X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fcustomer_payments.php;h=a01bd2896df7df19760a7caa17dc94ce56f54b19;hb=2a42ffb56ef6651b8a136cd89271e65d397d7677;hp=afc30fa0a1cd66bc4511d490b16b62a6778e3c2b;hpb=3f361f69940fa9c2e0ff68657c6345ca0f14256f;p=fa-stable.git

diff --git a/sales/customer_payments.php b/sales/customer_payments.php
index afc30fa0..a01bd289 100644
--- a/sales/customer_payments.php
+++ b/sales/customer_payments.php
@@ -143,7 +143,11 @@ function can_process()
 	}
 
 	$_SESSION['alloc']->amount = input_num('amount');
-	return check_allocations();
+
+	if (isset($_POST["TotalNumberOfAllocs"]))
+		return check_allocations();
+	else
+		return true;
 }
 
 //----------------------------------------------------------------------------------------------
@@ -200,7 +204,7 @@ function read_customer_data()
 		".TB_PREF."credit_status.dissallow_invoices
 		FROM ".TB_PREF."debtors_master, ".TB_PREF."credit_status
 		WHERE ".TB_PREF."debtors_master.credit_status = ".TB_PREF."credit_status.id
-			AND ".TB_PREF."debtors_master.debtor_no = '" . $_POST['customer_id'] . "'";
+			AND ".TB_PREF."debtors_master.debtor_no = ".db_escape($_POST['customer_id']);
 
 	$result = db_query($sql, "could not query customers");