$sql = "SELECT MAX(`$st[2]`) FROM $st[0]";
if ($st[1] != null)
- $sql .= " WHERE `$st[1]`=$trans_type";
+ $sql .= " WHERE `$st[1]`=".db_escape($trans_type);
$result = db_query($sql,"The next transaction number for $trans_type could not be retrieved");
$myrow = db_fetch_row($result);
case ST_CUSTDELIVERY : return array("".TB_PREF."debtor_trans", "type", "trans_no", "reference", "tran_date");
case ST_LOCTRANSFER : return array("".TB_PREF."stock_moves", "type", "trans_no", "reference", "tran_date");
case ST_INVADJUST : return array("".TB_PREF."stock_moves", "type", "trans_no", "reference", "tran_date");
- case ST_PURCHORDER : return array("".TB_PREF."purch_orders", null, "order_no", "reference", "tran_date");
+ case ST_PURCHORDER : return array("".TB_PREF."purch_orders", null, "order_no", "reference", "ord_date");
case ST_SUPPINVOICE : return array("".TB_PREF."supp_trans", "type", "trans_no", "reference", "tran_date");
case ST_SUPPCREDIT : return array("".TB_PREF."supp_trans", "type", "trans_no", "reference", "tran_date");
case ST_SUPPAYMENT : return array("".TB_PREF."supp_trans", "type", "trans_no", "reference", "tran_date");