X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=sales%2Fincludes%2Fdb%2Fcust_trans_details_db.inc;h=86310ffaf0995bda3e2615cc56cd7f62c440bbcd;hb=5088ee92669272ebac6f1bd1acebc05fe382829f;hp=8d7ce3860a86aaaa7db2692307c1014759712695;hpb=4e436722cb991b7273c08bdc1dc53b5390772972;p=fa-stable.git

diff --git a/sales/includes/db/cust_trans_details_db.inc b/sales/includes/db/cust_trans_details_db.inc
index 8d7ce386..86310ffa 100644
--- a/sales/includes/db/cust_trans_details_db.inc
+++ b/sales/includes/db/cust_trans_details_db.inc
@@ -1,13 +1,13 @@
 <?php
 /**********************************************************************
     Copyright (C) FrontAccounting, LLC.
-	Released under the terms of the GNU Affero General Public License,
-	AGPL, as published by the Free Software Foundation, either version 
-	3 of the License, or (at your option) any later version.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
-    See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
 //----------------------------------------------------------------------------------------
 
@@ -30,7 +30,7 @@ if (!is_array($debtor_trans_no))
 	$sql .= implode(' OR ', $tr);
 
 
-	$sql.=	") AND debtor_trans_type=$debtor_trans_type
+	$sql.=	") AND debtor_trans_type=".db_escape($debtor_trans_type)."
 		AND ".TB_PREF."stock_master.stock_id=".TB_PREF."debtor_trans_details.stock_id
 		ORDER BY id";
 	return db_query($sql, "The debtor transaction detail could not be queried");
@@ -42,8 +42,8 @@ function void_customer_trans_details($type, $type_no)
 {
 	$sql = "UPDATE ".TB_PREF."debtor_trans_details SET quantity=0, unit_price=0,
 		unit_tax=0, discount_percent=0, standard_cost=0
-		WHERE debtor_trans_no=$type_no
-		AND debtor_trans_type=$type";
+		WHERE debtor_trans_no=".db_escape($type_no)."
+		AND debtor_trans_type=".db_escape($type);
 
 	db_query($sql, "The debtor transaction details could not be voided");
 
@@ -64,12 +64,12 @@ function write_customer_trans_detail_item($debtor_trans_type, $debtor_trans_no,
 			unit_tax=$unit_tax,
 			discount_percent=$discount_percent,
 			standard_cost=$std_cost WHERE
-			id=$line_id";
+			id=".db_escape($line_id);
 	else
 			$sql = "INSERT INTO ".TB_PREF."debtor_trans_details (debtor_trans_no,
 				debtor_trans_type, stock_id, description, quantity, unit_price,
 				unit_tax, discount_percent, standard_cost)
-			VALUES ($debtor_trans_no, $debtor_trans_type, ".db_escape($stock_id).
+			VALUES (".db_escape($debtor_trans_no).", ".db_escape($debtor_trans_type).", ".db_escape($stock_id).
 			", ".db_escape($description).",
 				$quantity, $unit_price, $unit_tax, $discount_percent, $std_cost)";