X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=dimensions%2Finquiry%2Fsearch_dimensions.php;h=752b5507ab2574ab164425d76aa1efd8583a5d90;hb=42e7c789b5c755130859f7e487d7c3057fadfcdf;hp=eaf74c1988f825fac739dd68099147b2082aa503;hpb=61af570a407ed30eaad4816a4394af267ec45e67;p=fa-stable.git

diff --git a/dimensions/inquiry/search_dimensions.php b/dimensions/inquiry/search_dimensions.php
index eaf74c19..752b5507 100644
--- a/dimensions/inquiry/search_dimensions.php
+++ b/dimensions/inquiry/search_dimensions.php
@@ -96,7 +96,7 @@ $dim = get_company_pref('use_dimension');
 
 function view_link($row) 
 {
-	return get_dimensions_trans_view_str(systypes::dimension(), $row["id"]);
+	return get_dimensions_trans_view_str(ST_DIMENSION, $row["id"]);
 }
 
 function is_closed($row)
@@ -141,7 +141,7 @@ $sql = "SELECT dim.id,
 
 if (isset($_POST['OrderNumber']) && $_POST['OrderNumber'] != "")
 {
-	$sql .= " AND reference LIKE '%". $_POST['OrderNumber'] . "%'";
+	$sql .= " AND reference LIKE ".db_escape("%". $_POST['OrderNumber'] . "%");
 } else {
 
 	if ($dim == 1)
@@ -154,14 +154,14 @@ if (isset($_POST['OrderNumber']) && $_POST['OrderNumber'] != "")
 
 	if (isset($_POST['type_']) && ($_POST['type_'] > 0))
 	{
-   		$sql .= " AND type_=" . $_POST['type_'];
+   		$sql .= " AND type_=".db_escape($_POST['type_']);
 	}
 
 	if (isset($_POST['OverdueOnly']))
 	{
 		$today = date2sql(Today());
 
-	   	$sql .= " AND due_date < '$today' ";
+	   	$sql .= " AND due_date < '$today'";
 	}
 
 	$sql .= " AND date_ >= '" . date2sql($_POST['FromDate']) . "'
@@ -187,10 +187,6 @@ if ($outstanding_only) {
 $table =& new_db_pager('dim_tbl', $sql, $cols);
 $table->set_marker('is_overdue', _("Marked dimensions are overdue."));
 
-if (get_post('SearchOrders')) {
-	$table->set_sql($sql);
-	$table->set_columns($cols);
-}
 $table->width = "80%";
 start_form();