Fixed extension module update and deletion.

[fa-stable.git] / admin / view_print_transaction.php

diff --git a/admin/view_print_transaction.php b/admin/view_print_transaction.php
index ec5e0f2d157e2938c0231367e891ca5bd595e5a1..3969418151680e4e5941a15115909e8e4f47506c 100644 (file)
--- a/admin/view_print_transaction.php
+++ b/admin/view_print_transaction.php
@@ -109,11 +109,11 @@ function handle_search()
                        $sql .= " ,$trans_ref ";
 
                $sql .= ", ".$_POST['filterType']." as type FROM $table_name
-                       WHERE $trans_no_name >= " . $_POST['FromTransNo']. "
-                       AND  $trans_no_name <= " . $_POST['ToTransNo'];
+                       WHERE $trans_no_name >= ".db_escape($_POST['FromTransNo']). "
+                       AND  $trans_no_name <= ".db_escape($_POST['ToTransNo']);
 
                if ($type_name != null)
-                       $sql .= " AND `$type_name` = " . $_POST['filterType'];
+                       $sql .= " AND `$type_name` = ".db_escape($_POST['filterType']);
 
                $sql .= " ORDER BY $trans_no_name";
 
@@ -137,10 +137,6 @@ function handle_search()
                }
 
                $table =& new_db_pager('transactions', $sql, $cols);
-               if (list_updated('filterType') || get_post('ProcessSearch')) {
-                       $table->set_sql($sql);
-                       $table->set_columns($cols);
-               }
                $table->width = "40%";
                display_db_pager($table);
        }