[Weberp-cvs] SF.net SVN: web-erp:[3712] trunk

[<tim...@us...>]

Revision: 3712
          http://web-erp.svn.sourceforge.net/web-erp/?rev=3712&view=rev
Author:   tim_schofield
Date:     2010-09-07 18:44:03 +0000 (Tue, 07 Sep 2010)

Log Message:
-----------
Correct the sql quoting

Modified Paths:
--------------
    trunk/PDFPickingList.php
    trunk/doc/Change.log.html

Modified: trunk/PDFPickingList.php
===================================================================
--- trunk/PDFPickingList.php	2010-09-07 18:41:24 UTC (rev 3711)
+++ trunk/PDFPickingList.php	2010-09-07 18:44:03 UTC (rev 3712)
@@ -27,7 +27,7 @@
 				locationname
 			FROM locations';
 	$result=DB_query($sql, $db);
-	echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/sales.png" title="' . _('Search') . '" alt="">' . ' ' . $title.'<br></p>';
+	echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/sales.png" title="' . _('Search') . '" alt=""></img>' . ' ' . $title.'<br></p>';
 	echo '<form action=' . $_SERVER['PHP_SELF'] . '?' . SID . ' method=post name="form">';
 	echo '<table class="selection"><tr>';
 	echo '<td>'._('Create picking lists for all deliveries to be made on').' : '.'</td>';
@@ -80,7 +80,7 @@
 	WHERE salesorders.debtorno=debtorsmaster.debtorno
 	AND salesorders.shipvia=shippers.shipper_id
 	AND salesorders.fromstkloc=locations.loccode
-	AND salesorders.orderno=" . $_GET['TransNo'];
+	AND salesorders.orderno='" . $_GET['TransNo']."'";
 } else if (isset($_POST['TransDate']) or (isset($_GET['TransNo']) and $_GET['TransNo'] != 'Preview')) {
 /* We are printing picking lists for all orders on a day */
 	$sql = "SELECT salesorders.debtorno,
@@ -220,7 +220,7 @@
 			FROM salesorderdetails
 			INNER JOIN stockmaster
 				ON salesorderdetails.stkcode=stockmaster.stockid
-			WHERE salesorderdetails.orderno=" . $OrdersToPick[$i]['orderno'] ;;
+			WHERE salesorderdetails.orderno='" . $OrdersToPick[$i]['orderno'] ."'";
 		} else {
 		/* There are previous picking lists for this order so
 		 * need to take those quantities into account
@@ -241,7 +241,7 @@
 				ON salesorderdetails.orderno=pickinglists.orderno
 			LEFT JOIN pickinglistdetails
 				ON pickinglists.pickinglistno=pickinglistdetails.pickinglistno
-			WHERE salesorderdetails.orderno=" . $OrdersToPick[$i]['orderno'] ."
+			WHERE salesorderdetails.orderno='" . $OrdersToPick[$i]['orderno'] ."'
 			AND salesorderdetails.orderlineno=pickinglistdetails.orderlineno";
 		}
 		$lineresult=DB_query($sql,$db, $ErrMsg);

Modified: trunk/doc/Change.log.html
===================================================================
--- trunk/doc/Change.log.html	2010-09-07 18:41:24 UTC (rev 3711)
+++ trunk/doc/Change.log.html	2010-09-07 18:44:03 UTC (rev 3712)
@@ -1,5 +1,6 @@
 <p><font SIZE=4 COLOR=BLUE><b>webERP Change Log</b></font></p>
 <p></p>
+<p>07/09/10 Tim: PDFPickingList.php - Correct the sql quoting</p>
 <p>07/09/10 Tim: PDFOrderStatus.php - Improve report layout for readability</p>
 <p>07/09/10 Tim: PDFOrderInvoiced.php - Improve report layout for readability</p>
 <p>06/09/10 Tim: PO_Header.php - Move dummy status array from DefinePOClass.php</p>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.