Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[4757] trunk
|
From: <dai...@us...> - 2011-11-27 09:16:44
|
Revision: 4757
http://web-erp.svn.sourceforge.net/web-erp/?rev=4757&view=rev
Author: daintree
Date: 2011-11-27 09:16:35 +0000 (Sun, 27 Nov 2011)
Log Message:
-----------
remove DB_escape_string() calls
Modified Paths:
--------------
trunk/ConfirmDispatch_Invoice.php
trunk/CounterSales.php
trunk/Credit_Invoice.php
trunk/DeliveryDetails.php
trunk/GLJournal.php
trunk/GLTags.php
trunk/Locations.php
trunk/MRPDemandTypes.php
trunk/PcAuthorizeExpenses.php
trunk/PcClaimExpensesFromTab.php
trunk/PcExpenses.php
trunk/SalesPeople.php
trunk/SelectCreditItems.php
trunk/Shippers.php
trunk/SpecialOrder.php
trunk/StockAdjustments.php
trunk/StockLocTransferReceive.php
trunk/StockTransfers.php
trunk/Stocks.php
trunk/SupplierContacts.php
trunk/SupplierCredit.php
trunk/Suppliers.php
trunk/TaxAuthorities.php
trunk/WOSerialNos.php
trunk/WWW_Access.php
trunk/WWW_Users.php
trunk/WorkCentres.php
trunk/WorkOrderEntry.php
trunk/WorkOrderIssue.php
trunk/WorkOrderReceive.php
trunk/doc/Change.log
Modified: trunk/ConfirmDispatch_Invoice.php
===================================================================
--- trunk/ConfirmDispatch_Invoice.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/ConfirmDispatch_Invoice.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -1080,7 +1080,7 @@
'" . $OrderLine->DiscountPercent . "',
'" . $OrderLine->StandardCost . "',
'" . ($QtyOnHandPrior - $OrderLine->QtyDispatched) . "',
- '" . DB_escape_string($OrderLine->Narrative) . "' )";
+ '" . $OrderLine->Narrative . "' )";
} else {
// its an assembly or dummy and assemblies/dummies always have nil stock (by definition they are made up at the time of dispatch so new qty on hand will be nil
if (empty($OrderLine->StandardCost)) {
@@ -1113,7 +1113,7 @@
'" . -$OrderLine->QtyDispatched . "',
'" . $OrderLine->DiscountPercent . "',
'" . $OrderLine->StandardCost . "',
- '" . DB_escape_string($OrderLine->Narrative) . "')";
+ '" . $OrderLine->Narrative . "')";
}
@@ -1153,7 +1153,7 @@
$SQL = "UPDATE stockserialitems SET quantity= quantity - " . $Item->BundleQty . "
WHERE stockid='" . $OrderLine->StockID . "'
AND loccode='" . $_SESSION['Items'.$identifier]->Location . "'
- AND serialno='" . DB_escape_string($Item->BundleRef) . "'";
+ AND serialno='" . $Item->BundleRef . "'";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock item record could not be updated because');
$DbgMsg = _('The following SQL to update the serial stock item record was used');
@@ -1167,7 +1167,7 @@
moveqty)
VALUES ('" . $StkMoveNo . "',
'" . $OrderLine->StockID . "',
- '" . DB_escape_string($Item->BundleRef) . "',
+ '" . $Item->BundleRef . "',
'" . -$Item->BundleQty . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock movement record could not be inserted because');
Modified: trunk/CounterSales.php
===================================================================
--- trunk/CounterSales.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/CounterSales.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -1031,12 +1031,12 @@
'" . $OrderNo . "',
'" . $_SESSION['Items'.$identifier]->DebtorNo . "',
'" . $_SESSION['Items'.$identifier]->Branch . "',
- '". DB_escape_string($_SESSION['Items'.$identifier]->CustRef) ."',
- '". DB_escape_string($_SESSION['Items'.$identifier]->Comments) ."',
- '" . Date("Y-m-d H:i") . "',
+ '". $_SESSION['Items'.$identifier]->CustRef ."',
+ '". $_SESSION['Items'.$identifier]->Comments ."',
+ '" . Date('Y-m-d H:i') . "',
'" . $_SESSION['Items'.$identifier]->DefaultSalesType . "',
'" . $_SESSION['Items'.$identifier]->ShipVia . "',
- '". DB_escape_string($_SESSION['Items'.$identifier]->DeliverTo) . "',
+ '". $_SESSION['Items'.$identifier]->DeliverTo . "',
'" . _('Counter Sale') . "',
'" . $_SESSION['Items'.$identifier]->PhoneNo . "',
'" . $_SESSION['Items'.$identifier]->Email . "',
@@ -1071,7 +1071,7 @@
'". $StockItem->Price . "',
'" . $StockItem->Quantity . "',
'" . floatval($StockItem->DiscountPercent) . "',
- '" . DB_escape_string($StockItem->Narrative) . "',
+ '" . $StockItem->Narrative . "',
'" . Date('Y-m-d') . "',
'" . Date('Y-m-d') . "',
'" . $StockItem->Quantity . "',
@@ -1279,13 +1279,13 @@
'" . $DefaultDispatchDate . "',
'" . date('Y-m-d H-i-s') . "',
'" . $PeriodNo . "',
- '" . DB_escape_string($_SESSION['Items'.$identifier]->CustRef) . "',
+ '" . $_SESSION['Items'.$identifier]->CustRef . "',
'" . $_SESSION['Items'.$identifier]->DefaultSalesType . "',
'" . $OrderNo . "',
'" . $_SESSION['Items'.$identifier]->total . "',
'" . filter_number_format($_POST['TaxTotal']) . "',
'" . $ExRate . "',
- '" . DB_escape_string($_SESSION['Items'.$identifier]->Comments) . "',
+ '" . $_SESSION['Items'.$identifier]->Comments . "',
'" . $_SESSION['Items'.$identifier]->ShipVia . "',
'" . ($_SESSION['Items'.$identifier]->total + filter_number_format($_POST['TaxTotal'])) . "')";
@@ -1472,7 +1472,7 @@
'" . $OrderLine->DiscountPercent . "',
'" . $OrderLine->StandardCost . "',
'" . ($QtyOnHandPrior - $OrderLine->Quantity) . "',
- '" . DB_escape_string($OrderLine->Narrative) . "' )";
+ '" . $OrderLine->Narrative . "' )";
} else {
// its an assembly or dummy and assemblies/dummies always have nil stock (by definition they are made up at the time of dispatch so new qty on hand will be nil
if (empty($OrderLine->StandardCost)) {
@@ -1505,7 +1505,7 @@
'" . -$OrderLine->Quantity . "',
'" . $OrderLine->DiscountPercent . "',
'" . $OrderLine->StandardCost . "',
- '" . DB_escape_string($OrderLine->Narrative) . "')";
+ '" . $OrderLine->Narrative . "')";
}
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('Stock movement records could not be inserted because');
Modified: trunk/Credit_Invoice.php
===================================================================
--- trunk/Credit_Invoice.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/Credit_Invoice.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -572,7 +572,7 @@
'" . -$TaxTotal . "',
'" . -$_SESSION['CreditItems']->FreightCost . "',
'" . $_SESSION['CurrencyRate'] . "',
- '" . DB_escape_string($_POST['CreditText']) . "',
+ '" . $_POST['CreditText'] . "',
'" . -$Allocate_amount . "',
'" . $Settled . "')";
@@ -836,7 +836,7 @@
'" . $CreditLine->DiscountPercent . "',
'" . $CreditLine->StandardCost . "',
'" . ($QtyOnHandPrior + $CreditLine->QtyDispatched) . "',
- '" . DB_escape_string($CreditLine->Narrative) . "')";
+ '" . $CreditLine->Narrative . "')";
} else {
$SQL = "INSERT INTO stockmoves (stockid,
@@ -866,7 +866,7 @@
'" . $CreditLine->QtyDispatched . "',
'" . $CreditLine->DiscountPercent . "',
'" . $CreditLine->StandardCost . "',
- '" . DB_escape_string($CreditLine->Narrative) . "')";
+ '" . $CreditLine->Narrative . "')";
}
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('Stock movement records could not be inserted because');
@@ -882,7 +882,7 @@
$SQL = "SELECT quantity from stockserialitems
WHERE stockid='" . $CreditLine->StockID . "'
AND loccode='" . $_SESSION['CreditItems']->Location . "'
- AND serialno='" . DB_escape_string($Item->BundleRef) . "'";
