X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fcreate_recurrent_invoices.php;h=492d8482e8c4e0e0bf6d147eb0168836ee25c061;hb=af78fbb535a6fedbc2eb70a26ddc39739be2b986;hp=cdd656bd38ba75144726285c3b777d13fb9b0251;hpb=81b1ac39c03c67ec0404476df83a5b41017911bc;p=fa-stable.git

diff --git a/sales/create_recurrent_invoices.php b/sales/create_recurrent_invoices.php
index cdd656bd..492d8482 100644
--- a/sales/create_recurrent_invoices.php
+++ b/sales/create_recurrent_invoices.php
@@ -26,7 +26,7 @@ page(_("Create and Print Recurrent Invoices"), false, false, "", $js);
 function set_last_sent($id, $date)
 {
 	$date = date2sql($date);
-	$sql = "UPDATE ".TB_PREF."recurrent_invoices SET last_sent='$date' WHERE id=$id";
+	$sql = "UPDATE ".TB_PREF."recurrent_invoices SET last_sent='$date' WHERE id=".db_escape($id);
    	db_query($sql,"The recurrent invoice could not be updated or added");
 }	
 
@@ -62,7 +62,7 @@ function create_recurrent_invoices($customer_id, $branch_id, $order_no, $tmpl_no
 if (isset($_GET['recurrent']))
 {
 	$invs = array();
-	$sql = "SELECT * FROM ".TB_PREF."recurrent_invoices WHERE id=".$_GET['recurrent'];
+	$sql = "SELECT * FROM ".TB_PREF."recurrent_invoices WHERE id=".db_escape($_GET['recurrent']);
 
 	$result = db_query($sql,"could not get recurrent invoice");
 	$myrow = db_fetch($result);
@@ -99,7 +99,7 @@ if (isset($_GET['recurrent']))
 //-------------------------------------------------------------------------------------------------
 function get_sales_group_name($group_no)
 {
-	$sql = "SELECT description FROM ".TB_PREF."groups WHERE id = $group_no";
+	$sql = "SELECT description FROM ".TB_PREF."groups WHERE id = ".db_escape($group_no);
 	$result = db_query($sql, "could not get group");
 	$row = db_fetch($result);
 	return $row[0];