_gl_account($account_code, $account_name, $account_type, $account_code2)
13 {
14         $account_name = db_escape($account_name);
15         $sql = "INSERT INTO ".TB_PREF."chart_master (account_code, account_code2, account_name, account_type)
16                 VALUES (".db_escape($account_code).", ".db_escape($account_code2).", "
17                         .db_escape($account_name).", ".db_escape($account_type).")";
18
19         db_query($sql, "could not add gl account");
20 }
21
22 function update_gl_account($account_code, $account_name, $account_type, $account_code2)
23 {
24         $account_name = db_escape($account_name);
25     $sql = "UPDATE ".TB_PREF."chart_master SET account_name=".db_escape($account_name)
26     .",account_type=".db_escape($account_type).", account_code2=".db_escape($account_code2)
27                 ." WHERE account_code = ".db_escape($account_code);
28
29         db_query($sql, "could not update gl account");
30 }
31
32 function delete_gl_account($code)
33 {
34         $sql = "DELETE FROM ".TB_PREF."chart_master WHERE account_code=".db_escape($code);
35
36         db_query($sql, "could not delete gl account");
37 }
38
39 function get_gl_accounts($from=null, $to=null)
40 {
41         $sql = "SELECT ".TB_PREF."chart_master.*,".TB_PREF."chart_types.name AS AccountTypeName
42                 FROM ".TB_PREF."chart_master,".TB_PREF."chart_types
43                 WHERE ".TB_PREF."chart_master.account_type=".TB_PREF."chart_types.id";
44         if ($from != null)
45                 $sql .= " AND ".TB_PREF."chart_master.account_code >= ".db_escape($from);
46         if ($to != null)
47                 $sql .= " AND ".TB_PREF."chart_master.account_code <= ".db_escape($to);
48         $sql .= " ORDER BY account_code";
49
50         return db_query($sql, "could not get gl accounts");
51 }
52
53 function get_gl_accounts_all($balance=-1)
54 {
55         if ($balance == 1)
56                 $where ="WHERE balance_sheet>0 AND balance_sheet<".CL_INCOME;
57         elseif ($balance == 0)  
58                 $where ="WHERE balance_sheet>".CL_EQUITY." OR balance_sheet=0"; // backwards compatibility
59         $sql = "SELECT ".TB_PREF."chart_master.account_code, ".TB_PREF."chart_master.account_name, ".TB_PREF."chart_master.account_code2,
60                 ".TB_PREF."chart_types.name AS AccountTypeName,".TB_PREF."chart_types.id AS AccountType,
61                 ".TB_PREF."chart_types.parent, ".TB_PREF."chart_class.class_name AS AccountClassName, ".TB_PREF."chart_class.cid AS ClassID, 
62                 ".TB_PREF."chart_class.balance_sheet AS ClassType
63                 FROM ".TB_PREF."chart_types INNER JOIN ".TB_PREF."chart_class ON ".TB_PREF."chart_types.class_id=".TB_PREF."chart_class.cid
64                 LEFT JOIN ".TB_PREF."chart_master ON ".TB_PREF."chart_master.account_type=".TB_PREF."chart_types.id ";
65         if ($balance != -1)
66                 $sql .= $where;                                 
67          $sql .= " ORDER BY ".TB_PREF."chart_class.cid, IF(parent > 0,parent,".TB_PREF."chart_types.id), 
68                 IF(parent > 0,".TB_PREF."chart_types.id, parent), ".TB_PREF."chart_master.account_code";
69
70         return db_query($sql, "could not get gl accounts");
71 }
72
73 function get_gl_account($code)
74 {
75         $sql = "SELECT * FROM ".TB_PREF."chart_master WHERE account_code=".db_escape($code);
76
77         $result = db_query($sql, "could not get gl account");
78         return db_fetch($result);
79 }
80
81 function is_account_balancesheet($code)
82 {
83         $sql = "SELECT ".TB_PREF."chart_class.balance_sheet FROM ".TB_PREF."chart_class, "
84                 .TB_PREF."chart_types, ".TB_PREF."chart_master
85                 WHERE ".TB_PREF."chart_master.account_type=".TB_PREF."chart_types.id AND
86                 ".TB_PREF."chart_types.class_id=".TB_PREF."chart_class.cid
87                 AND ".TB_PREF."chart_master.account_code=".db_escape($code);
88
89         $result = db_query($sql,"could not retreive the account class for $code");
90         $row = db_fetch_row($result);
91         return $row[0] > 0 && $row[0] < CL_INCOME;
92 }
93
94 function get_gl_account_name($code)
95 {
96         $sql = "SELECT account_name from ".TB_PREF."chart_master WHERE account_code=".db_escape($code);
97
98         $result = db_query($sql,"could not retreive the account name for $code");
99
100         if (db_num_rows($result) == 1)
101         {
102                 $row = db_fetch_row($result);
103                 return $row[0];
104         }
105
106         display_db_error("could not retreive the account name for $code", $sql, true);
107 }
108
109
110 ?>
FrontAccounting stable branch