+ AND serialno='" . $Item->BundleRef . "'";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock item record could not be selected because');
$DbgMsg = _('The following SQL to select the serial stock item record was used');
@@ -896,7 +896,7 @@
VALUES
('" . $CreditLine->StockID . "',
'" . $_SESSION['CreditItems']->Location . "',
- '" . DB_escape_string($Item->BundleRef) . "',
+ '" . $Item->BundleRef . "',
'". $Item->BundleQty ."')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock item record could not be updated because');
@@ -908,7 +908,7 @@
SET quantity= quantity + " . $Item->BundleQty . "
WHERE stockid='" . $CreditLine->StockID . "'
AND loccode='" . $_SESSION['CreditItems']->Location . "'
- AND serialno='" . DB_escape_string($Item->BundleRef) . "'";
+ AND serialno='" . $Item->BundleRef . "'";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock item record could not be updated because');
$DbgMsg = _('The following SQL to update the serial stock item record was used');
$Result = DB_query($SQL, $db, $ErrMsg, $DbgMsg, true);
@@ -922,7 +922,7 @@
moveqty)
VALUES ('" . $StkMoveNo . "',
'" . $CreditLine->StockID . "',
- '" . DB_escape_string($Item->BundleRef) . "',
+ '" . $Item->BundleRef . "',
'" . $Item->BundleQty . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock movement record could not be inserted because');
$DbgMsg = _('The following SQL to insert the serial stock movement records was used');
@@ -965,7 +965,7 @@
'" . $CreditLine->DiscountPercent . "',
'" . $CreditLine->StandardCost . "',
'" . ($QtyOnHandPrior + $CreditLine->QtyDispatched) . "',
- '" . DB_escape_string($CreditLine->Narrative) . "')";
+ '" . $CreditLine->Narrative . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('Stock movement records could not be inserted because');
$DbgMsg = _('The following SQL to insert the stock movement records was used');
@@ -1003,7 +1003,7 @@
'" . $CreditLine->StandardCost . "',
0,
'" . $QtyOnHandPrior . "',
- '" . DB_escape_string($CreditLine->Narrative) . "')";
+ '" . $CreditLine->Narrative . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('Stock movement records could not be inserted because');
$DbgMsg = _('The following SQL to insert the stock movement records was used');
@@ -1042,7 +1042,7 @@
'" . $CreditLine->StandardCost . "',
'" . $QtyOnHandPrior . "',
1,
- '" . DB_escape_string($CreditLine->Narrative) . "')";
+ '" . $CreditLine->Narrative . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('Stock movement records could not be inserted because');
Modified: trunk/DeliveryDetails.php
===================================================================
--- trunk/DeliveryDetails.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/DeliveryDetails.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -354,21 +354,21 @@
'". $OrderNo . "',
'" . $_SESSION['Items'.$identifier]->DebtorNo . "',
'" . $_SESSION['Items'.$identifier]->Branch . "',
- '". DB_escape_string($_SESSION['Items'.$identifier]->CustRef) ."',
- '". DB_escape_string($_SESSION['Items'.$identifier]->Comments) ."',
+ '". $_SESSION['Items'.$identifier]->CustRef ."',
+ '". $_SESSION['Items'.$identifier]->Comments ."',
'" . Date('Y-m-d H:i') . "',
'" . $_SESSION['Items'.$identifier]->DefaultSalesType . "',
- '" . DB_escape_string($_POST['ShipVia']) ."',
- '". DB_escape_string($_SESSION['Items'.$identifier]->DeliverTo) . "',
- '" . DB_escape_string($_SESSION['Items'.$identifier]->BuyerName) . "',
- '" . DB_escape_string($_SESSION['Items'.$identifier]->DelAdd1) . "',
- '" . DB_escape_string($_SESSION['Items'.$identifier]->DelAdd2) . "',
- '" . DB_escape_string($_SESSION['Items'.$identifier]->DelAdd3) . "',
- '" . DB_escape_string($_SESSION['Items'.$identifier]->DelAdd4) . "',
- '" . DB_escape_string($_SESSION['Items'.$identifier]->DelAdd5) . "',
- '" . DB_escape_string($_SESSION['Items'.$identifier]->DelAdd6) . "',
- '" . DB_escape_string($_SESSION['Items'.$identifier]->PhoneNo) . "',
- '" . DB_escape_string($_SESSION['Items'.$identifier]->Email) . "',
+ '" . $_POST['ShipVia'] ."',
+ '". $_SESSION['Items'.$identifier]->DeliverTo . "',
+ '" . $_SESSION['Items'.$identifier]->BuyerName . "',
+ '" . $_SESSION['Items'.$identifier]->DelAdd1 . "',
+ '" . $_SESSION['Items'.$identifier]->DelAdd2 . "',
+ '" . $_SESSION['Items'.$identifier]->DelAdd3 . "',
+ '" . $_SESSION['Items'.$identifier]->DelAdd4 . "',
+ '" . $_SESSION['Items'.$identifier]->DelAdd5 . "',
+ '" . $_SESSION['Items'.$identifier]->DelAdd6 . "',
+ '" . $_SESSION['Items'.$identifier]->PhoneNo . "',
+ '" . $_SESSION['Items'.$identifier]->Email . "',
'" . $_SESSION['Items'.$identifier]->FreightCost ."',
'" . $_SESSION['Items'.$identifier]->Location ."',
'" . $DelDate . "',
@@ -403,7 +403,7 @@
'" . $StockItem->Price . "',
'" . $StockItem->Quantity . "',
'" . floatval($StockItem->DiscountPercent) . "',
- '" . DB_escape_string($StockItem->Narrative) . "',
+ '" . $StockItem->Narrative . "',
'" . $StockItem->POLine . "',
'" . FormatDateForSQL($StockItem->ItemDue) . "'
)";
@@ -712,23 +712,23 @@
$HeaderSQL = "UPDATE salesorders SET debtorno = '" . $_SESSION['Items'.$identifier]->DebtorNo . "',
branchcode = '" . $_SESSION['Items'.$identifier]->Branch . "',
- customerref = '". DB_escape_string($_SESSION['Items'.$identifier]->CustRef) ."',
- comments = '". DB_escape_string($_SESSION['Items'.$identifier]->Comments) ."',
+ customerref = '". $_SESSION['Items'.$identifier]->CustRef ."',
+ comments = '". $_SESSION['Items'.$identifier]->Comments ."',
ordertype = '" . $_SESSION['Items'.$identifier]->DefaultSalesType . "',
shipvia = '" . $_POST['ShipVia'] . "',
- deliverydate = '" . FormatDateForSQL(DB_escape_string($_SESSION['Items'.$identifier]->DeliveryDate)) . "',
- quotedate = '" . FormatDateForSQL(DB_escape_string($_SESSION['Items'.$identifier]->QuoteDate)) . "',
- confirmeddate = '" . FormatDateForSQL(DB_escape_string($_SESSION['Items'.$identifier]->ConfirmedDate)) . "',
- deliverto = '" . DB_escape_string($_SESSION['Items'.$identifier]->DeliverTo) . "',
- buyername = '" . DB_escape_string($_SESSION['Items'.$identifier]->BuyerName) . "',
- deladd1 = '" . DB_escape_string($_SESSION['Items'.$identifier]->DelAdd1) . "',
- deladd2 = '" . DB_escape_string($_SESSION['Items'.$identifier]->DelAdd2) . "',
- deladd3 = '" . DB_escape_string($_SESSION['Items'.$identifier]->DelAdd3) . "',
- deladd4 = '" . DB_escape_string($_SESSION['Items'.$identifier]->DelAdd4) . "',
- deladd5 = '" . DB_escape_string($_SESSION['Items'.$identifier]->DelAdd5) . "',
- deladd6 = '" . DB_escape_string($_SESSION['Items'.$identifier]->DelAdd6) . "',
- contactphone = '" . DB_escape_string($_SESSION['Items'.$identifier]->PhoneNo) . "',
- contactemail = '" . DB_escape_string($_SESSION['Items'.$identifier]->Email) . "',
+ deliverydate = '" . FormatDateForSQL($_SESSION['Items'.$identifier]->DeliveryDate) . "',
+ quotedate = '" . FormatDateForSQL($_SESSION['Items'.$identifier]->QuoteDate) . "',
+ confirmeddate = '" . FormatDateForSQL($_SESSION['Items'.$identifier]->ConfirmedDate) . "',
