[Web-erp-svn] SF.net SVN: web-erp:[7649] trunk

[<dai...@us...>]

Revision: 7649
          http://sourceforge.net/p/web-erp/reponame/7649
Author:   daintree
Date:     2016-10-18 07:38:17 +0000 (Tue, 18 Oct 2016)
Log Message:
-----------
fix SQL in reverseGRN.php

Modified Paths:
--------------
    trunk/ReverseGRN.php
    trunk/doc/Change.log

Modified: trunk/ReverseGRN.php
===================================================================
--- trunk/ReverseGRN.php	2016-10-18 05:13:59 UTC (rev 7648)
+++ trunk/ReverseGRN.php	2016-10-18 07:38:17 UTC (rev 7649)
@@ -304,7 +304,7 @@
 									'" . $GRN['deliverydate'] . "',
 									'" . $PeriodNo . "',
 									'" . $GRN['glcode'] . "',
-									'" . _('GRN Reversal for PO') .": " . $GRN['orderno'] . " " . $_POST['SupplierID'] . " - " . $GRN['itemcode'] . "-" . $GRN['itemdescription'] . " x " . $QtyToReverse . " @ " . locale_number_format($GRN['stdcostunit'],$_SESSION['CompanyRecord']['decimalplaces']) . "',
+									'" . _('GRN Reversal for PO') .": " . $GRN['orderno'] . " " . $_POST['SupplierID'] . " - " . $GRN['itemcode'] . "-" . DB_escape_string($GRN['itemdescription']) . " x " . $QtyToReverse . " @ " . locale_number_format($GRN['stdcostunit'],$_SESSION['CompanyRecord']['decimalplaces']) . "',
 									'" . -($GRN['stdcostunit'] * $QtyToReverse) . "')";
 
 		$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The purchase GL posting could not be inserted for the reversal of the received item because');
@@ -325,7 +325,7 @@
 								'" . $GRN['deliverydate'] . "',
 								'" . $PeriodNo . "',
 								'" . $_SESSION['CompanyRecord']['grnact'] . "', '"
-								. _('GRN Reversal PO') . ': ' . $GRN['orderno'] . " " . $_POST['SupplierID'] . " - " . $GRN['itemcode'] . "-" . $GRN['itemdescription'] . " x " . $QtyToReverse . " @ " . locale_number_format($GRN['stdcostunit'],$_SESSION['CompanyRecord']['decimalplaces']) . "',
+								. _('GRN Reversal PO') . ': ' . $GRN['orderno'] . " " . $_POST['SupplierID'] . " - " . $GRN['itemcode'] . "-" . DB_escape_string($GRN['itemdescription']) . " x " . $QtyToReverse . " @ " . locale_number_format($GRN['stdcostunit'],$_SESSION['CompanyRecord']['decimalplaces']) . "',
 								'" . $GRN['stdcostunit'] * $QtyToReverse . "'
 								)";
 
@@ -360,9 +360,9 @@
 		<br />
 		<div class="centre">
 			<input type="submit" name="ShowGRNS" value="' . _('Show Outstanding Goods Received') . '" />
-		</div>';
-    echo '</div>
-          </form>';
+		</div>
+		</div>
+	</form>';
 
 	if (isset($_POST['ShowGRNS'])){
 
@@ -459,4 +459,4 @@
 	}
 }
 include ('includes/footer.inc');
-?>
+?>
\ No newline at end of file

Modified: trunk/doc/Change.log
===================================================================
--- trunk/doc/Change.log	2016-10-18 05:13:59 UTC (rev 7648)
+++ trunk/doc/Change.log	2016-10-18 07:38:17 UTC (rev 7649)
@@ -1,5 +1,6 @@
 webERP Change Log
 
+17/10/16 Phil: Fix SQL in ReverseGRN.php as reported by Ricard/Tim
 16/10/16 RChacon: Fix function convertDate(dS,dF).
 05/10/16 Eatong: Format the ManualAPITutorial.html for easier reading.
 05/10/16 Eatong: Add CSS rule for <pre> for easier reading.