X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=manufacturing%2Fsearch_work_orders.php;h=3fdbf1df1db44d1c2c524625868a7ba69f890d5f;hb=cae3ea743a1a1c96a4e679e2378c758500cd233e;hp=b4e0d2f5cb5401d02c601f0435aca1f6ab7a0dd3;hpb=f0f460043b9bcb6153c0f6f82d4a74433efe4ad8;p=fa-stable.git

diff --git a/manufacturing/search_work_orders.php b/manufacturing/search_work_orders.php
index b4e0d2f5..3fdbf1df 100644
--- a/manufacturing/search_work_orders.php
+++ b/manufacturing/search_work_orders.php
@@ -23,12 +23,12 @@ if (isset($_GET['outstanding_only']) && ($_GET['outstanding_only'] == true))
 {
 // curently outstanding simply means not closed
 	$outstanding_only = 1;
-	page(_("Search Outstanding Work Orders"), false, false, "", $js);
+	page(_($help_context = "Search Outstanding Work Orders"), false, false, "", $js);
 }
 else
 {
 	$outstanding_only = 0;
-	page(_("Search Work Orders"), false, false, "", $js);
+	page(_($help_context = "Search Work Orders"), false, false, "", $js);
 }
 //-----------------------------------------------------------------------------------
 // Ajax updates
@@ -79,8 +79,6 @@ submit_cells('SearchOrders', _("Search"),'',_('Select documents'),  'default');
 end_row();
 end_table();
 
-end_form();
-
 //-----------------------------------------------------------------------------
 function check_overdue($row)
 {
@@ -185,17 +183,17 @@ if (check_value('OpenOnly') || $outstanding_only != 0)
 
 if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != $all_items)
 {
-	$sql .= " AND workorder.loc_code='" . $_POST['StockLocation'] . "' ";
+	$sql .= " AND workorder.loc_code=".db_escape($_POST['StockLocation']);
 }
 
 if (isset($_POST['OrderNumber']) && $_POST['OrderNumber'] != "")
 {
-	$sql .= " AND workorder.wo_ref LIKE '%". $_POST['OrderNumber'] . "%'";
+	$sql .= " AND workorder.wo_ref LIKE ".db_escape('%'.$_POST['OrderNumber'].'%');
 }
 
 if (isset($_POST['SelectedStockItem']) && $_POST['SelectedStockItem'] != $all_items)
 {
-	$sql .= " AND workorder.stock_id='". $_POST['SelectedStockItem'] . "'";
+	$sql .= " AND workorder.stock_id=".db_escape($_POST['SelectedStockItem']);
 }
 
 if (check_value('OverdueOnly'))
@@ -226,7 +224,6 @@ $table =& new_db_pager('orders_tbl', $sql, $cols);
 $table->set_marker('check_overdue', _("Marked orders are overdue."));
 
 $table->width = "90%";
-start_form();
 
 display_db_pager($table);