MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
-$page_security = 10;
+$page_security = 'SA_PAYTERMS';
$path_to_root="..";
include($path_to_root . "/includes/session.inc");
-page(_("Payment Terms"));
+page(_($help_context = "Payment Terms"));
include($path_to_root . "/includes/ui.inc");
{
// PREVENT DELETES IF DEPENDENT RECORDS IN debtors_master
- $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master WHERE payment_terms = '$selected_id'";
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master WHERE payment_terms = ".db_escape($selected_id);
$result = db_query($sql,"check failed");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
}
else
{
- $sql= "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE payment_terms = '$selected_id'";
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE payment_terms = ".db_escape($selected_id);
$result = db_query($sql,"check failed");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
{
//only delete if used in neither customer or supplier accounts
- $sql="DELETE FROM ".TB_PREF."payment_terms WHERE terms_indicator='$selected_id'";
+ $sql="DELETE FROM ".TB_PREF."payment_terms WHERE terms_indicator=".db_escape($selected_id);
db_query($sql,"could not delete a payment terms");
display_notification(_('Selected payment terms have been deleted'));
}
if ($Mode == 'Edit') {
//editing an existing payment terms
$sql = "SELECT * FROM ".TB_PREF."payment_terms
- WHERE terms_indicator='$selected_id'";
+ WHERE terms_indicator=".db_escape($selected_id);
$result = db_query($sql,"could not get payment term");
$myrow = db_fetch($result);
$_POST['terms'] = $myrow["terms"];
$days_before_due = $myrow["days_before_due"];
$day_in_following_month = $myrow["day_in_following_month"];
+ unset($_POST['DayNumber']);
}
hidden('selected_id', $selected_id);
}
projects / fa-stable.git / blobdiff