projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Minor layout bug at Credit Shipping Costs in customer_credit_invoice.php
[fa-stable.git] / admin / payment_terms.php
diff --git a/admin/payment_terms.php b/admin/payment_terms.php
index cf46b90665ba70f531c40565e0dd518eedaf3f91..33ddf1189cc0bcc5fd911632224dfd62544dde50 100644 (file)
--- a/admin/payment_terms.php
+++ b/admin/payment_terms.php
@@ -31,21 +31,25 @@ if (isset($_POST['ADD_ITEM']) OR isset($_POST['UPDATE_ITEM']))
        {
                $inpug_error = 1;
                display_error( _("The number of days or the day in the following month must be numeric."));
+               set_focus('DayNumber');
        } 
        elseif (strlen($_POST['terms']) == 0) 
        {
                $inpug_error = 1;
                display_error( _("The Terms description must be entered."));
+               set_focus('terms');
        } 
        elseif ($_POST['DayNumber'] > 30 && !check_value('DaysOrFoll')) 
        {
                $inpug_error = 1;
                display_error( _("When the check box to indicate a day in the following month is the due date, the due date cannot be a day after the 30th. A number between 1 and 30 is expected."));
+               set_focus('DayNumber');
        } 
        elseif ($_POST['DayNumber'] > 500 && check_value('DaysOrFoll')) 
        {
                $inpug_error = 1;
                display_error( _("When the check box is not checked to indicate that the term expects a number of days after which accounts are due, the number entered should be less than 500 days."));
+               set_focus('DayNumber');
        }
 
        if ($_POST['DayNumber'] == '')
@@ -57,17 +61,17 @@ if (isset($_POST['ADD_ITEM']) OR isset($_POST['UPDATE_ITEM']))
        {
                if (check_value('DaysOrFoll')) 
                {
-                       $sql = "UPDATE ".TB_PREF."payment_terms SET terms='" . $_POST['terms'] . "',
+                       $sql = "UPDATE ".TB_PREF."payment_terms SET terms=" . db_escape($_POST['terms']) . ",
                                        day_in_following_month=0,
-                                       days_before_due=" . $_POST['DayNumber'] . "
-                                       WHERE terms_indicator = '" . $selected_id . "'";
+                                       days_before_due=" . db_escape($_POST['DayNumber']) . "
+                                       WHERE terms_indicator = " .db_escape($selected_id);
                } 
                else 
                {
-                       $sql = "UPDATE ".TB_PREF."payment_terms SET terms='" . $_POST['terms'] . "',
-                                       day_in_following_month=" . $_POST['DayNumber'] . ",
+                       $sql = "UPDATE ".TB_PREF."payment_terms SET terms=" . db_escape($_POST['terms']) . ",
+                                       day_in_following_month=" . db_escape($_POST['DayNumber']) . ",
                                        days_before_due=0
-                                       WHERE terms_indicator = '" . $selected_id . "'";
+                                       WHERE terms_indicator = " .db_escape( $selected_id );
                }
 
        } 
@@ -78,15 +82,15 @@ if (isset($_POST['ADD_ITEM']) OR isset($_POST['UPDATE_ITEM']))
                {
                        $sql = "INSERT INTO ".TB_PREF."payment_terms (terms,
                                        days_before_due, day_in_following_month)
-                                       VALUES ('" .
-                                       $_POST['terms'] . "', " . $_POST['DayNumber'] . ", 0)";
+                                       VALUES (" .
+                                       db_escape($_POST['terms']) . ", " . db_escape($_POST['DayNumber']) . ", 0)";
                } 
                else 
                {
                        $sql = "INSERT INTO ".TB_PREF."payment_terms (terms,
                                        days_before_due, day_in_following_month)
-                                       VALUES ('" . $_POST['terms'] . "',
-                                       0, " . $_POST['DayNumber'] . ")";
+                                       VALUES (" . db_escape($_POST['terms']) . ",
+                                       0, " . db_escape($_POST['DayNumber']) . ")";
                }
 
        }
FrontAccounting stable branch