Activated strict SQL mode, minor SQL injection fix, fixed _vl() debug helper.

[fa-stable.git] / inventory / includes / db / items_db.inc

diff --git a/inventory/includes/db/items_db.inc b/inventory/includes/db/items_db.inc
index 4c23ee0791c41f28b5cc7e14a7075055ac0ecc50..07fde0d172768d1872dc80aead3876a361edcb7c 100644 (file)
--- a/inventory/includes/db/items_db.inc
+++ b/inventory/includes/db/items_db.inc
@@ -11,7 +11,7 @@
 ***********************************************************************/
 function update_item($stock_id, $description, $long_description, $category_id, 
        $tax_type_id, $units='', $mb_flag='', $sales_account, $inventory_account, 
-       $cogs_account,  $adjustment_account, $assembly_account, $dimension_id, 
+       $cogs_account,  $adjustment_account, $wip_account, $dimension_id, 
        $dimension2_id, $no_sale, $editable, $no_purchase,
        $depreciation_method = 'D', $depreciation_rate=100, $depreciation_factor=1,
        $depreciation_start=null, $fa_class_id=null)
@@ -23,7 +23,7 @@ function update_item($stock_id, $description, $long_description, $category_id,
                inventory_account=".db_escape($inventory_account).",
                cogs_account=".db_escape($cogs_account).",
                adjustment_account=".db_escape($adjustment_account).",
-               assembly_account=".db_escape($assembly_account).",
+               wip_account=".db_escape($wip_account).",
                dimension_id=".db_escape($dimension_id).",
                dimension2_id=".db_escape($dimension2_id).",
                tax_type_id=".db_escape($tax_type_id).",
@@ -41,7 +41,7 @@ function update_item($stock_id, $description, $long_description, $category_id,
        if ($mb_flag != '')
                $sql .= ", mb_flag=".db_escape($mb_flag);
 
-       if ($depreciation_start != '') {
+       if (isset($depreciation_start)) {
                $sql .= ", depreciation_start='".date2sql($depreciation_start)."'"
                        .", depreciation_date='".date2sql($depreciation_start)."'";
        }
@@ -55,28 +55,29 @@ function update_item($stock_id, $description, $long_description, $category_id,
 
 function add_item($stock_id, $description, $long_description, $category_id, 
        $tax_type_id, $units, $mb_flag, $sales_account, $inventory_account, 
-       $cogs_account, $adjustment_account,     $assembly_account, $dimension_id, 
+       $cogs_account, $adjustment_account,     $wip_account, $dimension_id, 
        $dimension2_id, $no_sale, $editable, $no_purchase,
        $depreciation_method='D', $depreciation_rate=100,  $depreciation_factor=1, $depreciation_start=null,
        $fa_class_id=null)
 {
        $sql = "INSERT INTO ".TB_PREF."stock_master (stock_id, description, long_description, category_id,
                tax_type_id, units, mb_flag, sales_account, inventory_account, cogs_account,
-               adjustment_account, assembly_account, dimension_id, dimension2_id, no_sale, no_purchase, editable,
-               depreciation_method, depreciation_rate, depreciation_factor, depreciation_start, depreciation_date, fa_class_id)
-               VALUES (".db_escape($stock_id).", ".db_escape($description).", ".db_escape($long_description).",
+               adjustment_account, wip_account, dimension_id, dimension2_id, no_sale, no_purchase, editable,
+               depreciation_method, depreciation_rate, depreciation_factor"
+               .(isset($depreciation_start) ? ", depreciation_start, depreciation_date, fa_class_id" : "")
+               .") VALUES (".db_escape($stock_id).", ".db_escape($description).", ".db_escape($long_description).",
                ".db_escape($category_id).", ".db_escape($tax_type_id).", "
                .db_escape($units).", ".db_escape($mb_flag).",
                ".db_escape($sales_account).", ".db_escape($inventory_account)
                .", ".db_escape($cogs_account).",".db_escape($adjustment_account)
-               .", ".db_escape($assembly_account).", "
+               .", ".db_escape($wip_account).", "
                .db_escape($dimension_id).", ".db_escape($dimension2_id).","
                .db_escape($no_sale).","
                .db_escape($no_purchase).","
                .db_escape($editable).","
-               .db_escape($depreciation_method).",".db_escape($depreciation_rate).",".db_escape($depreciation_factor).",'"
-               .date2sql($depreciation_start)."','".date2sql($depreciation_start)."',"
-               .db_escape($fa_class_id).")";
+               .db_escape($depreciation_method).",".db_escape($depreciation_rate).",".db_escape($depreciation_factor)
+               .(isset($depreciation_start) ? ",'".date2sql($depreciation_start)."','".date2sql($depreciation_start)."',".db_escape($fa_class_id) : "")
+               .")";
 
        db_query($sql, "The item could not be added");
 
@@ -122,7 +123,7 @@ function get_item($stock_id)
                AND stock_id=".db_escape($stock_id);
        $result = db_query($sql,"an item could not be retreived");
 
-       return db_fetch($result);
+       return db_fetch_assoc($result);
 }
 
 function get_items($fixed_asset = 0)
@@ -142,7 +143,7 @@ function item_in_foreign_codes($stock_id)
         _('Cannot delete this item record because there are bills of material that require this part as a component.'),
        "SELECT COUNT(*) FROM "
                .TB_PREF."sales_order_details WHERE stk_code=".db_escape($stock_id) =>
-        _('Cannot delete this item because there are existing purchase order items for it.'),
+        _('Cannot delete this item because there are existing sales order items for it.'),
        "SELECT COUNT(*) FROM "
                .TB_PREF."purch_order_details WHERE item_code=".db_escape($stock_id)=>
         _('Cannot delete this item because there are existing purchase order items for it.')