".TB_PREF."payment_terms
WHERE
".TB_PREF."suppliers.payment_terms = ".TB_PREF."payment_terms.terms_indicator
- AND ".TB_PREF."suppliers.supplier_id = '$supplier_id'";
+ AND ".TB_PREF."suppliers.supplier_id = ".db_escape($supplier_id);
$result = db_query($sql,"The customer details could not be retrieved");
function get_supplier($supplier_id)
{
- $sql = "SELECT * FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+ $sql = "SELECT * FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
$result = db_query($sql, "could not get supplier");
function get_supplier_name($supplier_id)
{
- $sql = "SELECT supp_name AS name FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+ $sql = "SELECT supp_name AS name FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
$result = db_query($sql, "could not get supplier");
function get_supplier_accounts($supplier_id)
{
- $sql = "SELECT payable_account,purchase_account,payment_discount_account FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+ $sql = "SELECT payable_account,purchase_account,payment_discount_account FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
$result = db_query($sql, "could not get supplier");