function set_last_sent($id, $date)
{
$date = date2sql($date);
- $sql = "UPDATE ".TB_PREF."recurrent_invoices SET last_sent='$date' WHERE id=$id";
+ $sql = "UPDATE ".TB_PREF."recurrent_invoices SET last_sent='$date' WHERE id=".db_escape($id);
db_query($sql,"The recurrent invoice could not be updated or added");
}
if (isset($_GET['recurrent']))
{
$invs = array();
- $sql = "SELECT * FROM ".TB_PREF."recurrent_invoices WHERE id=".$_GET['recurrent'];
+ $sql = "SELECT * FROM ".TB_PREF."recurrent_invoices WHERE id=".db_escape($_GET['recurrent']);
$result = db_query($sql,"could not get recurrent invoice");
$myrow = db_fetch($result);
display_notification(sprintf(_("%s recurrent invoice(s) created, # $min - # $max."), count($invs)));
if (count($invs) > 0)
{
- $ar = array('PARAM_0' => $min, 'PARAM_1' => $max, 'PARAM_2' => "", 'PARAM_3' => get_first_bank_account(),
- 'PARAM_4' => 0, 'PARAM_5' => 0, 'PARAM_6' => "", 'PARAM_7' => ST_SALESINVOICE);
+ $ar = array('PARAM_0' => $min, 'PARAM_1' => $max, 'PARAM_2' => "",
+ 'PARAM_3' => 0, 'PARAM_4' => 0, 'PARAM_5' => "", 'PARAM_6' => ST_SALESINVOICE);
display_note(print_link(_("&Print Recurrent Invoices # $min - # $max"), 107, $ar), 0, 1);
- $ar['PARAM_4'] = 1;
+ $ar['PARAM_3'] = 1;
display_note(print_link(_("&Email Recurrent Invoices # $min - # $max"), 107, $ar), 0, 1);
}
}
//-------------------------------------------------------------------------------------------------
function get_sales_group_name($group_no)
{
- $sql = "SELECT description FROM ".TB_PREF."groups WHERE id = $group_no";
+ $sql = "SELECT description FROM ".TB_PREF."groups WHERE id = ".db_escape($group_no);
$result = db_query($sql, "could not get group");
$row = db_fetch($result);
return $row[0];