+ deliverto = '" . $_SESSION['Items'.$identifier]->DeliverTo . "',
+ buyername = '" . $_SESSION['Items'.$identifier]->BuyerName . "',
+ deladd1 = '" . $_SESSION['Items'.$identifier]->DelAdd1 . "',
+ deladd2 = '" . $_SESSION['Items'.$identifier]->DelAdd2 . "',
+ deladd3 = '" . $_SESSION['Items'.$identifier]->DelAdd3 . "',
+ deladd4 = '" . $_SESSION['Items'.$identifier]->DelAdd4 . "',
+ deladd5 = '" . $_SESSION['Items'.$identifier]->DelAdd5 . "',
+ deladd6 = '" . $_SESSION['Items'.$identifier]->DelAdd6 . "',
+ contactphone = '" . $_SESSION['Items'.$identifier]->PhoneNo . "',
+ contactemail = '" . $_SESSION['Items'.$identifier]->Email . "',
freightcost = '" . $_SESSION['Items'.$identifier]->FreightCost ."',
fromstkloc = '" . $_SESSION['Items'.$identifier]->Location ."',
printedpackingslip = '" . $_POST['ReprintPackingSlip'] . "',
Modified: trunk/GLJournal.php
===================================================================
--- trunk/GLJournal.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/GLJournal.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -76,7 +76,7 @@
'" . FormatDateForSQL($_SESSION['JournalDetail']->JnlDate) . "',
'" . $PeriodNo . "',
'" . $JournalItem->GLCode . "',
- '" . DB_escape_string($JournalItem->Narrative) . "',
+ '" . $JournalItem->Narrative . "',
'" . $JournalItem->Amount . "',
'" . $JournalItem->tag."'
)";
@@ -98,7 +98,7 @@
'" . FormatDateForSQL($_SESSION['JournalDetail']->JnlDate) . "',
'" . ($PeriodNo + 1) . "',
'" . $JournalItem->GLCode . "',
- '" . _('Reversal') . " - " . DB_escape_string($JournalItem->Narrative) . "',
+ '" . _('Reversal') . " - " . $JournalItem->Narrative . "',
'" . -($JournalItem->Amount) ."',
'".$JournalItem->tag."'
)";
@@ -111,7 +111,7 @@
$ErrMsg = _('Cannot commit the changes');
- $result= DB_Txn_Begin($db);
+ $result= DB_Txn_Commit($db);
prnMsg(_('Journal').' ' . $TransNo . ' '._('has been successfully entered'),'success');
Modified: trunk/GLTags.php
===================================================================
--- trunk/GLTags.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/GLTags.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -37,12 +37,12 @@
}
if (isset($_POST['submit'])) {
- $sql = "INSERT INTO tags values(NULL, '" . DB_escape_string($_POST['Description']) . "')";
+ $sql = "INSERT INTO tags values(NULL, '" . $_POST['Description'] . "')";
$result= DB_query($sql,$db);
}
if (isset($_POST['update'])) {
- $sql = "UPDATE tags SET tagdescription='".DB_escape_string($_POST['Description']). "'
+ $sql = "UPDATE tags SET tagdescription='" . $_POST['Description'] . "'
WHERE tagref='".$_POST['reference']."'";
$result= DB_query($sql,$db);
}
Modified: trunk/Locations.php
===================================================================
--- trunk/Locations.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/Locations.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -55,17 +55,17 @@
}
$sql = "UPDATE locations SET loccode='" . $_POST['LocCode'] . "',
- locationname='" . DB_escape_string($_POST['LocationName']) . "',
- deladd1='" . DB_escape_string($_POST['DelAdd1']) . "',
- deladd2='" . DB_escape_string($_POST['DelAdd2']) . "',
- deladd3='" . DB_escape_string($_POST['DelAdd3']) . "',
- deladd4='" . DB_escape_string($_POST['DelAdd4']) . "',
- deladd5='" . DB_escape_string($_POST['DelAdd5']) . "',
- deladd6='" . DB_escape_string($_POST['DelAdd6']) . "',
- tel='" . DB_escape_string($_POST['Tel']) . "',
- fax='" . DB_escape_string($_POST['Fax']) . "',
- email='" . DB_escape_string($_POST['Email']) . "',
- contact='" . DB_escape_string($_POST['Contact']) . "',
+ locationname='" . $_POST['LocationName'] . "',
+ deladd1='" . $_POST['DelAdd1'] . "',
+ deladd2='" . $_POST['DelAdd2'] . "',
+ deladd3='" . $_POST['DelAdd3'] . "',
+ deladd4='" . $_POST['DelAdd4'] . "',
+ deladd5='" . $_POST['DelAdd5'] . "',
+ deladd6='" . $_POST['DelAdd6'] . "',
+ tel='" . $_POST['Tel'] . "',
+ fax='" . $_POST['Fax'] . "',
+ email='" . $_POST['Email'] . "',
+ contact='" . $_POST['Contact'] . "',
taxprovinceid = '" . $_POST['TaxProvince'] . "',
cashsalecustomer ='" . $_POST['CashSaleCustomer'] . "',
cashsalebranch ='" . $_POST['CashSaleBranch'] . "',
@@ -124,18 +124,18 @@
cashsalecustomer,
cashsalebranch,
managed )
- VALUES ('" . DB_escape_string($_POST['LocCode']) . "',
- '" . DB_escape_string($_POST['LocationName']) . "',
- '" . DB_escape_string($_POST['DelAdd1']) ."',
- '" . DB_escape_string($_POST['DelAdd2']) ."',
- '" . DB_escape_string($_POST['DelAdd3']) . "',
- '" . DB_escape_string($_POST['DelAdd4']) . "',
- '" . DB_escape_string($_POST['DelAdd5']) . "',
- '" . DB_escape_string($_POST['DelAdd6']) . "',
- '" . DB_escape_string($_POST['Tel']) . "',
- '" . DB_escape_string($_POST['Fax']) . "',
- '" . DB_escape_string($_POST['Email']) . "',
- '" . DB_escape_string($_POST['Contact']) . "',
+ VALUES ('" . $_POST['LocCode'] . "',
+ '" . $_POST['LocationName'] . "',
+ '" . $_POST['DelAdd1'] ."',
+ '" . $_POST['DelAdd2'] ."',
+ '" . $_POST['DelAdd3'] . "',
+ '" . $_POST['DelAdd4'] . "',
+ '" . $_POST['DelAdd5'] . "',
+ '" . $_POST['DelAdd6'] . "',
+ '" . $_POST['Tel'] . "',
+ '" . $_POST['Fax'] . "',
+ '" . $_POST['Email'] . "',
+ '" . $_POST['Contact'] . "',
'" . $_POST['TaxProvince'] . "',
'" . $_POST['CashSaleCustomer'] . "',
'" . $_POST['CashSaleBranch'] . "',
Modified: trunk/MRPDemandTypes.php
===================================================================
--- trunk/MRPDemandTypes.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/MRPDemandTypes.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -58,7 +58,7 @@
$sql = "INSERT INTO mrpdemandtypes (mrpdemandtype,
description)
VALUES ('" . trim(mb_strtoupper($_POST['MRPDemandType'])) . "',
- '" . DB_escape_string($_POST['Description']) . "'
+ '" . $_POST['Description'] . "'
)";
$msg = _('The new demand type has been added to the database');
}
Modified: trunk/PcAuthorizeExpenses.php
===================================================================
--- trunk/PcAuthorizeExpenses.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/PcAuthorizeExpenses.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -135,7 +135,7 @@
$typeno = GetNextTransNo($type,$db);
//build narrative
- $narrative= _('PettyCash') . ' - '.$myrow['tabcode'] . ' - ' . $myrow['codeexpense'] . ' - ' . $myrow['notes'] . ' - ' . $myrow['receipt'];
+ $Narrative= _('PettyCash') . ' - '. $myrow['tabcode'] . ' - ' . $myrow['codeexpense'] . ' - ' . DB_escape_string($myrow['notes']) . ' - ' . $myrow['receipt'];
//insert to gltrans
DB_Txn_Begin($db);
@@ -158,7 +158,7 @@
'".$myrow['date']."',
'".$PeriodNo."',
'".$AccountFrom."',
- '". DB_escape_string($narrative) ."',
+ '". $Narrative ."',
'".-$Amount."',
0,
'',
@@ -185,7 +185,7 @@
'".$myrow['date']."',
'".$PeriodNo."',
'".$AccountTo."',
- '" . DB_escape_string($narrative) . "',
+ '" . $Narrative . "',
'".$Amount."',
0,
'',
@@ -209,7 +209,7 @@
VALUES ('". $ReceiptTransNo . "',
1,
'" . $AccountFrom . "',
- '" . DB_escape_string($narrative) . "',
+ '" . $Narrative . "',
1,
'" . $myrow['rate'] . "',
'" . $myrow['date'] . "',
Modified: trunk/PcClaimExpensesFromTab.php
