X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Fmanage%2Fsuppliers.php;h=fbaabbca01610f4eee656aed6d34cf4b34ec75a5;hb=8fd0c50cc4a19a07c61ee87a632377419d096a5a;hp=6745d7b96f3c196ca64d17e9592599e566ac7b6f;hpb=b368791672016b32791f0042773ee39c717f2d8d;p=fa-stable.git diff --git a/purchasing/manage/suppliers.php b/purchasing/manage/suppliers.php index 6745d7b9..fbaabbca 100644 --- a/purchasing/manage/suppliers.php +++ b/purchasing/manage/suppliers.php @@ -37,6 +37,7 @@ if (isset($_POST['submit'])) { $input_error = 1; display_error(_("The supplier name must be entered.")); + set_focus('supp_name'); } if ($input_error !=1 ) @@ -45,18 +46,18 @@ if (isset($_POST['submit'])) if (!isset($_POST['New'])) { - $sql = "UPDATE ".TB_PREF."suppliers SET supp_name='" . $_POST['supp_name'] . "', - address='" . $_POST['address'] . "', - email='" . $_POST['email'] . "', - bank_account='" . $_POST['bank_account'] . "', - dimension_id=" . $_POST['dimension_id'] . ", - dimension2_id=" . $_POST['dimension2_id'] . ", - curr_code='" . $_POST['curr_code'] . "', - payment_terms='" . $_POST['payment_terms'] . "', - payable_account='" . $_POST['payable_account'] . "', - purchase_account='" . $_POST['purchase_account'] . "', - payment_discount_account='" . $_POST['payment_discount_account'] . "', - tax_group_id=" . $_POST['tax_group_id'] . " WHERE supplier_id = '" . $_POST['supplier_id'] . "'"; + $sql = "UPDATE ".TB_PREF."suppliers SET supp_name=".db_escape($_POST['supp_name']) . ", + address=".db_escape($_POST['address']) . ", + email=".db_escape($_POST['email']) . ", + bank_account=".db_escape($_POST['bank_account']) . ", + dimension_id=".db_escape($_POST['dimension_id']) . ", + dimension2_id=".db_escape($_POST['dimension2_id']) . ", + curr_code=".db_escape($_POST['curr_code']).", + payment_terms=".db_escape($_POST['payment_terms']) . ", + payable_account=".db_escape($_POST['payable_account']) . ", + purchase_account=".db_escape($_POST['purchase_account']) . ", + payment_discount_account=".db_escape($_POST['payment_discount_account']) . ", + tax_group_id=".db_escape($_POST['tax_group_id']) . " WHERE supplier_id = '" . $_POST['supplier_id'] . "'"; db_query($sql,"The supplier could not be updated"); @@ -66,18 +67,18 @@ if (isset($_POST['submit'])) $sql = "INSERT INTO ".TB_PREF."suppliers (supp_name, address, email, bank_account, dimension_id, dimension2_id, curr_code, payment_terms, payable_account, purchase_account, payment_discount_account, tax_group_id) - VALUES ('" . $_POST['supp_name'] . "', '" . - $_POST['address'] . "', '" . - $_POST['email'] . "', '" . - $_POST['bank_account'] . "', " . - $_POST['dimension_id'] . ", " . - $_POST['dimension2_id'] . ", '" . - $_POST['curr_code'] . "', '" . - $_POST['payment_terms'] . "', '" . - $_POST['payable_account'] . "', '" . - $_POST['purchase_account'] . "', '" . - $_POST['payment_discount_account'] . "', " . - $_POST['tax_group_id'] . ")"; + VALUES (".db_escape($_POST['supp_name']). ", " + .db_escape($_POST['address']) . ", " + .db_escape($_POST['email']). ", " + .db_escape($_POST['bank_account']). ", " + .db_escape($_POST['dimension_id']). ", " + .db_escape($_POST['dimension2_id']). ", " + .db_escape($_POST['curr_code']). ", " + .db_escape($_POST['payment_terms']). ", " + .db_escape($_POST['payable_account']). ", " + .db_escape($_POST['purchase_account']). ", " + .db_escape($_POST['payment_discount_account']). ", " + .db_escape($_POST['tax_group_id']). ")"; db_query($sql,"The supplier could not be added"); }