$sql = "SELECT supplier_id, supp_name AS name, curr_code FROM ".TB_PREF."suppliers ";
if ($fromsupp != reserved_words::get_all_numeric())
- $sql .= "WHERE supplier_id=$fromsupp ";
+ $sql .= "WHERE supplier_id=".db_escape($fromsupp)." ";
$sql .= "ORDER BY supp_name";
$result = db_query($sql, "The customers could not be retrieved");
else
$item[3] = ($trans['TotalAmount'] + $trans['Allocated']) * $rate;
*/
- if ($trans['type'] == 20)
+ if ($trans['type'] == 20 || $trans['type'] == 2)
$item[3] = $item[0] + $item[1] - $item[2];
else
$item[3] = $item[0] - $item[1] + $item[2];