[Web-erp-svn] SF.net SVN: web-erp:[6297] trunk/StockLocTransferReceive.php

[<ice...@us...>]

Revision: 6297
          http://sourceforge.net/p/web-erp/reponame/6297
Author:   icedlava
Date:     2013-08-27 02:24:06 +0000 (Tue, 27 Aug 2013)
Log Message:
-----------
Prevent sql error when transfer to location contains special characters such as quotes

Modified Paths:
--------------
    trunk/StockLocTransferReceive.php

Modified: trunk/StockLocTransferReceive.php
===================================================================
--- trunk/StockLocTransferReceive.php	2013-08-27 02:16:33 UTC (rev 6296)
+++ trunk/StockLocTransferReceive.php	2013-08-27 02:24:06 UTC (rev 6297)
@@ -94,7 +94,7 @@
 						'" . $_SESSION['Transfer']->StockLocationFrom . "',
 						'" . $SQLTransferDate . "',
 						'" . $PeriodNo . "',
-						'" . _('To') . ' ' . $_SESSION['Transfer']->StockLocationToName . "',
+						'" . _('To') . ' ' . mysql_real_escape_string($_SESSION['Transfer']->StockLocationToName) . "',
 						'" . round(-$TrfLine->Quantity, $TrfLine->DecimalPlaces) . "',
 						'" . round($QtyOnHandPrior - $TrfLine->Quantity, $TrfLine->DecimalPlaces) . "'
 					)";
@@ -330,12 +330,12 @@
 				$Result = DB_query($sql, $db, $ErrMsg, $DbgMsg, true);
 				// send an email to the inventory manager about this cancellation (as can lead to employee fraud)
 				if ($_SESSION['InventoryManagerEmail']!=''){
-					$ConfirmationText = _('Cancelled balance of transfer'). ': ' . $_SESSION['Transfer']->TrfID . 
+					$ConfirmationText = _('Cancelled balance of transfer'). ': ' . $_SESSION['Transfer']->TrfID .
 										"\r\n" . _('From Location') . ': ' . $_SESSION['Transfer']->StockLocationFrom .
 										"\r\n" . _('To Location') . ': ' . $_SESSION['Transfer']->StockLocationTo .
-										"\r\n" . _('Stock code') . ': ' . $TrfLine->StockID . 
-										"\r\n" . _('Qty received') . ': ' . round($TrfLine->Quantity, $TrfLine->DecimalPlaces) . 
-										"\r\n" . _('By user') . ': ' . $_SESSION['UserID'] . 
+										"\r\n" . _('Stock code') . ': ' . $TrfLine->StockID .
+										"\r\n" . _('Qty received') . ': ' . round($TrfLine->Quantity, $TrfLine->DecimalPlaces) .
+										"\r\n" . _('By user') . ': ' . $_SESSION['UserID'] .
 										"\r\n" . _('At') . ': ' . Date('Y-m-d H:i:s');
 					$EmailSubject = _('Cancelled balance of transfer'). ' ' . $_SESSION['Transfer']->TrfID;
 					if($_SESSION['SmtpSetting']==0){