contact =" . db_escape($_POST['contact']). " ,
phone =" . db_escape($_POST['phone']). " ,
address =" . db_escape($_POST['address']). "
- WHERE shipper_id = $selected_id";
+ WHERE shipper_id = ".db_escape($selected_id);
db_query($sql,"The shipping company could not be updated");
display_notification(_('Selected shipping company has been updated'));
{
// PREVENT DELETES IF DEPENDENT RECORDS IN 'sales_orders'
- $sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE ship_via='$selected_id'";
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE ship_via=".db_escape($selected_id);
$result = db_query($sql,"check failed");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
{
// PREVENT DELETES IF DEPENDENT RECORDS IN 'debtor_trans'
- $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE ship_via='$selected_id'";
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE ship_via=".db_escape($selected_id);
$result = db_query($sql,"check failed");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
}
else
{
- $sql="DELETE FROM ".TB_PREF."shippers WHERE shipper_id=$selected_id";
+ $sql="DELETE FROM ".TB_PREF."shippers WHERE shipper_id=".db_escape($selected_id);
db_query($sql,"could not delete shipper");
display_notification(_('Selected shipping company has been deleted'));
}
if ($Mode == 'Edit') {
//editing an existing Shipper
- $sql = "SELECT * FROM ".TB_PREF."shippers WHERE shipper_id=$selected_id";
+ $sql = "SELECT * FROM ".TB_PREF."shippers WHERE shipper_id=".db_escape($selected_id);
$result = db_query($sql, "could not get shipper");
$myrow = db_fetch($result);