X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fcreate_recurrent_invoices.php;h=492d8482e8c4e0e0bf6d147eb0168836ee25c061;hb=2a42ffb56ef6651b8a136cd89271e65d397d7677;hp=f1897335ba88887d9bf9f835b8d0212c00959ea9;hpb=ddadb47f2620ce6902ad4694ce6512568862ba05;p=fa-stable.git

diff --git a/sales/create_recurrent_invoices.php b/sales/create_recurrent_invoices.php
index f1897335..492d8482 100644
--- a/sales/create_recurrent_invoices.php
+++ b/sales/create_recurrent_invoices.php
@@ -26,7 +26,7 @@ page(_("Create and Print Recurrent Invoices"), false, false, "", $js);
 function set_last_sent($id, $date)
 {
 	$date = date2sql($date);
-	$sql = "UPDATE ".TB_PREF."recurrent_invoices SET last_sent='$date' WHERE id=$id";
+	$sql = "UPDATE ".TB_PREF."recurrent_invoices SET last_sent='$date' WHERE id=".db_escape($id);
    	db_query($sql,"The recurrent invoice could not be updated or added");
 }	
 
@@ -62,7 +62,7 @@ function create_recurrent_invoices($customer_id, $branch_id, $order_no, $tmpl_no
 if (isset($_GET['recurrent']))
 {
 	$invs = array();
-	$sql = "SELECT * FROM ".TB_PREF."recurrent_invoices WHERE id=".$_GET['recurrent'];
+	$sql = "SELECT * FROM ".TB_PREF."recurrent_invoices WHERE id=".db_escape($_GET['recurrent']);
 
 	$result = db_query($sql,"could not get recurrent invoice");
 	$myrow = db_fetch($result);
@@ -88,10 +88,10 @@ if (isset($_GET['recurrent']))
 	display_notification(sprintf(_("%s recurrent invoice(s) created, # $min - # $max."), count($invs)));
 	if (count($invs) > 0)
 	{
-		$ar = array('PARAM_0' => $min,	'PARAM_1' => $max, 'PARAM_2' => "", 'PARAM_3' => get_first_bank_account(), 
-			'PARAM_4' => 0,	'PARAM_5' => 0,	'PARAM_6' => "", 'PARAM_7' => ST_SALESINVOICE);
+		$ar = array('PARAM_0' => $min,	'PARAM_1' => $max, 'PARAM_2' => "",
+			'PARAM_3' => 0,	'PARAM_4' => 0,	'PARAM_5' => "", 'PARAM_6' => ST_SALESINVOICE);
 		display_note(print_link(_("&Print Recurrent Invoices # $min - # $max"), 107, $ar), 0, 1);
-		$ar['PARAM_4'] = 1; 
+		$ar['PARAM_3'] = 1; 
 		display_note(print_link(_("&Email Recurrent Invoices # $min - # $max"), 107, $ar), 0, 1);
 	}
 }	
@@ -99,7 +99,7 @@ if (isset($_GET['recurrent']))
 //-------------------------------------------------------------------------------------------------
 function get_sales_group_name($group_no)
 {
-	$sql = "SELECT description FROM ".TB_PREF."groups WHERE id = $group_no";
+	$sql = "SELECT description FROM ".TB_PREF."groups WHERE id = ".db_escape($group_no);
 	$result = db_query($sql, "could not get group");
 	$row = db_fetch($result);
 	return $row[0];