Menu
▾
▴
[Weberp-cvs] SF.net SVN: web-erp:[3545] trunk
|
From: <tim...@us...> - 2010-07-03 21:43:51
|
Revision: 3545
http://web-erp.svn.sourceforge.net/web-erp/?rev=3545&view=rev
Author: tim_schofield
Date: 2010-07-03 21:43:44 +0000 (Sat, 03 Jul 2010)
Log Message:
-----------
Verify Contact ID before query
Modified Paths:
--------------
trunk/AddCustomerNotes.php
trunk/doc/Change.log.html
Modified: trunk/AddCustomerNotes.php
===================================================================
--- trunk/AddCustomerNotes.php 2010-07-03 21:43:26 UTC (rev 3544)
+++ trunk/AddCustomerNotes.php 2010-07-03 21:43:44 UTC (rev 3545)
@@ -8,9 +8,9 @@
include('includes/SQL_CommonFunctions.inc');
if (isset($_GET['Id'])){
- $Id = $_GET['Id'];
+ $Id = (int)$_GET['Id'];
} else if (isset($_POST['Id'])){
- $Id = $_POST['Id'];
+ $Id = (int)$_POST['Id'];
}
if (isset($_POST['DebtorNo'])){
$DebtorNo = $_POST['DebtorNo'];
@@ -45,7 +45,7 @@
href='" . $_POST['href'] . "',
priority='" . $_POST['priority'] . "'
WHERE debtorno ='".$DebtorNo."'
- AND noteid=".$Id;
+ AND noteid='".$Id."'";
$msg = _('Customer Notes') . ' ' . $DebtorNo . ' ' . _('has been updated');
} elseif ($InputError !=1) {
@@ -78,7 +78,7 @@
// PREVENT DELETES IF DEPENDENT RECORDS IN 'SalesOrders'
- $sql="DELETE FROM custnotes WHERE noteid=".$Id."
+ $sql="DELETE FROM custnotes WHERE noteid='".$Id."'
and debtorno='".$DebtorNo."'";
$result = DB_query($sql,$db);
//echo '<br>'.$sql;
@@ -151,7 +151,7 @@
if (isset($Id)) {
//editing an existing
- $sql = "SELECT * FROM custnotes WHERE noteid=".$Id."
+ $sql = "SELECT * FROM custnotes WHERE noteid='".$Id."'
and debtorno='".$DebtorNo."'";
$result = DB_query($sql, $db);
Modified: trunk/doc/Change.log.html
===================================================================
--- trunk/doc/Change.log.html 2010-07-03 21:43:26 UTC (rev 3544)
+++ trunk/doc/Change.log.html 2010-07-03 21:43:44 UTC (rev 3545)
@@ -1,5 +1,6 @@
<p><font SIZE=4 COLOR=BLUE><b>webERP Change Log</b></font></p>
<p></p>
+<p>03/07/10 Tim: AddCustomerNotes.php - Verify Contact ID before query</p>
<p>03/07/10 Tim: AddCustomerContacts.php - Verify Contact ID before query</p>
<p>03/07/10 Tim: AccountSections.php - Incorrect boolean statement causing the existing groups to still be shown</p>
<p>03/07/10 Tim: AccountGroups.php - Incorrect boolean statement causing the existing groups to still be shown</p>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
