X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=reporting%2Frep108.php;h=97c4413bc711cf308dc8ae5200cb1e2c86e2ebb6;hb=af78fbb535a6fedbc2eb70a26ddc39739be2b986;hp=a85073a2388d5653a895a73ffd07434566186415;hpb=28e7dac267b65d8163ca41c452c42706d0ffb2dd;p=fa-stable.git

diff --git a/reporting/rep108.php b/reporting/rep108.php
index a85073a2..97c4413b 100644
--- a/reporting/rep108.php
+++ b/reporting/rep108.php
@@ -32,12 +32,13 @@ print_statements();
 function getTransactions($debtorno, $date)
 {
     $sql = "SELECT ".TB_PREF."debtor_trans.*,
-				(".TB_PREF."debtor_trans.ov_amount + ".TB_PREF."debtor_trans.ov_gst + ".TB_PREF."debtor_trans.ov_freight + ".TB_PREF."debtor_trans.ov_discount)
+				(".TB_PREF."debtor_trans.ov_amount + ".TB_PREF."debtor_trans.ov_gst + ".TB_PREF."debtor_trans.ov_freight + 
+				".TB_PREF."debtor_trans.ov_freight_tax + ".TB_PREF."debtor_trans.ov_discount)
 				AS TotalAmount, ".TB_PREF."debtor_trans.alloc AS Allocated,
 				((".TB_PREF."debtor_trans.type = ".ST_SALESINVOICE.")
 					AND ".TB_PREF."debtor_trans.due_date < '$date') AS OverDue
     			FROM ".TB_PREF."debtor_trans
-    			WHERE ".TB_PREF."debtor_trans.tran_date <= '$date' AND ".TB_PREF."debtor_trans.debtor_no = '$debtorno'
+    			WHERE ".TB_PREF."debtor_trans.tran_date <= '$date' AND ".TB_PREF."debtor_trans.debtor_no = ".db_escape($debtorno)."
     				AND ".TB_PREF."debtor_trans.type <> ".ST_CUSTDELIVERY."
     				ORDER BY ".TB_PREF."debtor_trans.tran_date";
 
@@ -81,7 +82,7 @@ function print_statements()
 
 	$sql = "SELECT debtor_no, name AS DebtorName, address, tax_id, email, curr_code, curdate() AS tran_date, payment_terms FROM ".TB_PREF."debtors_master";
 	if ($customer != ALL_NUMERIC)
-		$sql .= " WHERE debtor_no = $customer";
+		$sql .= " WHERE debtor_no = ".db_escape($customer);
 	else
 		$sql .= " ORDER by name";
 	$result = db_query($sql, "The customers could not be retrieved");