- // Sherifoz 22.06.03 convert percent to fraction
- $sql = "UPDATE ".TB_PREF."debtors_master SET name='" . $_POST['CustName'] . "',
- address='" . $_POST['address'] . "',
- tax_id='" . $_POST['tax_id'] . "',
- curr_code='" . $_POST['curr_code'] . "',
- email='" . $_POST['email'] . "',
- dimension_id=" . $_POST['dimension_id'] . ",
- dimension2_id=" . $_POST['dimension2_id'] . ",
- credit_status='" . $_POST['credit_status'] . "',
- payment_terms='" . $_POST['payment_terms'] . "',
- discount=" . ($_POST['discount']) / 100 . ",
- pymt_discount=" . ($_POST['pymt_discount']) / 100 . ",
- credit_limit=" . $_POST['credit_limit'] . ",
- sales_type = '" . $_POST['sales_type'] . "'
- WHERE debtor_no = '" . $_POST['customer_id'] . "'";
+ $sql = "UPDATE ".TB_PREF."debtors_master SET name=" . db_escape($_POST['CustName']) . ",
+ address=".db_escape($_POST['address']) . ",
+ tax_id=".db_escape($_POST['tax_id']) . ",
+ curr_code=".db_escape($_POST['curr_code']) . ",
+ email=".db_escape($_POST['email']) . ",
+ dimension_id=".db_escape($_POST['dimension_id']) . ",
+ dimension2_id=".db_escape($_POST['dimension2_id']) . ",
+ credit_status=".db_escape($_POST['credit_status']) . ",
+ payment_terms=".db_escape($_POST['payment_terms']) . ",
+ discount=" . input_num('discount') / 100 . ",
+ pymt_discount=" . input_num('pymt_discount') / 100 . ",
+ credit_limit=" . input_num('credit_limit') . ",
+ sales_type = ".db_escape($_POST['sales_type']) . "
+ WHERE debtor_no = '". $_POST['customer_id'] . "'";