ref_cells(_("to #:"), 'ToTransNo');
- submit_cells('ProcessSearch', _("Search"), '', '', true);
+ submit_cells('ProcessSearch', _("Search"), '', '', 'default');
end_row();
end_table(1);
display_error(_("The ending transaction number is expected to be numeric and greater than zero."));
return false;
}
- if (!isset($_POST['filterType']) || $_POST['filterType'] == "")
- return false;
return true;
}
$sql .= " ,$trans_ref ";
$sql .= ", ".$_POST['filterType']." as type FROM $table_name
- WHERE $trans_no_name >= " . $_POST['FromTransNo']. "
- AND $trans_no_name <= " . $_POST['ToTransNo'];
+ WHERE $trans_no_name >= ".db_escape($_POST['FromTransNo']). "
+ AND $trans_no_name <= ".db_escape($_POST['ToTransNo']);
if ($type_name != null)
- $sql .= " AND `$type_name` = " . $_POST['filterType'];
+ $sql .= " AND `$type_name` = ".db_escape($_POST['filterType']);
$sql .= " ORDER BY $trans_no_name";
}
$table =& new_db_pager('transactions', $sql, $cols);
- if (list_updated('filterType')) {
+ if (list_updated('filterType') || get_post('ProcessSearch')) {
$table->set_sql($sql);
$table->set_columns($cols);
}
//----------------------------------------------------------------------------------------
-start_form(false, true);
+start_form(false);
viewing_controls();
handle_search();
end_form(2);