X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fpayment_terms.php;h=1e0f8c652bb8529c0e1605db8b1789692e378ac0;hb=081465f30442afc4f008a1c7038bef320466a730;hp=1dd5dc67d9b533af4a79efd18634046d4ebe76ec;hpb=052a446983df959affd43314cce01fb28d427ed1;p=fa-stable.git

diff --git a/admin/payment_terms.php b/admin/payment_terms.php
index 1dd5dc67..1e0f8c65 100644
--- a/admin/payment_terms.php
+++ b/admin/payment_terms.php
@@ -13,7 +13,7 @@ $page_security = 'SA_PAYTERMS';
 $path_to_root="..";
 include($path_to_root . "/includes/session.inc");
 
-page(_("Payment Terms"));
+page(_($help_context = "Payment Terms"));
 
 include($path_to_root . "/includes/ui.inc");
 
@@ -103,7 +103,7 @@ if ($Mode == 'Delete')
 {
 	// PREVENT DELETES IF DEPENDENT RECORDS IN debtors_master
 
-	$sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master WHERE payment_terms = '$selected_id'";
+	$sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master WHERE payment_terms = ".db_escape($selected_id);
 	$result = db_query($sql,"check failed");
 	$myrow = db_fetch_row($result);
 	if ($myrow[0] > 0) 
@@ -112,7 +112,7 @@ if ($Mode == 'Delete')
 	} 
 	else 
 	{
-		$sql= "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE payment_terms = '$selected_id'";
+		$sql= "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE payment_terms = ".db_escape($selected_id);
 		$result = db_query($sql,"check failed");
 		$myrow = db_fetch_row($result);
 		if ($myrow[0] > 0) 
@@ -123,7 +123,7 @@ if ($Mode == 'Delete')
 		{
 			//only delete if used in neither customer or supplier accounts
 
-			$sql="DELETE FROM ".TB_PREF."payment_terms WHERE terms_indicator='$selected_id'";
+			$sql="DELETE FROM ".TB_PREF."payment_terms WHERE terms_indicator=".db_escape($selected_id);
 			db_query($sql,"could not delete a payment terms");
 			display_notification(_('Selected payment terms have been deleted'));
 		}
@@ -198,7 +198,7 @@ if ($selected_id != -1)
 	if ($Mode == 'Edit') {
 		//editing an existing payment terms
 		$sql = "SELECT * FROM ".TB_PREF."payment_terms
-			WHERE terms_indicator='$selected_id'";
+			WHERE terms_indicator=".db_escape($selected_id);
 
 		$result = db_query($sql,"could not get payment term");
 		$myrow = db_fetch($result);