[Weberp-cvs] SF.net SVN: web-erp:[3544] trunk

[<tim...@us...>]

Revision: 3544
          http://web-erp.svn.sourceforge.net/web-erp/?rev=3544&view=rev
Author:   tim_schofield
Date:     2010-07-03 21:43:26 +0000 (Sat, 03 Jul 2010)

Log Message:
-----------
Verify Contact ID before query

Modified Paths:
--------------
    trunk/AddCustomerContacts.php
    trunk/doc/Change.log.html

Modified: trunk/AddCustomerContacts.php
===================================================================
--- trunk/AddCustomerContacts.php	2010-07-03 21:43:06 UTC (rev 3543)
+++ trunk/AddCustomerContacts.php	2010-07-03 21:43:26 UTC (rev 3544)
@@ -8,9 +8,9 @@
 include('includes/SQL_CommonFunctions.inc');
 
 if (isset($_GET['Id'])){
-	$Id = $_GET['Id'];
+	$Id = (int)$_GET['Id'];
 } else if (isset($_POST['Id'])){
-	$Id = $_POST['Id'];
+	$Id = (int)$_POST['Id'];
 }
 if (isset($_POST['DebtorNo'])){
 	$DebtorNo = $_POST['DebtorNo'];
@@ -55,7 +55,7 @@
 				phoneno='" . $_POST['conPhone'] . "',
 				notes='" . $_POST['conNotes'] . "'
 			WHERE debtorno ='".$DebtorNo."'
-			AND contid=".$Id;
+			AND contid='".$Id."'";
 		$msg = _('Customer Contacts') . ' ' . $DebtorNo  . ' ' . _('has been updated');
 	} elseif ($InputError !=1) {
 
@@ -158,7 +158,7 @@
 	if (isset($Id)) {
 		//editing an existing Shipper
 
-		$sql = "SELECT * FROM custcontacts WHERE contid=".$Id."
+		$sql = "SELECT * FROM custcontacts WHERE contid='".$Id."'
 					and debtorno='".$DebtorNo."'";
 
 		$result = DB_query($sql, $db);

Modified: trunk/doc/Change.log.html
===================================================================
--- trunk/doc/Change.log.html	2010-07-03 21:43:06 UTC (rev 3543)
+++ trunk/doc/Change.log.html	2010-07-03 21:43:26 UTC (rev 3544)
@@ -1,5 +1,8 @@
 <p><font SIZE=4 COLOR=BLUE><b>webERP Change Log</b></font></p>
 <p></p>
+<p>03/07/10 Tim: AddCustomerContacts.php - Verify Contact ID before query</p>
+<p>03/07/10 Tim: AccountSections.php - Incorrect boolean statement causing the existing groups to still be shown</p>
+<p>03/07/10 Tim: AccountGroups.php - Incorrect boolean statement causing the existing groups to still be shown</p>
 <p>03/07/10 Tim: PO_OrderDetails.php - Force $_GET['OrderNo'] to be an integer</p>
 <p>02/07/10 Tim: Bulk transfers need to be able to have decimal places in the quantity.</p>
 <p>01/07/10 Tim: PrintCustTransPortrait.php - Error in sql, nor picking up stkmoveno.</p>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.