===================================================================
--- trunk/PcClaimExpensesFromTab.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/PcClaimExpensesFromTab.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -72,8 +72,8 @@
SET date = '".FormatDateForSQL($_POST['Date'])."',
codeexpense = '" . $_POST['SelectedExpense'] . "',
amount = '" .-filter_number_format($_POST['amount']) . "',
- notes = '" . DB_escape_string($_POST['Notes']) . "',
- receipt = '" . DB_escape_string($_POST['Receipt']) . "'
+ notes = '" . $_POST['Notes'] . "',
+ receipt = '" . $_POST['Receipt'] . "'
WHERE counterindex = '".$SelectedIndex."'";
$msg = _('The Expense Claim on Tab') . ' ' . $SelectedTabs . ' ' . _('has been updated');
@@ -98,8 +98,8 @@
'" . -filter_number_format($_POST['amount']) . "',
'',
'',
- '" . DB_escape_string($_POST['Notes']) . "',
- '" . DB_escape_string($_POST['Receipt']) . "'
+ '" . $_POST['Notes'] . "',
+ '" . $_POST['Receipt'] . "'
)";
$msg = _('The Expense Claim on Tab') . ' ' . $_POST['SelectedTabs'] . ' ' . _('has been created');
Modified: trunk/PcExpenses.php
===================================================================
--- trunk/PcExpenses.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/PcExpenses.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -87,7 +87,7 @@
if (isset($SelectedExpense) AND $InputError !=1) {
$sql = "UPDATE pcexpenses
- SET description = '" . DB_escape_string($_POST['Description']) . "',
+ SET description = '" . $_POST['Description'] . "',
glaccount = '" . $_POST['GLAccount'] . "',
tag = '" . $_POST['Tag'] . "'
WHERE codeexpense = '" . $SelectedExpense . "'";
@@ -117,7 +117,7 @@
glaccount,
tag)
VALUES ('" . $_POST['CodeExpense'] . "',
- '" . DB_escape_string($_POST['Description']) . "',
+ '" . $_POST['Description'] . "',
'" . $_POST['GLAccount'] . "',
'" . $_POST['Tag'] . "')";
Modified: trunk/SalesPeople.php
===================================================================
--- trunk/SalesPeople.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/SalesPeople.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -85,10 +85,10 @@
/*SelectedSalesPerson could also exist if submit had not been clicked this code would not run in this case cos submit is false of course see the delete code below*/
- $sql = "UPDATE salesman SET salesmanname='" . DB_escape_string($_POST['SalesmanName']) . "',
+ $sql = "UPDATE salesman SET salesmanname='" . $_POST['SalesmanName'] . "',
commissionrate1='" . filter_number_format($_POST['CommissionRate1']) . "',
- smantel='" . DB_escape_string($_POST['SManTel']) . "',
- smanfax='" . DB_escape_string($_POST['SManFax']) . "',
+ smantel='" . $_POST['SManTel'] . "',
+ smanfax='" . $_POST['SManFax'] . "',
breakpoint='" . filter_number_format($_POST['Breakpoint']) . "',
commissionrate2='" . filter_number_format($_POST['CommissionRate2']) . "',
current='" . $_POST['Current'] . "'
@@ -107,13 +107,13 @@
smantel,
smanfax,
current)
- VALUES ('" . DB_escape_string($_POST['SalesmanCode']) . "',
- '" . DB_escape_string($_POST['SalesmanName']) . "',
+ VALUES ('" . $_POST['SalesmanCode'] . "',
+ '" . $_POST['SalesmanName'] . "',
'" . filter_number_format($_POST['CommissionRate1']) . "',
'" . filter_number_format($_POST['CommissionRate2']) . "',
'" . filter_number_format($_POST['Breakpoint']) . "',
- '" . DB_escape_string($_POST['SManTel']) . "',
- '" . DB_escape_string($_POST['SManFax']) . "',
+ '" . $_POST['SManTel'] . "',
+ '" . $_POST['SManFax'] . "',
'" . $_POST['Current'] . "'
)";
@@ -280,7 +280,7 @@
$_POST['SManTel'] = $myrow['smantel'];
$_POST['SManFax'] = $myrow['smanfax'];
$_POST['CommissionRate1'] = locale_number_format($myrow['commissionrate1'],'Variable');
- $_POST['Breakpoint'] = locale_number_format($myrow['breakpoint'],'Variable');
+ $_POST['Breakpoint'] = locale_number_format($myrow['breakpoint'],$_SESSION['CompanyRecord']['decimalplaces']);
$_POST['CommissionRate2'] = locale_number_format($myrow['commissionrate2'],'Variable');
$_POST['Current'] = $myrow['current'];
@@ -290,14 +290,15 @@
echo '<table class="selection">
<tr>
<td>' . _('Salesperson code') . ':</td>
- <td>' . $_POST['SalesmanCode'] . '</td></tr>';
+ <td>' . $_POST['SalesmanCode'] . '</td>
+ </tr>';
} else { //end of if $SelectedSalesPerson only do the else when a new record is being entered
echo '<table class="selection">
<tr>
<td>' . _('Salesperson code') . ':</td>
- <td><input type="text" '. (in_array('SalesmanCode',$Errors) ? 'class="inputerror"' : '' ) .' name="SalesmanCode" size=3 maxlength=3></td>
+ <td><input type="text" '. (in_array('SalesmanCode',$Errors) ? 'class="inputerror"' : '' ) .' name="SalesmanCode" size="3" maxlength="3" /></td>
</tr>';
}
if (!isset($_POST['SalesmanName'])){
@@ -324,27 +325,27 @@
echo '<tr>
<td>' . _('Salesperson Name') . ':</td>
- <td><input type="text" '. (in_array('SalesmanName',$Errors) ? 'class="inputerror"' : '' ) .' name="SalesmanName" size=30 maxlength=30 value="' . $_POST['SalesmanName'] . '"></td>
+ <td><input type="text" '. (in_array('SalesmanName',$Errors) ? 'class="inputerror"' : '' ) .' name="SalesmanName" size="30" maxlength="30" value="' . $_POST['SalesmanName'] . '" /></td>
</tr>';
echo '<tr>
<td>' . _('Telephone No') . ':</td>
- <td><input type="text" name="SManTel" size=20 maxlength=20 value="' . $_POST['SManTel'] . '"></td>
+ <td><input type="text" name="SManTel" size="20" maxlength="20" value="' . $_POST['SManTel'] . '" /></td>
</tr>';
echo '<tr>
<td>' . _('Facsimile No') . ':</td>
- <td><input type="text" name="SManFax" size=20 maxlength=20 value="' . $_POST['SManFax'] . '"></td>
+ <td><input type="text" name="SManFax" size="20" maxlength="20" value="' . $_POST['SManFax'] . '" /></td>
</tr>';
echo '<tr>
<td>' . _('Commission Rate 1') . ':</td>
- <td><input type="text" class="number" name="CommissionRate1" size="5" maxlength="5" value="' . $_POST['CommissionRate1'] . '"></td>
+ <td><input type="text" class="number" name="CommissionRate1" size="5" maxlength="5" value="' . $_POST['CommissionRate1'] . '" /></td>
</tr>';
echo '<tr>
<td>' . _('Breakpoint') . ':</td>
- <td><input type="text" class="number" name="Breakpoint" size="6" maxlength="6" value="' . $_POST['Breakpoint'] . '"></td>
+ <td><input type="text" class="number" name="Breakpoint" size="6" maxlength="6" value="' . $_POST['Breakpoint'] . '" /></td>
</tr>';
echo '<tr>
<td>' . _('Commission Rate 2') . ':</td>
- <td><input type="text" class="number" name="CommissionRate2" size="5" maxlength="5" value="' . $_POST['CommissionRate2']. '"></td>
+ <td><input type="text" class="number" name="CommissionRate2" size="5" maxlength="5" value="' . $_POST['CommissionRate2']. '" /></td>
</tr>';
echo '<tr>
Modified: trunk/SelectCreditItems.php
===================================================================
--- trunk/SelectCreditItems.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/SelectCreditItems.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -1120,7 +1120,7 @@
'" . -$TaxTotal . "',
'" . -$_SESSION['CreditItems'.$identifier]->FreightCost . "',
