Databse INSERT/UPDATE secured against db javscript injection

[fa-stable.git] / purchasing / includes / db / invoice_items_db.inc

diff --git a/purchasing/includes/db/invoice_items_db.inc b/purchasing/includes/db/invoice_items_db.inc
index 78849f7b018e61f4b449f11856b841ef0b21e6d8..18ff4aa9ba37f609783d7f5f2a73c5ebd29e5e8d 100644 (file)
--- a/purchasing/includes/db/invoice_items_db.inc
+++ b/purchasing/includes/db/invoice_items_db.inc
@@ -32,7 +32,7 @@ function add_supp_invoice_gl_item($supp_trans_type, $supp_trans_no, $gl_code, $a
 
 function get_supp_invoice_items($supp_trans_type, $supp_trans_no)
 {
-       $sql = "SELECT *,unit_price+unit_tax AS FullUnitPrice FROM ".TB_PREF."supp_invoice_items
+       $sql = "SELECT *, unit_price AS FullUnitPrice FROM ".TB_PREF."supp_invoice_items
                WHERE supp_trans_type = $supp_trans_type
                AND supp_trans_no = $supp_trans_no ORDER BY id";
        return db_query($sql, "Cannot retreive supplier transaction detail records");