WHERE
".TB_PREF."debtors_master.payment_terms = ".TB_PREF."payment_terms.terms_indicator
AND ".TB_PREF."debtors_master.credit_status = ".TB_PREF."credit_status.id
- AND ".TB_PREF."debtors_master.debtor_no = $customer_id
+ AND ".TB_PREF."debtors_master.debtor_no = ".db_escape($customer_id)."
AND ".TB_PREF."debtor_trans.tran_date <= '$todate'
AND ".TB_PREF."debtor_trans.type <> 13
AND ".TB_PREF."debtors_master.debtor_no = ".TB_PREF."debtor_trans.debtor_no
WHERE
".TB_PREF."debtors_master.payment_terms = ".TB_PREF."payment_terms.terms_indicator
AND ".TB_PREF."debtors_master.credit_status = ".TB_PREF."credit_status.id
- AND ".TB_PREF."debtors_master.debtor_no = '$customer_id'";
+ AND ".TB_PREF."debtors_master.debtor_no = ".db_escape($customer_id);
$result = db_query($sql,"The customer details could not be retrieved");
function get_customer($customer_id)
{
- $sql = "SELECT * FROM ".TB_PREF."debtors_master WHERE debtor_no=$customer_id";
+ $sql = "SELECT * FROM ".TB_PREF."debtors_master WHERE debtor_no=".db_escape($customer_id);
$result = db_query($sql, "could not get customer");
function get_customer_name($customer_id)
{
- $sql = "SELECT name FROM ".TB_PREF."debtors_master WHERE debtor_no=$customer_id";
+ $sql = "SELECT name FROM ".TB_PREF."debtors_master WHERE debtor_no=".db_escape($customer_id);
$result = db_query($sql, "could not get customer");
function get_area_name($id)
{
- $sql = "SELECT description FROM ".TB_PREF."areas WHERE area_code=$id";
+ $sql = "SELECT description FROM ".TB_PREF."areas WHERE area_code=".db_escape($id);
$result = db_query($sql, "could not get sales type");
function get_salesman_name($id)
{
- $sql = "SELECT salesman_name FROM ".TB_PREF."salesman WHERE salesman_code=$id";
+ $sql = "SELECT salesman_name FROM ".TB_PREF."salesman WHERE salesman_code=".db_escape($id);
$result = db_query($sql, "could not get sales type");