INNER JOIN ".TB_PREF."sales_order_details
ON (".TB_PREF."sales_orders.order_no = ".TB_PREF."sales_order_details.order_no
AND ".TB_PREF."sales_orders.trans_type = ".TB_PREF."sales_order_details.trans_type
- AND ".TB_PREF."sales_orders.trans_type = 30)
+ AND ".TB_PREF."sales_orders.trans_type = ".ST_SALESORDER.")
INNER JOIN ".TB_PREF."stock_master
ON ".TB_PREF."sales_order_details.stk_code = ".TB_PREF."stock_master.stock_id
WHERE ".TB_PREF."sales_orders.ord_date >='$fromdate'
AND ".TB_PREF."sales_orders.ord_date <='$todate'";
if ($category > 0)
- $sql .= " AND ".TB_PREF."stock_master.category_id=$category";
+ $sql .= " AND ".TB_PREF."stock_master.category_id=".db_escape($category);
if ($location != null)
- $sql .= " AND ".TB_PREF."sales_orders.from_stk_loc='$location'";
+ $sql .= " AND ".TB_PREF."sales_orders.from_stk_loc=".db_escape($location);
if ($backorder)
- $sql .= "AND ".TB_PREF."sales_order_details.quantity - ".TB_PREF."sales_order_details.qty_sent > 0";
+ $sql .= " AND ".TB_PREF."sales_order_details.quantity - ".TB_PREF."sales_order_details.qty_sent > 0";
$sql .= " ORDER BY ".TB_PREF."sales_orders.order_no";
return db_query($sql, "Error getting order details");