function reopen_dimension($id)
{
- $sql = "UPDATE ".TB_PREF."dimensions SET closed='0' WHERE id = $id";
+ $sql = "UPDATE ".TB_PREF."dimensions SET closed='0' WHERE id = ".db_escape($id);
db_query($sql, "could not reopen dimension");
}
$sql = "SELECT account, ".TB_PREF."chart_master.account_name, sum(amount) AS amt FROM
".TB_PREF."gl_trans,".TB_PREF."chart_master WHERE
".TB_PREF."gl_trans.account = ".TB_PREF."chart_master.account_code AND
- (dimension_id = $id OR dimension2_id = $id) AND
+ (dimension_id = ".db_escape($id)." OR dimension2_id = ".db_escape($id).") AND
tran_date >= '$from' AND tran_date <= '$to' GROUP BY account";
return db_query($sql, "Transactions could not be calculated");
}
$sql = "SELECT SUM(amount) FROM ".TB_PREF."gl_trans WHERE tran_date >= '" .
date2sql($from) . "' AND
tran_date <= '" . date2sql($to) . "' AND (dimension_id = " .
- $id." OR dimension2_id = " .$id.")";
+ db_escape($id)." OR dimension2_id = " .db_escape($id).")";
$res = db_query($sql, "Sum of transactions could not be calculated");
$row = db_fetch_row($res);
//
function is_bank_account($account_code)
{
- $sql= "SELECT id FROM ".TB_PREF."bank_accounts WHERE account_code='$account_code'";
+ $sql= "SELECT id FROM ".TB_PREF."bank_accounts WHERE account_code=".db_escape($account_code);
$result = db_query($sql, "checking account is bank account");
if (db_num_rows($result) > 0) {
$acct = db_fetch($result);
function get_bank_account_currency($id)
{
- $sql= "SELECT bank_curr_code FROM ".TB_PREF."bank_accounts WHERE id='$id'";
+ $sql= "SELECT bank_curr_code FROM ".TB_PREF."bank_accounts WHERE id=".db_escape($id);
$result = db_query($sql, "retreive bank account currency");
$myrow = db_fetch_row($result);
function get_customer_currency($customer_id)
{
- $sql = "SELECT curr_code FROM ".TB_PREF."debtors_master WHERE debtor_no = '$customer_id'";
+ $sql = "SELECT curr_code FROM ".TB_PREF."debtors_master WHERE debtor_no = ".db_escape($customer_id);
$result = db_query($sql, "Retreive currency of customer $customer_id");
function get_supplier_currency($supplier_id)
{
- $sql = "SELECT curr_code FROM ".TB_PREF."suppliers WHERE supplier_id = '$supplier_id'";
+ $sql = "SELECT curr_code FROM ".TB_PREF."suppliers WHERE supplier_id = ".db_escape($supplier_id);
$result = db_query($sql, "Retreive currency of supplier $supplier_id");
$date = date2sql($date_);
- $sql = "SELECT rate_buy, max(date_) as date_ FROM ".TB_PREF."exchange_rates WHERE curr_code = '$currency_code'
+ $sql = "SELECT rate_buy, max(date_) as date_ FROM ".TB_PREF."exchange_rates WHERE curr_code = ".db_escape($currency_code)."
AND date_ <= '$date' GROUP BY rate_buy ORDER BY date_ Desc LIMIT 1";
$result = db_query($sql, "could not query exchange rates");
function db_customer_has_branches($customer_id)
{
return check_empty_result("SELECT COUNT(*) FROM ".TB_PREF."cust_branch "
- ."WHERE debtor_no='$customer_id'");
+ ."WHERE debtor_no=".db_escape($customer_id));
}
function db_has_customer_branches()
function db_has_tags($type)
{
- return check_empty_result("SELECT COUNT(*) FROM ".TB_PREF."tags WHERE type=$type");
+ return check_empty_result("SELECT COUNT(*) FROM ".TB_PREF."tags WHERE type=".db_escape($type));
}
function check_db_has_tags($type, $msg)
$result = db_query($sql, "could not do check empty query");
$myrow = db_fetch_row($result);
- return $myrow[0] > 0;
+ return $myrow[0] > 0;
}
//
// Integer input check
$sql = "SELECT MAX(`$st[2]`) FROM $st[0]";
if ($st[1] != null)
- $sql .= " WHERE `$st[1]`=$trans_type";
+ $sql .= " WHERE `$st[1]`=".db_escape($trans_type);
$result = db_query($sql,"The next transaction number for $trans_type could not be retrieved");
$myrow = db_fetch_row($result);
/*If this is the first time the form loaded set up defaults */
//$_POST['StkLocation'] = $_SESSION['UserStockLocation'];
- $sql = "SELECT delivery_address, phone FROM ".TB_PREF."locations WHERE loc_code='" . $_POST['StkLocation'] . "'";
+ $sql = "SELECT delivery_address, phone FROM ".TB_PREF."locations WHERE loc_code='" . db_escape($_POST['StkLocation']) . "'";
$result = db_query($sql,"could not get location info");
if (db_num_rows($result) == 1)
else
{
$id = $this->formData['payment_terms'];
- $sql = "SELECT terms FROM ".TB_PREF."payment_terms WHERE terms_indicator='$id'";
+ $sql = "SELECT terms FROM ".TB_PREF."payment_terms WHERE terms_indicator=".db_escape($id);
$result = db_query($sql,"could not get paymentterms");
$row = db_fetch($result);
$str = $row["terms"];
{
$doc_type = get_parent_type($doc_type);
+ $qty_dispatched = (float)$qty_dispatched;
+
// echo "update line: $line_id, $doc_type, $qty_dispatched";
if ($doc_type==0)
return false;
projects / fa-stable.git / commitdiff