'" . $_SESSION['CurrencyRate'] . "',
- '" . DB_escape_string($_POST['CreditText']) . "'
+ '" . $_POST['CreditText'] . "'
)";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The customer credit note transaction could not be added to the database because');
@@ -1200,7 +1200,7 @@
'" . $_SESSION['CreditItems'.$identifier]->Branch . "',
'" . $LocalCurrencyPrice . "',
'" . $PeriodNo . "',
- '" . DB_escape_string($_POST['CreditText']) . "',
+ '" . $_POST['CreditText'] . "',
'" . $CreditLine->Quantity . "',
'" . $CreditLine->DiscountPercent . "',
'" . $CreditLine->StandardCost . "',
@@ -1243,7 +1243,7 @@
'" . $CreditLine->Quantity . "',
'" . $CreditLine->DiscountPercent . "',
'" . $CreditLine->StandardCost . "',
- '" . DB_escape_string($_POST['CreditText']) . "',
+ '" . $_POST['CreditText'] . "',
'" . ($QtyOnHandPrior + $CreditLine->Quantity) . "',
'" . $CreditLine->Narrative . "'
)";
@@ -1276,7 +1276,7 @@
'" . $CreditLine->Quantity . "',
'" . $CreditLine->DiscountPercent . "',
'" . $CreditLine->StandardCost . "',
- '" . DB_escape_string($_POST['CreditText']) . "',
+ '" . $_POST['CreditText'] . "',
'" . $CreditLine->Narrative . "'
)";
}
@@ -1513,7 +1513,7 @@
'" . -$CreditLine->Quantity . "',
'" . $CreditLine->DiscountPercent . "',
'" . $CreditLine->StandardCost . "',
- '" . DB_escape_string($_POST['CreditText']) . "',
+ '" . $_POST['CreditText'] . "',
0,
'" . $QtyOnHandPrior . "',
'" . $CreditLine->Narrative . "'
@@ -1548,7 +1548,7 @@
'" . -$CreditLine->Quantity . "',
'" . $CreditLine->DiscountPercent . "',
'" . $CreditLine->StandardCost . "',
- '" . DB_escape_string($_POST['CreditText']) . "',
+ '" . $_POST['CreditText'] . "',
0)";
}
Modified: trunk/Shippers.php
===================================================================
--- trunk/Shippers.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/Shippers.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -1,8 +1,6 @@
<?php
/* $Id$*/
-//$PageSecurity = 15;
-
include('includes/session.inc');
$title = _('Shipping Company Maintenance');
include('includes/header.inc');
@@ -48,13 +46,14 @@
would not run in this case cos submit is false of course see the
delete code below*/
- $sql = "UPDATE shippers SET shippername='" . DB_escape_string($_POST['ShipperName']) . "' WHERE shipper_id = '".$SelectedShipper."'";
+ $sql = "UPDATE shippers SET shippername='" . $_POST['ShipperName'] . "'
+ WHERE shipper_id = '".$SelectedShipper."'";
$msg = _('The shipper record has been updated');
} elseif ($InputError !=1) {
/*SelectedShipper is null cos no item selected on first time round so must be adding a record must be submitting new entries in the new Shipper form */
- $sql = "INSERT INTO shippers (shippername) VALUES ('" . DB_escape_string($_POST['ShipperName']) . "')";
+ $sql = "INSERT INTO shippers (shippername) VALUES ('" . $_POST['ShipperName'] . "')";
$msg = _('The shipper record has been added');
}
Modified: trunk/SpecialOrder.php
===================================================================
--- trunk/SpecialOrder.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/SpecialOrder.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -359,11 +359,11 @@
revised,
deliverydate)
VALUES ('" . $_SESSION['SPL']->SupplierID . "',
- '" . DB_escape_string($_SESSION['SPL']->Comments) . "',
+ '" . $_SESSION['SPL']->Comments . "',
'" . Date('Y-m-d') . "',
'" . $_SESSION['SPL']->SuppCurrExRate . "',
- '" . DB_escape_string($_SESSION['SPL']->Initiator) . "',
- '" . DB_escape_string($_SESSION['SPL']->QuotationRef) . "',
+ '" . $_SESSION['SPL']->Initiator . "',
+ '" . $_SESSION['SPL']->QuotationRef . "',
'" . $_SESSION['SPL']->StkLocation . "',
'" . DB_escape_string($StkLocAddress['deladd1']) . "',
'" . DB_escape_string($StkLocAddress['deladd2']) . "',
@@ -373,7 +373,7 @@
'" . DB_escape_string($StkLocAddress['deladd6']) . "',
'" . DB_escape_string($StkLocAddress['contact']) . "',
'" . $_SESSION['SPL']->Status . "',
- '" . DB_escape_string($StatusComment) . "',
+ '" . $StatusComment . "',
'" . $_SESSION['SPL']->AllowPrintPO . "',
'" . Date('Y-m-d') . "',
'" . Date('Y-m-d') . "')";
@@ -417,10 +417,10 @@
description,
longdescription,
materialcost)
- VALUES ('" . DB_escape_string($PartCode) . "',
+ VALUES ('" . $PartCode . "',
'" . $SPLLine->StkCat . "',
- '" . DB_escape_string($SPLLine->ItemDescription) . "',
- '" . DB_escape_string($SPLLine->ItemDescription) . "',
+ '" . $SPLLine->ItemDescription . "',
+ '" . $SPLLine->ItemDescription . "',
'" . $SPLLine->Cost . "')";
@@ -430,7 +430,7 @@
$result =DB_query($sql,$db,$ErrMsg,$DbgMsg,true);
$sql = "INSERT INTO locstock (loccode, stockid)
- SELECT loccode,'" . DB_escape_string($PartCode) . "' FROM locations";
+ SELECT loccode,'" . $PartCode . "' FROM locations";
$ErrMsg = _('The item stock locations for the special order line') . " " . $SPLLine->LineNo . " " ._('could not be created because');
$DbgMsg = _('The SQL statement used to insert the location stock records and failed was');
$result =DB_query($sql,$db,$ErrMsg,$DbgMsg,true);
@@ -455,9 +455,9 @@
quantityord)
VALUES ('";
$sql = $sql . $_SESSION['SPL']->PurchOrderNo . "',
- '" . DB_escape_string($PartCode) . "',
+ '" . $PartCode . "',
'" . $OrderDate . "',
- '" . DB_escape_string($SPLLine->ItemDescription) . "',
+ '" . $SPLLine->ItemDescription . "',
'" . $GLCode . "',
'" . $SPLLine->Cost . "',
'" . $SPLLine->Quantity . "')";
@@ -517,7 +517,7 @@
VALUES ('" . $OrderNo."',
'" . $_SESSION['SPL']->CustomerID . "',
'" . $_SESSION['SPL']->BranchCode . "',
- '" . DB_escape_string($_SESSION['SPL']->CustRef) ."',
+ '" . $_SESSION['SPL']->CustRef ."',
'" . Date('Y-m-d') . "',
'" . $BranchDetails['salestype'] . "',
'" . $BranchDetails['defaultshipvia'] ."',
@@ -548,7 +548,7 @@
foreach ($_SESSION['SPL']->LineItems as $StockItem) {
$LineItemsSQL = $StartOf_LineItemsSQL . ",
- '" . DB_escape_string($StockItem->PartCode) . "',
+ '" . $StockItem->PartCode . "',
'". $StockItem->Price . "',
'" . $StockItem->Quantity . "',
'" . $StockItem->LineNo . "')";
Modified: trunk/StockAdjustments.php
===================================================================
--- trunk/StockAdjustments.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/StockAdjustments.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -168,7 +168,7 @@
'" . $_SESSION['Adjustment']->StockLocation . "',
'" . $SQLAdjustmentDate . "',
'" . $PeriodNo . "',
- '" . DB_escape_string($_SESSION['Adjustment']->Narrative) ."',
+ '" . $_SESSION['Adjustment']->Narrative ."',
'" . $_SESSION['Adjustment']->Quantity . "',
'" . ($QtyOnHandPrior + $_SESSION['Adjustment']->Quantity) . "'
)";
Modified: trunk/StockLocTransferReceive.php
===================================================================
--- trunk/StockLocTransferReceive.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/StockLocTransferReceive.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -119,7 +119,7 @@
WHERE
stockid='" . $TrfLine->StockID . "'
AND loccode='" . $_SESSION['Transfer']->StockLocationFrom . "'
- AND serialno='" . DB_escape_string($Item->BundleRef) . "'";
+ AND serialno='" . $Item->BundleRef . "'";
