X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fmanage%2Frecurrent_invoices.php;h=a1b0bdec6f3595a41d836a5587fa70e348695f93;hb=8ea6c4dd0d9b31b3456d012b0c94339b801bee0c;hp=cdbc3bfaa2dc33a048df928ee4a429597df7b35f;hpb=3ff9ed87cb909f19c8fe3e7dfda5df79d0c01a6c;p=fa-stable.git diff --git a/sales/manage/recurrent_invoices.php b/sales/manage/recurrent_invoices.php index cdbc3bfa..a1b0bdec 100644 --- a/sales/manage/recurrent_invoices.php +++ b/sales/manage/recurrent_invoices.php @@ -49,7 +49,7 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') monthly=".input_num('monthly', 0).", begin='".date2sql($_POST['begin'])."', end='".date2sql($_POST['end'])."' - WHERE id = '$selected_id'"; + WHERE id = ".db_escape($selected_id); $note = _('Selected recurrent invoice has been updated'); } else @@ -75,7 +75,7 @@ if ($Mode == 'Delete') if ($cancel_delete == 0) { - $sql="DELETE FROM ".TB_PREF."recurrent_invoices WHERE id='" . $selected_id . "'"; + $sql="DELETE FROM ".TB_PREF."recurrent_invoices WHERE id=".db_escape($selected_id); db_query($sql,"could not delete recurrent invoice"); display_notification(_('Selected recurrent invoice has been deleted')); @@ -91,7 +91,7 @@ if ($Mode == 'RESET') //------------------------------------------------------------------------------------------------- function get_sales_group_name($group_no) { - $sql = "SELECT description FROM ".TB_PREF."groups WHERE id = $group_no"; + $sql = "SELECT description FROM ".TB_PREF."groups WHERE id = ".db_escape($group_no); $result = db_query($sql, "could not get group"); $row = db_fetch($result); return $row[0]; @@ -149,7 +149,7 @@ if ($selected_id != -1) { if ($Mode == 'Edit') { //editing an existing area - $sql = "SELECT * FROM ".TB_PREF."recurrent_invoices WHERE id='$selected_id'"; + $sql = "SELECT * FROM ".TB_PREF."recurrent_invoices WHERE id=".db_escape($selected_id); $result = db_query($sql,"could not get recurrent invoice"); $myrow = db_fetch($result);