X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fincludes%2Fdb%2Fcust_trans_db.inc;h=bcd41dba3d3b2e61a125c13bb38838e1f7c7a2bb;hb=7b0f3f68c9aaeffec2f57af1160efaabf7a5abcb;hp=5e403c51c79de6858bdf1246c5e436b9fc340d1b;hpb=0c1bcd8ce3c089d7ddb3722a097f8fc8417f41e6;p=fa-stable.git diff --git a/sales/includes/db/cust_trans_db.inc b/sales/includes/db/cust_trans_db.inc index 5e403c51..bcd41dba 100644 --- a/sales/includes/db/cust_trans_db.inc +++ b/sales/includes/db/cust_trans_db.inc @@ -99,18 +99,20 @@ function write_customer_trans($trans_type, $trans_no, $debtor_no, $BranchNo, order_, ov_amount, ov_discount, ov_gst, ov_freight, ov_freight_tax, rate, ship_via, alloc, trans_link - ) VALUES ($trans_no, $trans_type, '$debtor_no', '$BranchNo', - '$SQLDate', '$SQLDueDate', '$reference', - '$sales_type', $order_no, $Total, $discount, $Tax, $Freight, - $FreightTax, $rate, '$ship_via', $AllocAmt, $trans_link)"; + ) VALUES ($trans_no, $trans_type, + ".db_escape($debtor_no).", ".db_escape($BranchNo).", + '$SQLDate', '$SQLDueDate', ".db_escape($reference).", + ".db_escape($sales_type).", $order_no, $Total, ".db_escape($discount).", $Tax, + ".db_escape($Freight).", + $FreightTax, $rate, ".db_escape($ship_via).", $AllocAmt, ".db_escape($trans_link).")"; } else { // may be optional argument should stay unchanged ? $sql = "UPDATE ".TB_PREF."debtor_trans SET - debtor_no='$debtor_no' , branch_code='$BranchNo', + debtor_no=".db_escape($debtor_no)." , branch_code=".db_escape($BranchNo).", tran_date='$SQLDate', due_date='$SQLDueDate', - reference='$reference', tpe='$sales_type', order_=$order_no, - ov_amount=$Total, ov_discount=$discount, ov_gst=$Tax, - ov_freight=$Freight, ov_freight_tax=$FreightTax, rate=$rate, - ship_via='$ship_via', alloc=$AllocAmt, trans_link=$trans_link + reference=".db_escape($reference).", tpe=".db_escape($sales_type).", order_=$order_no, + ov_amount=$Total, ov_discount=".db_escape($discount).", ov_gst=$Tax, + ov_freight=".db_escape($Freight).", ov_freight_tax=$FreightTax, rate=$rate, + ship_via=".db_escape($ship_via).", alloc=$AllocAmt, trans_link=$trans_link WHERE trans_no=$trans_no AND type=$trans_type"; } db_query($sql, "The debtor transaction record could not be inserted");