{
if ($selected_id != -1)
{
- $sql = "UPDATE ".TB_PREF."areas SET description=".db_escape($_POST['description'])." WHERE area_code = '$selected_id'";
+ $sql = "UPDATE ".TB_PREF."areas SET description=".db_escape($_POST['description'])." WHERE area_code = ".db_escape($selected_id);
$note = _('Selected sales area has been updated');
}
else
// PREVENT DELETES IF DEPENDENT RECORDS IN 'debtors_master'
- $sql= "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE area='$selected_id'";
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE area=".db_escape($selected_id);
$result = db_query($sql,"check failed");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
}
if ($cancel_delete == 0)
{
- $sql="DELETE FROM ".TB_PREF."areas WHERE area_code='" . $selected_id . "'";
+ $sql="DELETE FROM ".TB_PREF."areas WHERE area_code=".db_escape($selected_id);
db_query($sql,"could not delete sales area");
display_notification(_('Selected sales area has been deleted'));
{
if ($Mode == 'Edit') {
//editing an existing area
- $sql = "SELECT * FROM ".TB_PREF."areas WHERE area_code='$selected_id'";
+ $sql = "SELECT * FROM ".TB_PREF."areas WHERE area_code=".db_escape($selected_id);
$result = db_query($sql,"could not get area");
$myrow = db_fetch($result);