<?php
-
-
+/**********************************************************************
+ Copyright (C) FrontAccounting, LLC.
+ Released under the terms of the GNU General Public License, GPL,
+ as published by the Free Software Foundation, either version 3
+ of the License, or (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
$page_security = 14;
$path_to_root="..";
include($path_to_root . "/includes/session.inc");
contact =" . db_escape($_POST['contact']). " ,
phone =" . db_escape($_POST['phone']). " ,
address =" . db_escape($_POST['address']). "
- WHERE shipper_id = $selected_id";
+ WHERE shipper_id = ".db_escape($selected_id);
db_query($sql,"The shipping company could not be updated");
display_notification(_('Selected shipping company has been updated'));
{
// PREVENT DELETES IF DEPENDENT RECORDS IN 'sales_orders'
- $sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE ship_via='$selected_id'";
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE ship_via=".db_escape($selected_id);
$result = db_query($sql,"check failed");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
{
// PREVENT DELETES IF DEPENDENT RECORDS IN 'debtor_trans'
- $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE ship_via='$selected_id'";
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE ship_via=".db_escape($selected_id);
$result = db_query($sql,"check failed");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
}
else
{
- $sql="DELETE FROM ".TB_PREF."shippers WHERE shipper_id=$selected_id";
+ $sql="DELETE FROM ".TB_PREF."shippers WHERE shipper_id=".db_escape($selected_id);
db_query($sql,"could not delete shipper");
display_notification(_('Selected shipping company has been deleted'));
}
label_cell($myrow["phone"]);
label_cell($myrow["address"]);
edit_button_cell("Edit".$myrow[0], _("Edit"));
- edit_button_cell("Delete".$myrow[0], _("Delete"));
+ delete_button_cell("Delete".$myrow[0], _("Delete"));
end_row();
}
if ($Mode == 'Edit') {
//editing an existing Shipper
- $sql = "SELECT * FROM ".TB_PREF."shippers WHERE shipper_id=$selected_id";
+ $sql = "SELECT * FROM ".TB_PREF."shippers WHERE shipper_id=".db_escape($selected_id);
$result = db_query($sql, "could not get shipper");
$myrow = db_fetch($result);