$Result = DB_query($SQL,$db,'<br />' . _('Could not determine if the serial item exists') );
$SerialItemExistsRow = DB_fetch_row($Result);
@@ -131,7 +131,7 @@
WHERE
stockid='" . $TrfLine->StockID . "'
AND loccode='" . $_SESSION['Transfer']->StockLocationFrom . "'
- AND serialno='" . DB_escape_string($Item->BundleRef) . "'";
+ AND serialno='" . $Item->BundleRef . "'";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock item record could not be updated because');
$DbgMsg = _('The following SQL to update the serial stock item record was used');
@@ -144,7 +144,7 @@
quantity)
VALUES ('" . $TrfLine->StockID . "',
'" . $_SESSION['Transfer']->StockLocationFrom . "',
- '" . DB_escape_string($Item->BundleRef) . "',
+ '" . $Item->BundleRef . "',
'" . -$Item->BundleQty . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock item for the stock being transferred out of the existing location could not be inserted because');
@@ -163,7 +163,7 @@
) VALUES (
'" . $StkMoveNo . "',
'" . $TrfLine->StockID . "',
- '" . DB_escape_string($Item->BundleRef) . "',
+ '" . $Item->BundleRef . "',
'" . -$Item->BundleQty . "'
)";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock movement record could not be inserted because');
@@ -232,7 +232,7 @@
WHERE
stockid='" . $TrfLine->StockID . "'
AND loccode='" . $_SESSION['Transfer']->StockLocationTo . "'
- AND serialno='" . DB_escape_string($Item->BundleRef) . "'";
+ AND serialno='" . $Item->BundleRef . "'";
$Result = DB_query($SQL,$db,'<br />'. _('Could not determine if the serial item exists') );
$SerialItemExistsRow = DB_fetch_row($Result);
@@ -245,7 +245,7 @@
WHERE
stockid='" . $TrfLine->StockID . "'
AND loccode='" . $_SESSION['Transfer']->StockLocationTo . "'
- AND serialno='" . DB_escape_string($Item->BundleRef) . "'";
+ AND serialno='" . $Item->BundleRef . "'";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock item record could not be updated for the quantity coming in because');
$DbgMsg = _('The following SQL to update the serial stock item record was used');
@@ -258,7 +258,7 @@
quantity)
VALUES ('" . $TrfLine->StockID . "',
'" . $_SESSION['Transfer']->StockLocationTo . "',
- '" . DB_escape_string($Item->BundleRef) . "',
+ '" . $Item->BundleRef . "',
'" . $Item->BundleQty . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock item record for the stock coming in could not be added because');
@@ -276,7 +276,7 @@
moveqty)
VALUES (" . $StkMoveNo . ",
'" . $TrfLine->StockID . "',
- '" . DB_escape_string($Item->BundleRef) . "',
+ '" . $Item->BundleRef . "',
'" . $Item->BundleQty . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock movement record could not be inserted because');
$DbgMsg = _('The following SQL to insert the serial stock movement records was used');
Modified: trunk/StockTransfers.php
===================================================================
--- trunk/StockTransfers.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/StockTransfers.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -259,7 +259,7 @@
expirationdate='" . FormatDateForSQL($Item->ExpiryDate) . "'
WHERE stockid='" . $_SESSION['Transfer']->TransferItem[0]->StockID . "'
AND loccode='" . $_SESSION['Transfer']->StockLocationFrom . "'
- AND serialno='" . DB_escape_string($Item->BundleRef) . "'";
+ AND serialno='" . $Item->BundleRef . "'";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock item record could not be updated because');
$DbgMsg = _('The following SQL to update the serial stock item record was used');
@@ -273,7 +273,7 @@
quantity)
VALUES ('" . $_SESSION['Transfer']->TransferItem[0]->StockID . "',
'" . $_SESSION['Transfer']->StockLocationFrom . "',
- '" . DB_escape_string($Item->BundleRef) . "',
+ '" . $Item->BundleRef . "',
'" . FormatDateForSQL($Item->ExpiryDate) . "',
'" . -$Item->BundleQty . "')";
@@ -293,7 +293,7 @@
VALUES (
'" . $StkMoveNo . "',
'" . $_SESSION['Transfer']->TransferItem[0]->StockID . "',
- '" . DB_escape_string($Item->BundleRef) . "',
+ '" . $Item->BundleRef . "',
'" . $Item->BundleQty . "'
)";
@@ -372,7 +372,7 @@
expirationdate='" . FormatDateForSQL($Item->ExpiryDate) . "'
WHERE stockid='" . $_SESSION['Transfer']->TransferItem[0]->StockID . "'
AND loccode='" . $_SESSION['Transfer']->StockLocationTo . "'
- AND serialno='" . DB_escape_string($Item->BundleRef) . "'";
+ AND serialno='" . $Item->BundleRef . "'";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock item record could not be updated because');
$DbgMsg = _('The following SQL to update the serial stock item record was used');
@@ -386,7 +386,7 @@
quantity)
VALUES ('" . $_SESSION['Transfer']->TransferItem[0]->StockID . "',
'" . $_SESSION['Transfer']->StockLocationTo . "',
- '" . DB_escape_string($Item->BundleRef) . "',
+ '" . $Item->BundleRef . "',
'" . FormatDateForSQL($Item->ExpiryDate) . "',
'" . $Item->BundleQty . "')";
@@ -404,7 +404,7 @@
moveqty)
VALUES ('" . $StkMoveNo . "',
'" . $_SESSION['Transfer']->TransferItem[0]->StockID . "',
- '" . DB_escape_string($Item->BundleRef) . "',
+ '" . $Item->BundleRef . "',
'" . $Item->BundleQty . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The serial stock movement record could not be inserted because');
$DbgMsg = _('The following SQL to insert the serial stock movement records was used');
Modified: trunk/Stocks.php
===================================================================
--- trunk/Stocks.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/Stocks.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -390,13 +390,13 @@
if ($_POST['PropNumeric' .$i]==1){
$_POST['PropValue' . $i]=filter_number_format($_POST['PropValue' . $i]);
} else {
- $_POST['PropValue' . $i]=DB_escape_string($_POST['PropValue' . $i]);
+ $_POST['PropValue' . $i]=$_POST['PropValue' . $i];
}
$result = DB_query("INSERT INTO stockitemproperties (stockid,
stkcatpropid,
value)
VALUES ('" . $StockID . "',
- '" . DB_escape_string($_POST['PropID' . $i]) . "',
+ '" . $_POST['PropID' . $i] . "',
'" . $_POST['PropValue' . $i] . "')",
$db,$ErrMsg,$DbgMsg,true);
} //end of loop around properties defined for the category
Modified: trunk/SupplierContacts.php
===================================================================
--- trunk/SupplierContacts.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/SupplierContacts.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -59,11 +59,11 @@
/*SelectedContact could also exist if submit had not been clicked this code would not run in this case 'cos submit is false of course see the delete code below*/
- $sql = "UPDATE suppliercontacts SET position='" . DB_escape_string($_POST['Position']) . "',
- tel='" . DB_escape_string($_POST['Tel']) . "',
- fax='" . DB_escape_string($_POST['Fax']) . "',
- email='" . DB_escape_string($_POST['Email']) . "',
- mobile = '". DB_escape_string($_POST['Mobile']) . "'
+ $sql = "UPDATE suppliercontacts SET position='" . $_POST['Position'] . "',
+ tel='" . $_POST['Tel'] . "',
+ fax='" . $_POST['Fax'] . "',
+ email='" . $_POST['Email'] . "',
+ mobile = '". $_POST['Mobile'] . "'
WHERE contact='".$SelectedContact."'
