Keine Form-Variablen direkt in SQL-Queries verwenden.

[kivitendo-erp.git] / SL / CA.pm

diff --git a/SL/CA.pm b/SL/CA.pm
index 8122b9d..91df43c 100644 (file)
--- a/SL/CA.pm
+++ b/SL/CA.pm
@@ -71,10 +71,37 @@ sub all_accounts {
   }
   $sth->finish;
 
-  $query = qq|SELECT c.id, c.accno, c.description, c.charttype, c.gifi_accno,
-              c.category, c.link
-              FROM chart c
-             ORDER BY accno|;
+  $query = qq{
+    SELECT 
+      c.accno,
+      c.id,
+      c.description,
+      c.charttype,
+      c.category,
+      c.link,
+      c.pos_bwa,
+      c.pos_bilanz,
+      c.pos_eur,
+      c.valid_from,
+      c.datevautomatik,
+      comma(tk.startdate) AS startdate,
+      comma(tk.taxkey_id) AS taxkey,
+      comma(tx.taxdescription || to_char (tx.rate, '99V99' ) || '%') AS taxdescription,
+      comma(tx.taxnumber) AS taxaccount,
+      comma(tk.pos_ustva) AS tk_ustva,
+      ( SELECT accno
+      FROM chart c2
+      WHERE c2.id = c.id
+      ) AS new_account
+    FROM chart c
+    LEFT JOIN taxkeys tk ON (c.id = tk.chart_id)
+    LEFT JOIN tax tx ON (tk.tax_id = tx.id)
+    GROUP BY c.accno, c.id, c.description, c.charttype, c.gifi_accno,
+      c.category, c.link, c.pos_bwa, c.pos_bilanz, c.pos_eur, c.valid_from,      
+      c.datevautomatik
+    ORDER BY c.accno
+  };
+
   $sth = $dbh->prepare($query);
   $sth->execute || $form->dberror($query);