{
$sql = get_alloc_trans_sql("amt", "trans.trans_no = alloc.trans_no_to
AND trans.type = alloc.trans_type_to
- AND alloc.trans_no_from=$trans_no
- AND alloc.trans_type_from=$type
+ AND alloc.trans_no_from=".db_escape($trans_no)."
+ AND alloc.trans_type_from=".db_escape($type)."
AND trans.debtor_no=".db_escape($customer_id),
"".TB_PREF."cust_allocations as alloc");
}
AND trans_type_from <> ".ST_CUSTCREDIT;
$result = db_query($sql, "can't retrieve invoice allocations");
- while($free < $amount && ($alloc = db_fetch($result))) {
- $unalloc = min($alloc['amt'], $free);
+ while(($free < $amount) && ($alloc = db_fetch($result))) {
+ $unalloc = min($alloc['amt'], $amount-$free);
update_debtor_trans_allocation($alloc['trans_type_to'], $alloc['trans_no_to'],
-$unalloc);
update_debtor_trans_allocation($alloc['trans_type_from'], $alloc['trans_no_from'],