AND supplierid='".$SupplierID."'";
@@ -81,12 +81,12 @@
email,
mobile)
VALUES ('" . $SupplierID . "',
- '" . DB_escape_string($_POST['Contact']) . "',
- '" . DB_escape_string($_POST['Position']) . "',
- '" . DB_escape_string($_POST['Tel']) . "',
- '" . DB_escape_string($_POST['Fax']) . "',
- '" . DB_escape_string($_POST['Email']) . "',
- '" . DB_escape_string($_POST['Mobile']) . "')";
+ '" . $_POST['Contact'] . "',
+ '" . $_POST['Position'] . "',
+ '" . $_POST['Tel'] . "',
+ '" . $_POST['Fax'] . "',
+ '" . $_POST['Email'] . "',
+ '" . $_POST['Mobile'] . "')";
$msg = _('The new supplier contact has been added to the database');
}
Modified: trunk/SupplierCredit.php
===================================================================
--- trunk/SupplierCredit.php 2011-11-27 02:36:47 UTC (rev 4756)
+++ trunk/SupplierCredit.php 2011-11-27 09:16:35 UTC (rev 4757)
@@ -723,7 +723,7 @@
'" . $SQLCreditNoteDate . "',
'" . $PeriodNo . "',
'" . $EnteredGLCode->GLCode . "',
- '" . DB_escape_string($_SESSION['SuppTrans']->SupplierID . " " . $EnteredGLCode->Narrative) . "',
+ '" . $_SESSION['SuppTrans']->SupplierID . " " . $EnteredGLCode->Narrative . "',
'" . -$EnteredGLCode->Amount/$_SESSION['SuppTrans']->ExRate ."',
'' )";
@@ -753,7 +753,7 @@
'" . $SQLCreditNoteDate . "',
'" . $PeriodNo . "',
'" . $_SESSION['SuppTrans']->GRNAct . "',
- '" . DB_escape_string($_SESSION['SuppTrans']->SupplierID . ' ' . _('Shipment credit against') . ' ' . $ShiptChg->ShiptRef) . "',
+ '" . $_SESSION['SuppTrans']->SupplierID . ' ' . _('Shipment credit against') . ' ' . $ShiptChg->ShiptRef . "',
'" . -$ShiptChg->Amount/$_SESSION['SuppTrans']->ExRate . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The general ledger transaction for the shipment') . ' ' . $ShiptChg->ShiptRef . ' ' . _('could not be added because');
@@ -779,7 +779,7 @@
'" . $SQLCreditNoteDate . "',
'" . $PeriodNo . "',
'". $AssetAddition->CostAct . "',
- '" . DB_escape_string($_SESSION['SuppTrans']->SupplierID . ' ' . _('Asset Credit') . ' ' . $AssetAddition->AssetID . ': ' . $AssetAddition->Description) . "',
+ '" . $_SESSION['SuppTrans']->SupplierID . ' ' . _('Asset Credit') . ' ' . $AssetAddition->AssetID . ': ' . $AssetAddition->Description . "',
'" . -$AssetAddition->Amount/ $_SESSION['SuppTrans']->ExRate . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The general ledger transaction for the asset addition could not be added because');
$DbgMsg = _('The following SQL to insert the GL transaction was used');
@@ -812,7 +812,7 @@
'" . $SQLCreditNoteDate. "',
'" . $PeriodNo . "',
'". $WIPAccount . "',
- '" . DB_escape_string($_SESSION['SuppTrans']->SupplierID . ' ' . _('Contract charge against') . ' ' . $Contract->ContractRef) . "',
+ '" . $_SESSION['SuppTrans']->SupplierID . ' ' . _('Contract charge against') . ' ' . $Contract->ContractRef . "',
'" . (-$Contract->Amount/ $_SESSION['SuppTrans']->ExRate) . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The general ledger transaction for the contract') . ' ' . $Contract->ContractRef . ' ' . _('could not be added because');
@@ -846,7 +846,7 @@
'" . $SQLCreditNoteDate . "',
'" . $PeriodNo . "',
'" . $_SESSION['SuppTrans']->GRNAct . "',
- '" . DB_escape_string($_SESSION['SuppTrans']->SupplierID . ' - ' . _('GRN Credit Note') . ' ' . $EnteredGRN->GRNNo . ' - ' . $EnteredGRN->ItemCode . ' x ' . $EnteredGRN->This_QuantityInv . ' @ ' . _('std cost of') . ' ' . $EnteredGRN->StdCostUnit) . "',
+ '" . $_SESSION['SuppTrans']->SupplierID . ' - ' . _('GRN Credit Note') . ' ' . $EnteredGRN->GRNNo . ' - ' . $EnteredGRN->ItemCode . ' x ' . $EnteredGRN->This_QuantityInv . ' @ ' . _('std cost of') . ' ' . $EnteredGRN->StdCostUnit . "',
'" . (-$EnteredGRN->StdCostUnit * $EnteredGRN->This_QuantityInv) . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The general ledger transaction could not be added because');
@@ -915,7 +915,7 @@
'" . $SQLCreditNoteDate . "',
'" . $PeriodNo . "',
'" . $StockGLCode['purchpricevaract'] . "',
- '" . DB_escape_string($_SESSION['SuppTrans']->SupplierID . ' - ' . _('GRN Credit Note') . ' ' . $EnteredGRN->GRNNo .' - ' . $EnteredGRN->ItemCode . ' x ' . ($EnteredGRN->This_QuantityInv-$TotalQuantityOnHand) . ' x ' . _('price var of') . ' ' . locale_number_format(($EnteredGRN->ChgPrice / $_SESSION['SuppTrans']->ExRate) - $EnteredGRN->StdCostUnit,$_SESSION['CompanyRecord']['decimalplaces'])) ."',
+ '" . $_SESSION['SuppTrans']->SupplierID . ' - ' . _('GRN Credit Note') . ' ' . $EnteredGRN->GRNNo .' - ' . $EnteredGRN->ItemCode . ' x ' . ($EnteredGRN->This_QuantityInv-$TotalQuantityOnHand) . ' x ' . _('price var of') . ' ' . locale_number_format(($EnteredGRN->ChgPrice / $_SESSION['SuppTrans']->ExRate) - $EnteredGRN->StdCostUnit,$_SESSION['CompanyRecord']['decimalplaces']) ."',
'" . (-$WriteOffToVariances) . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The general ledger transaction could not be added for the price variance of the stock item because');
@@ -938,9 +938,9 @@
'" . $SQLCreditNoteDate . "',
'" . $PeriodNo . "',
'" . $StockGLCode['stockact'] . "',
- '" . DB_escape_string($_SESSION['SuppTrans']->SupplierID . ' - ' . _('Average Cost Adj') .
