$sql = "SELECT debtor_no, name AS DebtorName, address, tax_id, email, curr_code, curdate() AS tran_date, payment_terms FROM ".TB_PREF."debtors_master";
}
$sql = "SELECT debtor_no, name AS DebtorName, address, tax_id, email, curr_code, curdate() AS tran_date, payment_terms FROM ".TB_PREF."debtors_master";
- if ($customer != reserved_words::get_all_numeric())
- $sql .= " WHERE debtor_no = $customer";
+ if ($customer != ALL_NUMERIC)
+ $sql .= " WHERE debtor_no = ".db_escape($customer);
else
$sql .= " ORDER by name";
$result = db_query($sql, "The customers could not be retrieved");
else
$sql .= " ORDER by name";
$result = db_query($sql, "The customers could not be retrieved");