{
// clear any allocations for this transaction
$sql = "SELECT * FROM ".TB_PREF."supp_allocations
- WHERE (trans_type_from=$type AND trans_no_from=$type_no)
+ WHERE (trans_type_from=".db_escape($type)." AND trans_no_from=".db_escape($type_no).")
OR (trans_type_to=".db_escape($type)." AND trans_no_to=".db_escape($type_no).")";
$result = db_query($sql, "could not void supp transactions for type=$type and trans_no=$type_no");
{
$sql = get_alloc_supp_sql(null, "round(ABS(ov_amount+ov_gst+ov_discount)-alloc,6) > 0
AND trans.type != ".ST_SUPPAYMENT."
- AND trans.supplier_id=$supplier_id");
+ AND trans.supplier_id=".db_escape($supplier_id));
}
return db_query($sql." ORDER BY trans_no", "Cannot retreive alloc to transactions");