X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fview_print_transaction.php;h=3969418151680e4e5941a15115909e8e4f47506c;hb=45a035785b9a820621da56dec93078b3ccd9832e;hp=ec5e0f2d157e2938c0231367e891ca5bd595e5a1;hpb=ddadb47f2620ce6902ad4694ce6512568862ba05;p=fa-stable.git

diff --git a/admin/view_print_transaction.php b/admin/view_print_transaction.php
index ec5e0f2d..39694181 100644
--- a/admin/view_print_transaction.php
+++ b/admin/view_print_transaction.php
@@ -109,11 +109,11 @@ function handle_search()
 			$sql .= " ,$trans_ref ";
 
 		$sql .= ", ".$_POST['filterType']." as type FROM $table_name
-			WHERE $trans_no_name >= " . $_POST['FromTransNo']. "
-			AND  $trans_no_name <= " . $_POST['ToTransNo'];
+			WHERE $trans_no_name >= ".db_escape($_POST['FromTransNo']). "
+			AND  $trans_no_name <= ".db_escape($_POST['ToTransNo']);
 
 		if ($type_name != null)
-			$sql .= " AND `$type_name` = " . $_POST['filterType'];
+			$sql .= " AND `$type_name` = ".db_escape($_POST['filterType']);
 
 		$sql .= " ORDER BY $trans_no_name";
 
@@ -137,10 +137,6 @@ function handle_search()
 		}
 
 		$table =& new_db_pager('transactions', $sql, $cols);
-		if (list_updated('filterType') || get_post('ProcessSearch')) {
-			$table->set_sql($sql);
-			$table->set_columns($cols);
-		}
 		$table->width = "40%";
 		display_db_pager($table);
 	}