X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fshipping_companies.php;h=19f034b7408fc343c300539fb0a8d1b0052786d9;hb=081465f30442afc4f008a1c7038bef320466a730;hp=c215f8cd31941cf55e88f5c95aaabc005c514e72;hpb=179e8cf33e77512ca94cf8389ea36a253feebba7;p=fa-stable.git

diff --git a/admin/shipping_companies.php b/admin/shipping_companies.php
index c215f8cd..19f034b7 100644
--- a/admin/shipping_companies.php
+++ b/admin/shipping_companies.php
@@ -12,7 +12,7 @@
 $page_security = 'SA_SHIPPING';
 $path_to_root="..";
 include($path_to_root . "/includes/session.inc");
-page(_("Shipping Company"));
+page(_($help_context = "Shipping Company"));
 include($path_to_root . "/includes/ui.inc");
 
 simple_page_mode(true);
@@ -55,7 +55,7 @@ if ($Mode=='UPDATE_ITEM' && can_process())
 		phone =" . db_escape($_POST['phone']). " ,
 		phone2 =" . db_escape($_POST['phone2']). " ,
 		address =" . db_escape($_POST['address']). "
-		WHERE shipper_id = $selected_id";
+		WHERE shipper_id = ".db_escape($selected_id);
 
 	db_query($sql,"The shipping company could not be updated");
 	display_notification(_('Selected shipping company has been updated'));
@@ -68,7 +68,7 @@ if ($Mode == 'Delete')
 {
 // PREVENT DELETES IF DEPENDENT RECORDS IN 'sales_orders'
 
-	$sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE ship_via='$selected_id'";
+	$sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE ship_via=".db_escape($selected_id);
 	$result = db_query($sql,"check failed");
 	$myrow = db_fetch_row($result);
 	if ($myrow[0] > 0) 
@@ -80,7 +80,7 @@ if ($Mode == 'Delete')
 	{
 		// PREVENT DELETES IF DEPENDENT RECORDS IN 'debtor_trans'
 
-		$sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE ship_via='$selected_id'";
+		$sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE ship_via=".db_escape($selected_id);
 		$result = db_query($sql,"check failed");
 		$myrow = db_fetch_row($result);
 		if ($myrow[0] > 0) 
@@ -90,7 +90,7 @@ if ($Mode == 'Delete')
 		} 
 		else 
 		{
-			$sql="DELETE FROM ".TB_PREF."shippers WHERE shipper_id=$selected_id";
+			$sql="DELETE FROM ".TB_PREF."shippers WHERE shipper_id=".db_escape($selected_id);
 			db_query($sql,"could not delete shipper");
 			display_notification(_('Selected shipping company has been deleted'));
 		}
@@ -146,7 +146,7 @@ if ($selected_id != -1)
  	if ($Mode == 'Edit') {
 		//editing an existing Shipper
 
-		$sql = "SELECT * FROM ".TB_PREF."shippers WHERE shipper_id=$selected_id";
+		$sql = "SELECT * FROM ".TB_PREF."shippers WHERE shipper_id=".db_escape($selected_id);
 
 		$result = db_query($sql, "could not get shipper");
 		$myrow = db_fetch($result);