X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fpayment_terms.php;h=33ddf1189cc0bcc5fd911632224dfd62544dde50;hb=b32d16b2c0c6c43e569ebe87e2a13ceb892b5788;hp=cf46b90665ba70f531c40565e0dd518eedaf3f91;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/admin/payment_terms.php b/admin/payment_terms.php
index cf46b906..33ddf118 100644
--- a/admin/payment_terms.php
+++ b/admin/payment_terms.php
@@ -31,21 +31,25 @@ if (isset($_POST['ADD_ITEM']) OR isset($_POST['UPDATE_ITEM']))
 	{
 		$inpug_error = 1;
 		display_error( _("The number of days or the day in the following month must be numeric."));
+		set_focus('DayNumber');
 	} 
 	elseif (strlen($_POST['terms']) == 0) 
 	{
 		$inpug_error = 1;
 		display_error( _("The Terms description must be entered."));
+		set_focus('terms');
 	} 
 	elseif ($_POST['DayNumber'] > 30 && !check_value('DaysOrFoll')) 
 	{
 		$inpug_error = 1;
 		display_error( _("When the check box to indicate a day in the following month is the due date, the due date cannot be a day after the 30th. A number between 1 and 30 is expected."));
+		set_focus('DayNumber');
 	} 
 	elseif ($_POST['DayNumber'] > 500 && check_value('DaysOrFoll')) 
 	{
 		$inpug_error = 1;
 		display_error( _("When the check box is not checked to indicate that the term expects a number of days after which accounts are due, the number entered should be less than 500 days."));
+		set_focus('DayNumber');
 	}
 
 	if ($_POST['DayNumber'] == '')
@@ -57,17 +61,17 @@ if (isset($_POST['ADD_ITEM']) OR isset($_POST['UPDATE_ITEM']))
     	{
     		if (check_value('DaysOrFoll')) 
     		{
-    			$sql = "UPDATE ".TB_PREF."payment_terms SET terms='" . $_POST['terms'] . "',
+    			$sql = "UPDATE ".TB_PREF."payment_terms SET terms=" . db_escape($_POST['terms']) . ",
 					day_in_following_month=0,
-					days_before_due=" . $_POST['DayNumber'] . "
-					WHERE terms_indicator = '" . $selected_id . "'";
+					days_before_due=" . db_escape($_POST['DayNumber']) . "
+					WHERE terms_indicator = " .db_escape($selected_id);
     		} 
     		else 
     		{
-    			$sql = "UPDATE ".TB_PREF."payment_terms SET terms='" . $_POST['terms'] . "',
-					day_in_following_month=" . $_POST['DayNumber'] . ",
+    			$sql = "UPDATE ".TB_PREF."payment_terms SET terms=" . db_escape($_POST['terms']) . ",
+					day_in_following_month=" . db_escape($_POST['DayNumber']) . ",
 					days_before_due=0
-					WHERE terms_indicator = '" . $selected_id . "'";
+					WHERE terms_indicator = " .db_escape( $selected_id );
     		}
 
     	} 
@@ -78,15 +82,15 @@ if (isset($_POST['ADD_ITEM']) OR isset($_POST['UPDATE_ITEM']))
     		{
     			$sql = "INSERT INTO ".TB_PREF."payment_terms (terms,
 					days_before_due, day_in_following_month)
-					VALUES ('" .
-					$_POST['terms'] . "', " . $_POST['DayNumber'] . ", 0)";
+					VALUES (" .
+					db_escape($_POST['terms']) . ", " . db_escape($_POST['DayNumber']) . ", 0)";
     		} 
     		else 
     		{
     			$sql = "INSERT INTO ".TB_PREF."payment_terms (terms,
 					days_before_due, day_in_following_month)
-					VALUES ('" . $_POST['terms'] . "',
-					0, " . $_POST['DayNumber'] . ")";
+					VALUES (" . db_escape($_POST['terms']) . ",
+					0, " . db_escape($_POST['DayNumber']) . ")";
     		}
 
     	}