Common ui code for allocations moved toallocation_cart.inc

[fa-stable.git] / sales / manage / customers.php

diff --git a/sales/manage/customers.php b/sales/manage/customers.php
index effc0c9e0a59edc06d66a2103713241e9f24013e..16581f55f2d5dc5f774c38e21c523a27d51b20bc 100644 (file)
--- a/sales/manage/customers.php
+++ b/sales/manage/customers.php
@@ -142,8 +142,8 @@ if (isset($_POST['delete']))
        $cancel_delete = 0;
 
        // PREVENT DELETES IF DEPENDENT RECORDS IN 'debtor_trans'
-
-       $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE debtor_no='" . $_POST['customer_id'] . "'";
+       $sel_id = db_escape($_POST['customer_id']);
+       $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE debtor_no=$sel_id";
        $result = db_query($sql,"check failed");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0) 
@@ -153,7 +153,7 @@ if (isset($_POST['delete']))
        } 
        else 
        {
-               $sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE debtor_no='" . $_POST['customer_id'] . "'";
+               $sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE debtor_no=$sel_id";
                $result = db_query($sql,"check failed");
                $myrow = db_fetch_row($result);
                if ($myrow[0] > 0) 
@@ -163,7 +163,7 @@ if (isset($_POST['delete']))
                } 
                else 
                {
-                       $sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE debtor_no='" . $_POST['customer_id'] . "'";
+                       $sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE debtor_no=$sel_id";
                        $result = db_query($sql,"check failed");
                        $myrow = db_fetch_row($result);
                        if ($myrow[0] > 0) 
@@ -177,7 +177,7 @@ if (isset($_POST['delete']))
        
        if ($cancel_delete == 0) 
        {       //ie not cancelled the delete as a result of above tests
-               $sql = "DELETE FROM ".TB_PREF."debtors_master WHERE debtor_no='" . $_POST['customer_id'] . "'";
+               $sql = "DELETE FROM ".TB_PREF."debtors_master WHERE debtor_no=$sel_id";
                db_query($sql,"cannot delete customer");
 
                display_notification(_("Selected customer has been deleted."));
@@ -195,13 +195,15 @@ if (db_has_customers())
 {
        start_table("class = 'tablestyle_noborder'");
        start_row();
-       check_cells(_("Show inactive:"), 'show_inactive', null, true);
        customer_list_cells(_("Select a customer: "), 'customer_id', null,
                _('New customer'), true, check_value('show_inactive'));
+       check_cells(_("Show inactive:"), 'show_inactive', null, true);
        end_row();
        end_table();
-       if (get_post('_show_inactive_update'))
+       if (get_post('_show_inactive_update')) {
                $Ajax->activate('customer_id');
+               set_focus('customer_id');
+       }
 } 
 else 
 {
@@ -225,7 +227,7 @@ if ($new_customer)
 else 
 {
 
-       $sql = "SELECT * FROM ".TB_PREF."debtors_master WHERE debtor_no = '" . $_POST['customer_id'] . "'";
+       $sql = "SELECT * FROM ".TB_PREF."debtors_master WHERE debtor_no = ".db_escape($_POST['customer_id']);
        $result = db_query($sql,"check failed");
 
        $myrow = db_fetch($result);