projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Moved all SQL statements from PHP files into relevant *_db.inc files.
[fa-stable.git]
/
purchasing
/
inquiry
/
po_search_completed.php
diff --git
a/purchasing/inquiry/po_search_completed.php
b/purchasing/inquiry/po_search_completed.php
index aa2f269a06d5e136a3dfb7c8fcb46fc46c8589d9..1632f5b49de15f440d70011bdffddec4ba1231a1 100644
(file)
--- a/
purchasing/inquiry/po_search_completed.php
+++ b/
purchasing/inquiry/po_search_completed.php
@@
-21,7
+21,7
@@
if ($use_popup_windows)
$js .= get_js_open_window(900, 500);
if ($use_date_picker)
$js .= get_js_date_picker();
$js .= get_js_open_window(900, 500);
if ($use_date_picker)
$js .= get_js_date_picker();
-page(_("Search Purchase Orders"), false, false, "", $js);
+page(_(
$help_context =
"Search Purchase Orders"), false, false, "", $js);
if (isset($_GET['order_number']))
{
if (isset($_GET['order_number']))
{
@@
-69,7
+69,6
@@
stock_items_list_cells(_("for item:"), 'SelectStockFromList', null, true);
submit_cells('SearchOrders', _("Search"),'',_('Select documents'), 'default');
end_row();
end_table();
submit_cells('SearchOrders', _("Search"),'',_('Select documents'), 'default');
end_row();
end_table();
-end_form();
//---------------------------------------------------------------------------------------------
if (isset($_POST['order_number']))
{
//---------------------------------------------------------------------------------------------
if (isset($_POST['order_number']))
{
@@
-126,7
+125,7
@@
$sql = "SELECT
if (isset($order_number) && $order_number != "")
{
if (isset($order_number) && $order_number != "")
{
- $sql .= "AND porder.reference LIKE
'%". $order_number . "%'"
;
+ $sql .= "AND porder.reference LIKE
".db_escape('%'. $order_number . '%')
;
}
else
{
}
else
{
@@
-139,11
+138,11
@@
else
if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT)
{
if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT)
{
- $sql .= " AND porder.into_stock_location =
'". $_POST['StockLocation'] . "' "
;
+ $sql .= " AND porder.into_stock_location =
".db_escape($_POST['StockLocation'])
;
}
if (isset($selected_stock_item))
{
}
if (isset($selected_stock_item))
{
- $sql .= " AND line.item_code=
'". $selected_stock_item ."' "
;
+ $sql .= " AND line.item_code=
".db_escape($selected_stock_item)
;
}
} //end not order number selected
}
} //end not order number selected
@@
-171,7
+170,6
@@
if (get_post('StockLocation') != $all_items) {
$table =& new_db_pager('orders_tbl', $sql, $cols);
$table->width = "80%";
$table =& new_db_pager('orders_tbl', $sql, $cols);
$table->width = "80%";
-start_form();
display_db_pager($table);
display_db_pager($table);