X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Finquiry%2Fpo_search_completed.php;h=1632f5b49de15f440d70011bdffddec4ba1231a1;hb=0bf933423b9645bcb57390c478d4fdaf0c895049;hp=f13c95fdf3d920bebb57cec6cf27a4ba1ae3c14a;hpb=80dd97a37f674cc3691fa04af4c29607067566b2;p=fa-stable.git diff --git a/purchasing/inquiry/po_search_completed.php b/purchasing/inquiry/po_search_completed.php index f13c95fd..1632f5b4 100644 --- a/purchasing/inquiry/po_search_completed.php +++ b/purchasing/inquiry/po_search_completed.php @@ -21,7 +21,7 @@ if ($use_popup_windows) $js .= get_js_open_window(900, 500); if ($use_date_picker) $js .= get_js_date_picker(); -page(_("Search Purchase Orders"), false, false, "", $js); +page(_($help_context = "Search Purchase Orders"), false, false, "", $js); if (isset($_GET['order_number'])) { @@ -69,7 +69,6 @@ stock_items_list_cells(_("for item:"), 'SelectStockFromList', null, true); submit_cells('SearchOrders', _("Search"),'',_('Select documents'), 'default'); end_row(); end_table(); -end_form(); //--------------------------------------------------------------------------------------------- if (isset($_POST['order_number'])) { @@ -126,7 +125,7 @@ $sql = "SELECT if (isset($order_number) && $order_number != "") { - $sql .= "AND porder.reference LIKE '%". $order_number . "%'"; + $sql .= "AND porder.reference LIKE ".db_escape('%'. $order_number . '%'); } else { @@ -139,11 +138,11 @@ else if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT) { - $sql .= " AND porder.into_stock_location = '". $_POST['StockLocation'] . "' "; + $sql .= " AND porder.into_stock_location = ".db_escape($_POST['StockLocation']); } if (isset($selected_stock_item)) { - $sql .= " AND line.item_code='". $selected_stock_item ."' "; + $sql .= " AND line.item_code=".db_escape($selected_stock_item); } } //end not order number selected @@ -170,12 +169,7 @@ if (get_post('StockLocation') != $all_items) { $table =& new_db_pager('orders_tbl', $sql, $cols); -if (get_post('SearchOrders')) { - $table->set_sql($sql); - $table->set_columns($cols); -} $table->width = "80%"; -start_form(); display_db_pager($table);