$sql = "SELECT ".TB_PREF."debtor_trans_details.*,
".TB_PREF."debtor_trans_details.unit_price+".TB_PREF."debtor_trans_details.unit_tax AS FullUnitPrice,
".TB_PREF."debtor_trans_details.description As StockDescription,
- ".TB_PREF."stock_master.units
- FROM ".TB_PREF."debtor_trans_details,".TB_PREF."stock_master
+ ".TB_PREF."stock_master.units, ".TB_PREF."stock_master.mb_flag
+ FROM ".TB_PREF."debtor_trans_details, ".TB_PREF."stock_master
WHERE (";
$tr=array();
foreach ($debtor_trans_no as $trans_no)
- $tr[] = 'debtor_trans_no='.$trans_no;
+ $tr[] = 'debtor_trans_no='.db_escape($trans_no);
$sql .= implode(' OR ', $tr);