MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
-$page_security = 'SA_SALESTRANSVIEW';
+$page_security = 'SA_SALESINVOICE';
$path_to_root = "../..";
include($path_to_root . "/includes/db_pager.inc");
include($path_to_root . "/includes/session.inc");
//figure out the sql required from the inputs available
if (isset($_POST['DeliveryNumber']) && $_POST['DeliveryNumber'] != "")
{
- $sql .= " AND trans.trans_no LIKE '%". $_POST['DeliveryNumber'] ."'";
+ $delivery = "%".$_POST['DeliveryNumber'];
+ $sql .= " AND trans.trans_no LIKE ".db_escape($delivery);
$sql .= " GROUP BY trans.trans_no";
}
else
$sql .= " AND trans.tran_date <= '".date2sql($_POST['DeliveryToDate'])."'";
if ($selected_customer != -1)
- $sql .= " AND trans.debtor_no='" . $selected_customer . "' ";
+ $sql .= " AND trans.debtor_no=".db_escape($selected_customer)." ";
if (isset($selected_stock_item))
- $sql .= " AND line.stock_id='". $selected_stock_item ."' ";
+ $sql .= " AND line.stock_id=".db_escape($selected_stock_item)." ";
if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT)
- $sql .= " AND sorder.from_stk_loc = '". $_POST['StockLocation'] . "' ";
+ $sql .= " AND sorder.from_stk_loc = ".db_escape($_POST['StockLocation'])." ";
$sql .= " GROUP BY trans.trans_no ";
$table =& new_db_pager('deliveries_tbl', $sql, $cols);
$table->set_marker('check_overdue', _("Marked items are overdue."));
-if (get_post('SearchOrders')) {
- $table->set_sql($sql);
- $table->set_columns($cols);
-}
//$table->width = "92%";
start_form();
projects / fa-stable.git / blobdiff