$cancel_delete = 0;
// PREVENT DELETES IF DEPENDENT RECORDS IN 'debtor_trans'
-
- $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE debtor_no='" . $_POST['customer_id'] . "'";
+ $sel_id = db_escape($_POST['customer_id']);
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE debtor_no=$sel_id";
$result = db_query($sql,"check failed");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
}
else
{
- $sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE debtor_no='" . $_POST['customer_id'] . "'";
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE debtor_no=$sel_id";
$result = db_query($sql,"check failed");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
}
else
{
- $sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE debtor_no='" . $_POST['customer_id'] . "'";
+ $sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE debtor_no=$sel_id";
$result = db_query($sql,"check failed");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
if ($cancel_delete == 0)
{ //ie not cancelled the delete as a result of above tests
- $sql = "DELETE FROM ".TB_PREF."debtors_master WHERE debtor_no='" . $_POST['customer_id'] . "'";
+ $sql = "DELETE FROM ".TB_PREF."debtors_master WHERE debtor_no=$sel_id";
db_query($sql,"cannot delete customer");
display_notification(_("Selected customer has been deleted."));
{
start_table("class = 'tablestyle_noborder'");
start_row();
- check_cells(_("Show inactive:"), 'show_inactive', null, true);
customer_list_cells(_("Select a customer: "), 'customer_id', null,
_('New customer'), true, check_value('show_inactive'));
+ check_cells(_("Show inactive:"), 'show_inactive', null, true);
end_row();
end_table();
- if (get_post('_show_inactive_update'))
+ if (get_post('_show_inactive_update')) {
$Ajax->activate('customer_id');
+ set_focus('customer_id');
+ }
}
else
{
else
{
- $sql = "SELECT * FROM ".TB_PREF."debtors_master WHERE debtor_no = '" . $_POST['customer_id'] . "'";
+ $sql = "SELECT * FROM ".TB_PREF."debtors_master WHERE debtor_no = ".db_escape($_POST['customer_id']);
$result = db_query($sql,"check failed");
$myrow = db_fetch($result);