Initialized upgrade procedures for FA 2.4

[fa-stable.git] / purchasing / includes / db / suppalloc_db.inc

diff --git a/purchasing/includes/db/suppalloc_db.inc b/purchasing/includes/db/suppalloc_db.inc
index a68c9cfe6ee481845d96c0ca678cc61467e9524f..f9eed1a86c0a9caf6decb11fc4d9c8dd4f1e1429 100644 (file)
--- a/purchasing/includes/db/suppalloc_db.inc
+++ b/purchasing/includes/db/suppalloc_db.inc
@@ -69,7 +69,7 @@ function clear_supp_alloctions($type, $type_no, $date="")
 {
        // clear any allocations for this transaction
        $sql = "SELECT * FROM ".TB_PREF."supp_allocations
-               WHERE (trans_type_from=$type AND trans_no_from=$type_no)
+               WHERE (trans_type_from=".db_escape($type)." AND trans_no_from=".db_escape($type_no).")
                OR (trans_type_to=".db_escape($type)." AND trans_no_to=".db_escape($type_no).")";
        $result = db_query($sql, "could not void supp transactions for type=$type and trans_no=$type_no");
 
@@ -170,7 +170,7 @@ function get_allocatable_to_supp_transactions($supplier_id, $trans_no=null, $typ
        {
                $sql = get_alloc_supp_sql(null, "round(ABS(ov_amount+ov_gst+ov_discount)-alloc,6) > 0
                        AND trans.type != ".ST_SUPPAYMENT."
-                       AND trans.supplier_id=$supplier_id");
+                       AND trans.supplier_id=".db_escape($supplier_id));
        }
 
        return db_query($sql." ORDER BY trans_no", "Cannot retreive alloc to transactions");