MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
-$page_security = 'SA_SALESTRANSVIEW';
+$page_security = 'SA_SALESINVOICE';
$path_to_root = "../..";
include($path_to_root . "/includes/db_pager.inc");
include($path_to_root . "/includes/session.inc");
if (isset($_GET['OutstandingOnly']) && ($_GET['OutstandingOnly'] == true))
{
$_POST['OutstandingOnly'] = true;
- page(_("Search Not Invoiced Deliveries"), false, false, "", $js);
+ page(_($help_context = "Search Not Invoiced Deliveries"), false, false, "", $js);
}
else
{
$_POST['OutstandingOnly'] = false;
- page(_("Search All Deliveries"), false, false, "", $js);
+ page(_($help_context = "Search All Deliveries"), false, false, "", $js);
}
if (isset($_GET['selected_customer']))
end_row();
end_table();
-end_form();
//---------------------------------------------------------------------------------------------
if (isset($_POST['SelectStockFromList']) && ($_POST['SelectStockFromList'] != "") &&
//figure out the sql required from the inputs available
if (isset($_POST['DeliveryNumber']) && $_POST['DeliveryNumber'] != "")
{
- $sql .= " AND trans.trans_no LIKE '%". $_POST['DeliveryNumber'] ."'";
+ $delivery = "%".$_POST['DeliveryNumber'];
+ $sql .= " AND trans.trans_no LIKE ".db_escape($delivery);
$sql .= " GROUP BY trans.trans_no";
}
else
$sql .= " AND trans.tran_date <= '".date2sql($_POST['DeliveryToDate'])."'";
if ($selected_customer != -1)
- $sql .= " AND trans.debtor_no='" . $selected_customer . "' ";
+ $sql .= " AND trans.debtor_no=".db_escape($selected_customer)." ";
if (isset($selected_stock_item))
- $sql .= " AND line.stock_id='". $selected_stock_item ."' ";
+ $sql .= " AND line.stock_id=".db_escape($selected_stock_item)." ";
if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT)
- $sql .= " AND sorder.from_stk_loc = '". $_POST['StockLocation'] . "' ";
+ $sql .= " AND sorder.from_stk_loc = ".db_escape($_POST['StockLocation'])." ";
$sql .= " GROUP BY trans.trans_no ";
//$table->width = "92%";
-start_form();
-
display_db_pager($table);
end_form();