X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fview_print_transaction.php;h=99f2be1df36104b4dad0e9d148f1394439c83d97;hb=54d84ff9a67620ab38c676cdbcf87853632724f0;hp=98bf8d9e7ca9f188437189b4e7089bceef1f0b26;hpb=d567a10b7925c8bb97c734e213d6651a979af29d;p=fa-stable.git diff --git a/admin/view_print_transaction.php b/admin/view_print_transaction.php index 98bf8d9e..99f2be1d 100644 --- a/admin/view_print_transaction.php +++ b/admin/view_print_transaction.php @@ -60,7 +60,7 @@ function viewing_controls() ref_cells(_("to #:"), 'ToTransNo'); - submit_cells('ProcessSearch', _("Search"), '', '', true); + submit_cells('ProcessSearch', _("Search"), '', '', 'default'); end_row(); end_table(1); @@ -82,8 +82,6 @@ function check_valid_entries() display_error(_("The ending transaction number is expected to be numeric and greater than zero.")); return false; } - if (!isset($_POST['filterType']) || $_POST['filterType'] == "") - return false; return true; } @@ -111,11 +109,11 @@ function handle_search() $sql .= " ,$trans_ref "; $sql .= ", ".$_POST['filterType']." as type FROM $table_name - WHERE $trans_no_name >= " . $_POST['FromTransNo']. " - AND $trans_no_name <= " . $_POST['ToTransNo']; + WHERE $trans_no_name >= ".db_escape($_POST['FromTransNo']). " + AND $trans_no_name <= ".db_escape($_POST['ToTransNo']); if ($type_name != null) - $sql .= " AND `$type_name` = " . $_POST['filterType']; + $sql .= " AND `$type_name` = ".db_escape($_POST['filterType']); $sql .= " ORDER BY $trans_no_name"; @@ -139,7 +137,7 @@ function handle_search() } $table =& new_db_pager('transactions', $sql, $cols); - if (list_updated('filterType')) { + if (list_updated('filterType') || get_post('ProcessSearch')) { $table->set_sql($sql); $table->set_columns($cols); } @@ -160,7 +158,7 @@ if (isset($_POST['ProcessSearch'])) //---------------------------------------------------------------------------------------- -start_form(false, true); +start_form(false); viewing_controls(); handle_search(); end_form(2);