<?php
-
+/**********************************************************************
+ Copyright (C) FrontAccounting, LLC.
+ Released under the terms of the GNU General Public License, GPL,
+ as published by the Free Software Foundation, either version 3
+ of the License, or (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
$page_security = 10;
$path_to_root="..";
include($path_to_root . "/includes/session.inc");
{
// PREVENT DELETES IF DEPENDENT RECORDS IN debtors_master
- $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master WHERE payment_terms = '$selected_id'";
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master WHERE payment_terms = ".db_escape($selected_id);
$result = db_query($sql,"check failed");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
}
else
{
- $sql= "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE payment_terms = '$selected_id'";
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE payment_terms = ".db_escape($selected_id);
$result = db_query($sql,"check failed");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
{
//only delete if used in neither customer or supplier accounts
- $sql="DELETE FROM ".TB_PREF."payment_terms WHERE terms_indicator='$selected_id'";
+ $sql="DELETE FROM ".TB_PREF."payment_terms WHERE terms_indicator=".db_escape($selected_id);
db_query($sql,"could not delete a payment terms");
display_notification(_('Selected payment terms have been deleted'));
}
label_cell($full_text);
label_cell($after_text);
edit_button_cell("Edit".$myrow["terms_indicator"], _("Edit"));
- edit_button_cell("Delete".$myrow["terms_indicator"], _("Delete"));
+ delete_button_cell("Delete".$myrow["terms_indicator"], _("Delete"));
end_row();
if ($Mode == 'Edit') {
//editing an existing payment terms
$sql = "SELECT * FROM ".TB_PREF."payment_terms
- WHERE terms_indicator='$selected_id'";
+ WHERE terms_indicator=".db_escape($selected_id);
$result = db_query($sql,"could not get payment term");
$myrow = db_fetch($result);