X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fmanage%2Fcustomers.php;h=bb18cdd0d6ba91f05c27e6e9a1835abaca623af7;hb=e29ab37ef51f39c200c3772e07eeceef0ce39214;hp=2605cae41a2adeceb23c0c103a323f81d2de366a;hpb=d0ea37587d3d0fbfc41c75fce78ae9585f257d61;p=fa-stable.git diff --git a/sales/manage/customers.php b/sales/manage/customers.php index 2605cae4..bb18cdd0 100644 --- a/sales/manage/customers.php +++ b/sales/manage/customers.php @@ -1,5 +1,14 @@ . +***********************************************************************/ $page_security = 3; $path_to_root="../.."; @@ -75,7 +84,7 @@ function handle_submit() pymt_discount=" . input_num('pymt_discount') / 100 . ", credit_limit=" . input_num('credit_limit') . ", sales_type = ".db_escape($_POST['sales_type']) . " - WHERE debtor_no = '". $_POST['customer_id'] . "'"; + WHERE debtor_no = ".db_escape($_POST['customer_id']); db_query($sql,"The customer could not be updated"); display_notification(_("Customer has been updated.")); @@ -86,7 +95,7 @@ function handle_submit() begin_transaction(); $sql = "INSERT INTO ".TB_PREF."debtors_master (name, address, tax_id, email, dimension_id, dimension2_id, - curr_code, credit_status, payment_terms, discount, pymt_discount,credit_limit, + curr_code, credit_status, payment_terms, discount, pymt_discount,credit_limit, sales_type) VALUES (".db_escape($_POST['CustName']) .", " .db_escape($_POST['address']) . ", " . db_escape($_POST['tax_id']) . "," .db_escape($_POST['email']) . ", ".db_escape($_POST['dimension_id']) . ", " @@ -128,8 +137,8 @@ if (isset($_POST['delete'])) $cancel_delete = 0; // PREVENT DELETES IF DEPENDENT RECORDS IN 'debtor_trans' - - $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE debtor_no='" . $_POST['customer_id'] . "'"; + $sel_id = db_escape($_POST['customer_id']); + $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE debtor_no=$sel_id"; $result = db_query($sql,"check failed"); $myrow = db_fetch_row($result); if ($myrow[0] > 0) @@ -139,7 +148,7 @@ if (isset($_POST['delete'])) } else { - $sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE debtor_no='" . $_POST['customer_id'] . "'"; + $sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE debtor_no=$sel_id"; $result = db_query($sql,"check failed"); $myrow = db_fetch_row($result); if ($myrow[0] > 0) @@ -149,7 +158,7 @@ if (isset($_POST['delete'])) } else { - $sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE debtor_no='" . $_POST['customer_id'] . "'"; + $sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE debtor_no=$sel_id"; $result = db_query($sql,"check failed"); $myrow = db_fetch_row($result); if ($myrow[0] > 0) @@ -163,7 +172,7 @@ if (isset($_POST['delete'])) if ($cancel_delete == 0) { //ie not cancelled the delete as a result of above tests - $sql = "DELETE FROM ".TB_PREF."debtors_master WHERE debtor_no='" . $_POST['customer_id'] . "'"; + $sql = "DELETE FROM ".TB_PREF."debtors_master WHERE debtor_no=$sel_id"; db_query($sql,"cannot delete customer"); display_notification(_("Selected customer has been deleted.")); @@ -189,11 +198,9 @@ else hidden('customer_id'); } -start_table($table_style2, 7, 6); -echo "