projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Security update of sql statements, a couple of smaller fixes.
[fa-stable.git]
/
gl
/
inquiry
/
bank_inquiry.php
diff --git
a/gl/inquiry/bank_inquiry.php
b/gl/inquiry/bank_inquiry.php
index 94ccef8d54988274004a2b52b9694fb9cd172d67..475c4818091610e55c76e3130ca6fbc84a2989b8 100644
(file)
--- a/
gl/inquiry/bank_inquiry.php
+++ b/
gl/inquiry/bank_inquiry.php
@@
-59,7
+59,7
@@
$date_to = date2sql($_POST['TransToDate']);
if (!isset($_POST['bank_account']))
$_POST['bank_account'] = "";
$sql = "SELECT ".TB_PREF."bank_trans.* FROM ".TB_PREF."bank_trans
if (!isset($_POST['bank_account']))
$_POST['bank_account'] = "";
$sql = "SELECT ".TB_PREF."bank_trans.* FROM ".TB_PREF."bank_trans
- WHERE ".TB_PREF."bank_trans.bank_act =
'" . $_POST['bank_account'] . "'
+ WHERE ".TB_PREF."bank_trans.bank_act =
".db_escape($_POST['bank_account']) . "
AND trans_date >= '$date_after'
AND trans_date <= '$date_to'
ORDER BY trans_date,".TB_PREF."bank_trans.id";
AND trans_date >= '$date_after'
AND trans_date <= '$date_to'
ORDER BY trans_date,".TB_PREF."bank_trans.id";
@@
-76,7
+76,8
@@
$th = array(_("Type"), _("#"), _("Reference"), _("Date"),
_("Debit"), _("Credit"), _("Balance"), _("Person/Item"), "");
table_header($th);
_("Debit"), _("Credit"), _("Balance"), _("Person/Item"), "");
table_header($th);
-$sql = "SELECT SUM(amount) FROM ".TB_PREF."bank_trans WHERE bank_act='" . $_POST['bank_account'] . "'
+$sql = "SELECT SUM(amount) FROM ".TB_PREF."bank_trans WHERE bank_act="
+ .db_escape($_POST['bank_account']) . "
AND trans_date < '$date_after'";
$before_qty = db_query($sql, "The starting balance on hand could not be calculated");
AND trans_date < '$date_after'";
$before_qty = db_query($sql, "The starting balance on hand could not be calculated");