Moved all SQL statements from PHP files into relevant *_db.inc files.

[fa-stable.git] / purchasing / inquiry / supplier_allocation_inquiry.php

diff --git a/purchasing/inquiry/supplier_allocation_inquiry.php b/purchasing/inquiry/supplier_allocation_inquiry.php
index 89383141a161f41b3561143d6e6d8e0fa2a4a697..850dfc3081c344003cd61d7f7701aad1af71eaf3 100644 (file)
--- a/purchasing/inquiry/supplier_allocation_inquiry.php
+++ b/purchasing/inquiry/supplier_allocation_inquiry.php
@@ -20,7 +20,7 @@ if ($use_popup_windows)
        $js .= get_js_open_window(900, 500);
 if ($use_date_picker)
        $js .= get_js_date_picker();
-page(_("Supplier Allocation Inquiry"), false, false, "", $js);
+page(_($help_context = "Supplier Allocation Inquiry"), false, false, "", $js);
 
 if (isset($_GET['supplier_id']))
 {
@@ -60,7 +60,6 @@ set_global_supplier($_POST['supplier_id']);
 
 end_row();
 end_table();
-end_form();
 //------------------------------------------------------------------------------------------------
 function check_overdue($row)
 {
@@ -142,8 +141,9 @@ function fmt_credit($row)
        WHERE supplier.supplier_id = trans.supplier_id
        AND trans.tran_date >= '$date_after'
        AND trans.tran_date <= '$date_to'";
+
        if ($_POST['supplier_id'] != ALL_TEXT)
-               $sql .= " AND trans.supplier_id = '" . $_POST['supplier_id'] . "'";
+               $sql .= " AND trans.supplier_id = ".db_escape($_POST['supplier_id']);
        if (isset($_POST['filterType']) && $_POST['filterType'] != ALL_TEXT)
        {
                if (($_POST['filterType'] == '1') || ($_POST['filterType'] == '2'))
@@ -197,7 +197,6 @@ $table =& new_db_pager('doc_tbl', $sql, $cols);
 $table->set_marker('check_overdue', _("Marked items are overdue."));
 
 $table->width = "90%";
-start_form();
 
 display_db_pager($table);