$js .= get_js_open_window(800, 500);
if ($use_date_picker)
$js .= get_js_date_picker();
-page(_("Bank Statement"), false, false, "", $js);
+page(_($help_context = "Bank Statement"), false, false, "", $js);
check_db_has_bank_accounts(_("There are no bank accounts defined in the system."));
if (!isset($_POST['bank_account']))
$_POST['bank_account'] = "";
$sql = "SELECT ".TB_PREF."bank_trans.* FROM ".TB_PREF."bank_trans
- WHERE ".TB_PREF."bank_trans.bank_act = '" . $_POST['bank_account'] . "'
+ WHERE ".TB_PREF."bank_trans.bank_act = ".db_escape($_POST['bank_account']) . "
AND trans_date >= '$date_after'
AND trans_date <= '$date_to'
ORDER BY trans_date,".TB_PREF."bank_trans.id";
_("Debit"), _("Credit"), _("Balance"), _("Person/Item"), "");
table_header($th);
-$sql = "SELECT SUM(amount) FROM ".TB_PREF."bank_trans WHERE bank_act='" . $_POST['bank_account'] . "'
+$sql = "SELECT SUM(amount) FROM ".TB_PREF."bank_trans WHERE bank_act="
+ .db_escape($_POST['bank_account']) . "
AND trans_date < '$date_after'";
$before_qty = db_query($sql, "The starting balance on hand could not be calculated");