projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Security update merged from 2.1.
[fa-stable.git]
/
sales
/
view
/
view_sales_order.php
diff --git
a/sales/view/view_sales_order.php
b/sales/view/view_sales_order.php
index 352b68234a28dd0b23c0aa532aeb5cd6d4d64d98..8120332b5d265dc84a94268deb9e3bf16c72f002 100644
(file)
--- a/
sales/view/view_sales_order.php
+++ b/
sales/view/view_sales_order.php
@@
-90,10
+90,11
@@
if ($_GET['trans_type'] != ST_SALESQUOTE)
start_table($table_style);
display_heading2(_("Delivery Notes"));
start_table($table_style);
display_heading2(_("Delivery Notes"));
+
$th = array(_("#"), _("Ref"), _("Date"), _("Total"));
table_header($th);
$th = array(_("#"), _("Ref"), _("Date"), _("Total"));
table_header($th);
- $sql = "SELECT * FROM ".TB_PREF."debtor_trans WHERE type=".ST_CUSTDELIVERY." AND order_="
. $_GET['trans_no']
;
+ $sql = "SELECT * FROM ".TB_PREF."debtor_trans WHERE type=".ST_CUSTDELIVERY." AND order_="
.db_escape($_GET['trans_no'])
;
$result = db_query($sql,"The related delivery notes could not be retreived");
$delivery_total = 0;
$result = db_query($sql,"The related delivery notes could not be retreived");
$delivery_total = 0;
@@
-126,7
+127,7
@@
if ($_GET['trans_type'] != ST_SALESQUOTE)
$th = array(_("#"), _("Ref"), _("Date"), _("Total"));
table_header($th);
$th = array(_("#"), _("Ref"), _("Date"), _("Total"));
table_header($th);
- $sql = "SELECT * FROM ".TB_PREF."debtor_trans WHERE type=".ST_SALESINVOICE." AND order_="
. $_GET['trans_no']
;
+ $sql = "SELECT * FROM ".TB_PREF."debtor_trans WHERE type=".ST_SALESINVOICE." AND order_="
.db_escape($_GET['trans_no'])
;
$result = db_query($sql,"The related invoices could not be retreived");
$invoices_total = 0;
$result = db_query($sql,"The related invoices could not be retreived");
$invoices_total = 0;
@@
-158,7
+159,7
@@
if ($_GET['trans_type'] != ST_SALESQUOTE)
$th = array(_("#"), _("Ref"), _("Date"), _("Total"));
table_header($th);
$th = array(_("#"), _("Ref"), _("Date"), _("Total"));
table_header($th);
- $sql = "SELECT * FROM ".TB_PREF."debtor_trans WHERE type=".ST_CUSTCREDIT." AND order_="
. $_GET['trans_no']
;
+ $sql = "SELECT * FROM ".TB_PREF."debtor_trans WHERE type=".ST_CUSTCREDIT." AND order_="
.db_escape($_GET['trans_no'])
;
$result = db_query($sql,"The related credit notes could not be retreived");
$credits_total = 0;
$result = db_query($sql,"The related credit notes could not be retreived");
$credits_total = 0;