if (isset($_GET['ModifyOrderNumber']))
{
- page(_("Modify Purchase Order #") . $_GET['ModifyOrderNumber'], false, false, "", $js);
+ page(_($help_context = "Modify Purchase Order #") . $_GET['ModifyOrderNumber'], false, false, "", $js);
}
else
{
- page(_("Purchase Order Entry"), false, false, "", $js);
+ page(_($help_context = "Purchase Order Entry"), false, false, "", $js);
}
//---------------------------------------------------------------------------------------------------
if ($allow_update == true)
{
$sql = "SELECT description, units, mb_flag
- FROM ".TB_PREF."stock_master WHERE stock_id = '". $_POST['stock_id'] . "'";
+ FROM ".TB_PREF."stock_master WHERE stock_id = ".db_escape($_POST['stock_id']);
$result = db_query($sql,"The stock details for " . $_POST['stock_id'] . " could not be retrieved");