[Weberp-cvs] SF.net SVN: web-erp:[3808] trunk

[<tim...@us...>]

Revision: 3808
          http://web-erp.svn.sourceforge.net/web-erp/?rev=3808&view=rev
Author:   tim_schofield
Date:     2010-09-27 20:24:44 +0000 (Mon, 27 Sep 2010)

Log Message:
-----------
SQL quoting corrections

Modified Paths:
--------------
    trunk/SupplierTenders.php
    trunk/doc/Change.log.html

Modified: trunk/SupplierTenders.php
===================================================================
--- trunk/SupplierTenders.php	2010-09-27 20:10:50 UTC (rev 3807)
+++ trunk/SupplierTenders.php	2010-09-27 20:24:44 UTC (rev 3808)
@@ -133,11 +133,11 @@
 		}
 	}
 	foreach ($_SESSION['offer']->LineItems as $LineItems) {
-		$sql='UPDATE offers SET
-				quantity='.$LineItems->Quantity.',
-				price='.$LineItems->Price.',
-				expirydate="'.FormatDateForSQL($LineItems->ExpiryDate).'"
-			WHERE offerid='.$LineItems->LineNo;
+		$sql="UPDATE offers SET
+				quantity='".$LineItems->Quantity."',
+				price='".$LineItems->Price."',
+				expirydate='".FormatDateForSQL($LineItems->ExpiryDate)."'
+			WHERE offerid='".$LineItems->LineNo . "'";
 		$ErrMsg =  _('The suppliers offer could not be updated on the database because');
 		$DbgMsg = _('The SQL statement used to update the suppliers offer record and failed was');
 		$result = DB_query($sql,$db,$ErrMsg,$DbgMsg,true);
@@ -179,7 +179,7 @@
 	}
 	foreach ($_SESSION['offer']->LineItems as $LineItems) {
 		if ($LineItems->Deleted==False) {
-			$sql='INSERT INTO offers (
+			$sql="INSERT INTO offers (
 					supplierid,
 					stockid,
 					quantity,
@@ -188,14 +188,14 @@
 					expirydate,
 					currcode)
 				VALUES (
-					"'.$_POST['SupplierID'].'",
-					"'.$LineItems->StockID.'",
-					'.$LineItems->Quantity.',
-					"'.$LineItems->Units.'",
-					'.$LineItems->Price.',
-					"'.FormatDateForSQL($LineItems->ExpiryDate).'",
-					"'.$Currency.'"
-				)';
+					'".$_POST['SupplierID']."',
+					'".$LineItems->StockID."',
+					'".$LineItems->Quantity."',
+					'".$LineItems->Units."',
+					'".$LineItems->Price."',
+					'".FormatDateForSQL($LineItems->ExpiryDate)."',
+					'".$Currency."'
+				)";
 			$ErrMsg =  _('The suppliers offer could not be inserted into the database because');
 			$DbgMsg = _('The SQL statement used to insert the suppliers offer record and failed was');
 			$result = DB_query($sql,$db,$ErrMsg,$DbgMsg,true);

Modified: trunk/doc/Change.log.html
===================================================================
--- trunk/doc/Change.log.html	2010-09-27 20:10:50 UTC (rev 3807)
+++ trunk/doc/Change.log.html	2010-09-27 20:24:44 UTC (rev 3808)
@@ -1,5 +1,6 @@
 <p><font SIZE=4 COLOR=BLUE><b>webERP Change Log</b></font></p>
 <p></p>
+<p>27/09/10 Tim: SupplierTenders.php - SQL quoting corrections</p>
 <p>27/09/10 Tim: Suppliers.php - SQL quoting corrections</p>
 <p>27/09/10 Tim: SupplierInvoice.php - SQL quoting corrections and layout changes and improvements</p>
 <p>27/09/10 Tim: SupplierInquiry.php - SQL quoting corrections and layout changes and improvements</p>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.