X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fincludes%2Fdb%2Fcustalloc_db.inc;h=16f9227e95f7f961ab5cf163e76c54e3cf1d2a6c;hb=bf5d5cdb2dde526a228d101ca6aad4044c2ed759;hp=f9fc78e7cc0a47e0d568dd5ff13a4a09eda8e0e9;hpb=bb991dc5b071e966b39954bb53d3b0efe8420938;p=fa-stable.git

diff --git a/sales/includes/db/custalloc_db.inc b/sales/includes/db/custalloc_db.inc
index f9fc78e7..16f9227e 100644
--- a/sales/includes/db/custalloc_db.inc
+++ b/sales/includes/db/custalloc_db.inc
@@ -140,8 +140,8 @@ function get_allocatable_to_cust_transactions($customer_id, $trans_no=null, $typ
 	{
 		$sql = get_alloc_trans_sql("amt", "trans.trans_no = alloc.trans_no_to
 			AND trans.type = alloc.trans_type_to
-			AND alloc.trans_no_from=$trans_no
-			AND alloc.trans_type_from=$type
+			AND alloc.trans_no_from=".db_escape($trans_no)."
+			AND alloc.trans_type_from=".db_escape($type)."
 			AND trans.debtor_no=".db_escape($customer_id),
 			"".TB_PREF."cust_allocations as alloc");
 	}
@@ -244,8 +244,8 @@ function credit_sales_invoice_allocate($invoice_no, $credit_no, $amount, $date)
 			AND trans_type_from <> ".ST_CUSTCREDIT;
 		$result = db_query($sql, "can't retrieve invoice allocations");
 
-		while($free < $amount && ($alloc = db_fetch($result))) {
-			$unalloc = min($alloc['amt'], $free);
+		while(($free < $amount) && ($alloc = db_fetch($result))) {
+			$unalloc = min($alloc['amt'], $amount-$free);
 			update_debtor_trans_allocation($alloc['trans_type_to'], $alloc['trans_no_to'], 
 				-$unalloc);
 			update_debtor_trans_allocation($alloc['trans_type_from'], $alloc['trans_no_from'],