+ '" . $_SESSION['SuppTrans']->SupplierID . ' - ' . _('Average Cost Adj') .
' - ' . $EnteredGRN->ItemCode . ' x ' . $TotalQuantityOnHand . ' x ' .
- locale_number_format(($EnteredGRN->ChgPrice / $_SESSION['SuppTrans']->ExRate) - $EnteredGRN->StdCostUnit,$_SESSION['CompanyRecord']['decimalplaces'])) . "',
+ locale_number_format(($EnteredGRN->ChgPrice / $_SESSION['SuppTrans']->ExRate) - $EnteredGRN->StdCostUnit,$_SESSION['CompanyRecord']['decimalplaces']) . "',
'" . (-($PurchPriceVar - $WriteOffToVariances)) . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The general ledger transaction could not be added for the price variance of the stock item because');
@@ -988,7 +988,7 @@
'" . $SQLCreditNoteDate . "',
'" . $PeriodNo . "',
'" . $StockGLCode['purchpricevaract'] . "',
- '" . DB_escape_string($_SESSION['SuppTrans']->SupplierID . ' - ' . _('GRN') . ' ' . $EnteredGRN->GRNNo . ' - ' . $EnteredGRN->ItemCode . ' x ' . $EnteredGRN->This_QuantityInv . ' x ' . _('price var of') . ' ' . locale_number_format(($EnteredGRN->ChgPrice / $_SESSION['SuppTrans']->ExRate) - $EnteredGRN->StdCostUnit,$_SESSION['CompanyRecord']['decimalplaces'])) . "',
+ '" . $_SESSION['SuppTrans']->SupplierID . ' - ' . _('GRN') . ' ' . $EnteredGRN->GRNNo . ' - ' . $EnteredGRN->ItemCode . ' x ' . $EnteredGRN->This_QuantityInv . ' x ' . _('price var of') . ' ' . locale_number_format(($EnteredGRN->ChgPrice / $_SESSION['SuppTrans']->ExRate) - $EnteredGRN->StdCostUnit,$_SESSION['CompanyRecord']['decimalplaces']) . "',
'" . (-$PurchPriceVar) . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The general ledger transaction could not be added for the price variance of the stock item because');
@@ -1027,8 +1027,8 @@
'" . $SQLCreditNoteDate . "',
'" . $PeriodNo . "',
'" . $GLCode . "',
- '" . DB_escape_string($_SESSION['SuppTrans']->SupplierID . ' - ' . _('GRN') . ' ' . $EnteredGRN->GRNNo . ' - ' . $EnteredGRN->ItemDescription . ' x ' . $EnteredGRN->This_QuantityInv . ' x ' . _('price var') .
- ' ' . locale_number_format(($EnteredGRN->ChgPrice / $_SESSION['SuppTrans']->ExRate) - $EnteredGRN->StdCostUnit,$_SESSION['CompanyRecord']['decimalplaces'])) . "',
+ '" . $_SESSION['SuppTrans']->SupplierID . ' - ' . _('GRN') . ' ' . $EnteredGRN->GRNNo . ' - ' . $EnteredGRN->ItemDescription . ' x ' . $EnteredGRN->This_QuantityInv . ' x ' . _('price var') .
+ ' ' . locale_number_format(($EnteredGRN->ChgPrice / $_SESSION['SuppTrans']->ExRate) - $EnteredGRN->StdCostUnit,$_SESSION['CompanyRecord']['decimalplaces']) . "',
'" . (-$PurchPriceVar) . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The general ledger transaction could not be added for the price variance of the stock item because');
@@ -1053,7 +1053,7 @@
'" . $SQLCreditNoteDate . "',
'" . $PeriodNo . "',
'" . $_SESSION['SuppTrans']->GRNAct . "',
- '" . DB_escape_string($_SESSION['SuppTrans']->SupplierID . ' - ' . _('GRN') .' ' . $EnteredGRN->GRNNo . ' - ' . $EnteredGRN->ItemCode . ' x ' . $EnteredGRN->This_QuantityInv . ' @ ' . $_SESSION['SuppTrans']->CurrCode .' ' . $EnteredGRN->ChgPrice . ' @ ' . _('a rate of') . ' ' . $_SESSION['SuppTrans']->ExRate) . "',
+ '" . $_SESSION['SuppTrans']->SupplierID . ' - ' . _('GRN') .' ' . $EnteredGRN->GRNNo . ' - ' . $EnteredGRN->ItemCode . ' x ' . $EnteredGRN->This_QuantityInv . ' @ ' . $_SESSION['SuppTrans']->CurrCode .' ' . $EnteredGRN->ChgPrice . ' @ ' . _('a rate of') . ' ' . $_SESSION['SuppTrans']->ExRate . "',
'" . (-$EnteredGRN->ChgPrice * $EnteredGRN->This_QuantityInv / $_SESSION['SuppTrans']->ExRate) . "'
)";
@@ -1086,7 +1086,7 @@
'" . $SQLCreditNoteDate . "',
'" . $PeriodNo . "',
'" . $Tax->TaxGLCode . "',
- '" . DB_escape_string($_SESSION['SuppTrans']->SupplierID . ' - ' . _('Credit note') . ' ' . $_SESSION['SuppTrans']->SuppReference . ' ' . $_SESSION['SuppTrans']->CurrCode . $Tax->TaxOvAmount . ' @ ' . _('a rate of') . ' ' . $_SESSION['SuppTrans']->ExRate) . "',
+ '" . $_SESSION['SuppTrans']->SupplierID . ' - ' . _('Credit note') . ' ' . $_SESSION['SuppTrans']->SuppReference . ' ' . $_SESSION['SuppTrans']->CurrCode . $Tax->TaxOvAmount . ' @ ' . _('a rate of') . ' ' . $_SESSION['SuppTrans']->ExRate . "',
'" . (-$Tax->TaxOvAmount/ $_SESSION['SuppTrans']->ExRate) . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The general ledger transaction for the tax could not be added because');
@@ -1110,7 +1110,7 @@
'" . $SQLCreditNoteDate . "',
'" . $PeriodNo . "',
'" . $_SESSION['SuppTrans']->CreditorsAct . "',
- '" . DB_escape_string($_SESSION['SuppTrans']->SupplierID . ' - ' . _('Credit Note') . ' ' . $_SESSION['SuppTrans']->SuppReference . ' ' . $_SESSION['SuppTrans']->CurrCode . locale_number_format($_SESSION['SuppTrans']->OvAmount + $_SESSION['SuppTrans']->OvGST,$_SESSION['SuppTrans']->CurrDecimalPlaces) . ' @ ' . _('a rate of') . ' ' . $_SESSION['SuppTrans']->ExRate) . "',
+ '" . $_SESSION['SuppTrans']->SupplierID . ' - ' . _('Credit Note') . ' ' . $_SESSION['SuppTrans']->SuppReference . ' ' . $_SESSION['SuppTrans']->CurrCode . locale_number_format($_SESSION['SuppTrans']->OvAmount + $_SESSION['SuppTrans']->OvGST,$_SESSION['SuppTrans']...
[truncated message content] |
