function view_link($row)
{
- return get_dimensions_trans_view_str(systypes::dimension(), $row["id"]);
+ return get_dimensions_trans_view_str(ST_DIMENSION, $row["id"]);
}
function is_closed($row)
if (isset($_POST['OrderNumber']) && $_POST['OrderNumber'] != "")
{
- $sql .= " AND reference LIKE '%". $_POST['OrderNumber'] . "%'";
+ $sql .= " AND reference LIKE ".db_escape("%". $_POST['OrderNumber'] . "%");
} else {
if ($dim == 1)
if (isset($_POST['type_']) && ($_POST['type_'] > 0))
{
- $sql .= " AND type_=" . $_POST['type_'];
+ $sql .= " AND type_=".db_escape($_POST['type_']);
}
if (isset($_POST['OverdueOnly']))
{
$today = date2sql(Today());
- $sql .= " AND due_date < '$today' ";
+ $sql .= " AND due_date < '$today'";
}
$sql .= " AND date_ >= '" . date2sql($_POST['FromDate']) . "'
$table =& new_db_pager('dim_tbl', $sql, $cols);
$table->set_marker('is_overdue', _("Marked dimensions are overdue."));
-if (get_post('SearchOrders')) {
- $table->set_sql($sql);
- $table->set_columns($cols);
-}
$table->width = "80%";
start_form();