X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fmanage%2Fsales_people.php;h=1c398b61a37a8da5bcc705d384d363e8d3bf1126;hb=cb04035914c02ff40b6c1c8c34684663bec432b6;hp=8546ba7e38d1f7d3578a3e33e5b02b3ea0ffadd4;hpb=902f1015d874c33bd7946b17de2ad80b4f2144b6;p=fa-stable.git

diff --git a/sales/manage/sales_people.php b/sales/manage/sales_people.php
index 8546ba7e..1c398b61 100644
--- a/sales/manage/sales_people.php
+++ b/sales/manage/sales_people.php
@@ -13,7 +13,7 @@ $page_security = 'SA_SALESMAN';
 $path_to_root = "../..";
 include($path_to_root . "/includes/session.inc");
 
-page(_("Sales Persons"));
+page(_($help_context = "Sales Persons"));
 
 include($path_to_root . "/includes/ui.inc");
 
@@ -56,7 +56,7 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
     			provision=".input_num('provision').",
     			break_pt=".input_num('break_pt').",
     			provision2=".input_num('provision2')."
-    			WHERE salesman_code = '$selected_id'";
+    			WHERE salesman_code = ".db_escape($selected_id);
     	}
     	else
     	{
@@ -86,7 +86,7 @@ if ($Mode == 'Delete')
 
 	// PREVENT DELETES IF DEPENDENT RECORDS IN 'debtors_master'
 
-	$sql= "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE salesman='$selected_id'";
+	$sql= "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE salesman=".db_escape($selected_id);
 	$result = db_query($sql,"check failed");
 	$myrow = db_fetch_row($result);
 	if ($myrow[0] > 0)
@@ -95,7 +95,7 @@ if ($Mode == 'Delete')
 	}
 	else
 	{
-		$sql="DELETE FROM ".TB_PREF."salesman WHERE salesman_code='$selected_id'";
+		$sql="DELETE FROM ".TB_PREF."salesman WHERE salesman_code=".db_escape($selected_id);
 		db_query($sql,"The sales-person could not be deleted");
 		display_notification(_('Selected sales person data have been deleted'));
 	}
@@ -154,7 +154,7 @@ if ($selected_id != -1)
 {
  	if ($Mode == 'Edit') {
 		//editing an existing Sales-person
-		$sql = "SELECT *  FROM ".TB_PREF."salesman WHERE salesman_code='$selected_id'";
+		$sql = "SELECT *  FROM ".TB_PREF."salesman WHERE salesman_code=".db_escape($selected_id);
 
 		$result = db_query($sql,"could not get sales person");
 		$myrow = db_fetch($result);