X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=reporting%2Frep304.php;h=f1262a1873730d0d5602e7d2769d647cec0feb90;hb=cceb107ab3e8db0b400aeb7b98d0360e06ba8dae;hp=7dbe339afbeef53b8743aae6f60130e9c96dbcad;hpb=80dd97a37f674cc3691fa04af4c29607067566b2;p=fa-stable.git

diff --git a/reporting/rep304.php b/reporting/rep304.php
index 7dbe339a..f1262a18 100644
--- a/reporting/rep304.php
+++ b/reporting/rep304.php
@@ -56,14 +56,14 @@ function getTransactions($category, $location, $fromcust, $from, $to)
 		AND ".TB_PREF."stock_moves.trans_no=".TB_PREF."debtor_trans.trans_no
 		AND ".TB_PREF."stock_moves.tran_date>='$from'
 		AND ".TB_PREF."stock_moves.tran_date<='$to'
-		AND ((".TB_PREF."debtor_trans.type=13 AND ".TB_PREF."debtor_trans.version=1) OR ".TB_PREF."stock_moves.type=11)
+		AND ((".TB_PREF."debtor_trans.type=".ST_CUSTDELIVERY." AND ".TB_PREF."debtor_trans.version=1) OR ".TB_PREF."stock_moves.type=".ST_CUSTCREDIT.")
 		AND (".TB_PREF."stock_master.mb_flag='B' OR ".TB_PREF."stock_master.mb_flag='M')";
 		if ($category != 0)
-			$sql .= " AND ".TB_PREF."stock_master.category_id = '$category'";
+			$sql .= " AND ".TB_PREF."stock_master.category_id = ".db_escape($category);
 		if ($location != 'all')
-			$sql .= " AND ".TB_PREF."stock_moves.loc_code = '$location'";
+			$sql .= " AND ".TB_PREF."stock_moves.loc_code = ".db_escape($location);
 		if ($fromcust != -1)
-			$sql .= " AND ".TB_PREF."debtors_master.debtor_no = $fromcust";
+			$sql .= " AND ".TB_PREF."debtors_master.debtor_no = ".db_escape($fromcust);
 		$sql .= " GROUP BY ".TB_PREF."stock_master.stock_id, ".TB_PREF."debtors_master.name ORDER BY ".TB_PREF."stock_master.category_id,
 			".TB_PREF."stock_master.stock_id, ".TB_PREF."debtors_master.name";
     return db_query($sql,"No transactions were returned");