Additional sq parameters cleanup.

[fa-stable.git] / sales / includes / db / custalloc_db.inc

diff --git a/sales/includes/db/custalloc_db.inc b/sales/includes/db/custalloc_db.inc
index f9fc78e7cc0a47e0d568dd5ff13a4a09eda8e0e9..16f9227e95f7f961ab5cf163e76c54e3cf1d2a6c 100644 (file)
--- a/sales/includes/db/custalloc_db.inc
+++ b/sales/includes/db/custalloc_db.inc
@@ -140,8 +140,8 @@ function get_allocatable_to_cust_transactions($customer_id, $trans_no=null, $typ
        {
                $sql = get_alloc_trans_sql("amt", "trans.trans_no = alloc.trans_no_to
                        AND trans.type = alloc.trans_type_to
-                       AND alloc.trans_no_from=$trans_no
-                       AND alloc.trans_type_from=$type
+                       AND alloc.trans_no_from=".db_escape($trans_no)."
+                       AND alloc.trans_type_from=".db_escape($type)."
                        AND trans.debtor_no=".db_escape($customer_id),
                        "".TB_PREF."cust_allocations as alloc");
        }
@@ -244,8 +244,8 @@ function credit_sales_invoice_allocate($invoice_no, $credit_no, $amount, $date)
                        AND trans_type_from <> ".ST_CUSTCREDIT;
                $result = db_query($sql, "can't retrieve invoice allocations");
 
-               while($free < $amount && ($alloc = db_fetch($result))) {
-                       $unalloc = min($alloc['amt'], $free);
+               while(($free < $amount) && ($alloc = db_fetch($result))) {
+                       $unalloc = min($alloc['amt'], $amount-$free);
                        update_debtor_trans_allocation($alloc['trans_type_to'], $alloc['trans_no_to'], 
                                -$unalloc);
                        update_debtor_trans_allocation($alloc['trans_type_from'], $alloc['trans_no_from'],