X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Fincludes%2Fdb%2Fsuppliers_db.inc;h=dd72a6cf94efa8628354bc9648ffe26fc31c699c;hb=45a035785b9a820621da56dec93078b3ccd9832e;hp=1cfa85daa45c3c4ec858a8f53a37a64ed99b0d2a;hpb=ddadb47f2620ce6902ad4694ce6512568862ba05;p=fa-stable.git diff --git a/purchasing/includes/db/suppliers_db.inc b/purchasing/includes/db/suppliers_db.inc index 1cfa85da..dd72a6cf 100644 --- a/purchasing/includes/db/suppliers_db.inc +++ b/purchasing/includes/db/suppliers_db.inc @@ -60,7 +60,7 @@ function get_supplier_details($supplier_id, $to=null) ".TB_PREF."payment_terms WHERE ".TB_PREF."suppliers.payment_terms = ".TB_PREF."payment_terms.terms_indicator - AND ".TB_PREF."suppliers.supplier_id = '$supplier_id'"; + AND ".TB_PREF."suppliers.supplier_id = ".db_escape($supplier_id); $result = db_query($sql,"The customer details could not be retrieved"); @@ -86,7 +86,7 @@ function get_supplier_details($supplier_id, $to=null) function get_supplier($supplier_id) { - $sql = "SELECT * FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id"; + $sql = "SELECT * FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id); $result = db_query($sql, "could not get supplier"); @@ -95,7 +95,7 @@ function get_supplier($supplier_id) function get_supplier_name($supplier_id) { - $sql = "SELECT supp_name AS name FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id"; + $sql = "SELECT supp_name AS name FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id); $result = db_query($sql, "could not get supplier"); @@ -106,7 +106,7 @@ function get_supplier_name($supplier_id) function get_supplier_accounts($supplier_id) { - $sql = "SELECT payable_account,purchase_account,payment_discount_account FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id"; + $sql = "SELECT payable_account,purchase_account,payment_discount_account FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id); $result = db_query($sql, "could not get supplier");