Menu
▾
▴
[Weberp-cvs] SF.net SVN: web-erp:[3772] trunk
|
From: <tim...@us...> - 2010-09-24 18:12:27
|
Revision: 3772
http://web-erp.svn.sourceforge.net/web-erp/?rev=3772&view=rev
Author: tim_schofield
Date: 2010-09-24 18:12:20 +0000 (Fri, 24 Sep 2010)
Log Message:
-----------
SQL quoting corrections
Modified Paths:
--------------
trunk/SelectOrderItems.php
trunk/doc/Change.log.html
Modified: trunk/SelectOrderItems.php
===================================================================
--- trunk/SelectOrderItems.php 2010-09-24 18:03:47 UTC (rev 3771)
+++ trunk/SelectOrderItems.php 2010-09-24 18:12:20 UTC (rev 3772)
@@ -77,7 +77,7 @@
/*read in all the guff from the selected order into the Items cart */
- $OrderHeaderSQL = 'SELECT salesorders.debtorno,
+ $OrderHeaderSQL = "SELECT salesorders.debtorno,
debtorsmaster.name,
salesorders.branchcode,
salesorders.customerref,
@@ -120,7 +120,7 @@
AND salesorders.branchcode = custbranch.branchcode
AND debtorsmaster.paymentterms=paymentterms.termsindicator
AND locations.loccode=salesorders.fromstkloc
- AND salesorders.orderno = ' . $_GET['ModifyOrderNumber'];
+ AND salesorders.orderno = '" . $_GET['ModifyOrderNumber'] . "'";
$ErrMsg = _('The order cannot be retrieved because');
@@ -210,7 +210,7 @@
ON salesorderdetails.stkcode = stockmaster.stockid
INNER JOIN locstock ON locstock.stockid = stockmaster.stockid
WHERE locstock.loccode = '" . $myrow['fromstkloc'] . "'
- AND salesorderdetails.orderno =" . $_GET['ModifyOrderNumber'] . "
+ AND salesorderdetails.orderno ='" . $_GET['ModifyOrderNumber'] . "'
ORDER BY salesorderdetails.orderlineno";
$ErrMsg = _('The line items of the order cannot be retrieved because');
@@ -680,10 +680,10 @@
if($_SESSION['ExistingOrder']!=0) { //need to check that not already dispatched
- $sql = 'SELECT qtyinvoiced
+ $sql = "SELECT qtyinvoiced
FROM salesorderdetails
- WHERE orderno=' . $_SESSION['ExistingOrder'] . '
- AND qtyinvoiced>0';
+ WHERE orderno='" . $_SESSION['ExistingOrder'] . "'
+ AND qtyinvoiced>0";
$InvQties = DB_query($sql,$db);
@@ -698,7 +698,7 @@
if ($OK_to_delete==1){
if($_SESSION['ExistingOrder']!=0){
- $SQL = 'DELETE FROM salesorderdetails WHERE salesorderdetails.orderno =' . $_SESSION['ExistingOrder'];
+ $SQL = "DELETE FROM salesorderdetails WHERE salesorderdetails.orderno ='" . $_SESSION['ExistingOrder'] . "'";
$ErrMsg =_('The order detail lines could not be deleted because');
$DelResult=DB_query($SQL,$db,$ErrMsg);
@@ -1697,4 +1697,4 @@
echo '<script type="text/javascript">if (document.SelectParts) {defaultControl(document.SelectCustomer.CustKeywords);}</script>';
}
include('includes/footer.inc');
-?>
+?>
\ No newline at end of file
Modified: trunk/doc/Change.log.html
===================================================================
--- trunk/doc/Change.log.html 2010-09-24 18:03:47 UTC (rev 3771)
+++ trunk/doc/Change.log.html 2010-09-24 18:12:20 UTC (rev 3772)
@@ -1,5 +1,6 @@
<p><font SIZE=4 COLOR=BLUE><b>webERP Change Log</b></font></p>
<p></p>
+<p>24/09/10 Tim: SelectOrderItems.php - SQL quoting corrections</p>
<p>24/09/10 Tim: SelectGLAccount.php - SQL quoting corrections and layout changes and improvements and bug fixes</p>
<p>24/09/10 Tim: SelectCustomer.php - Layout changes and improvements and bug fixes</p>
<p>24/09/10 Tim: SelectCreditItems.php - SQL quoting corrections and layout changes and improvements and bug fixes</p>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
