summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoreinhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>2007-07-27 05:29:00 +0000
committereinhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>2007-07-27 05:29:00 +0000
commit1e85fc89e1a41d52f3f4bc1df032e85b06c2516d (patch)
treee6273a8dccbd1e553566023a0a23d6a1844c967c
parent1419e92f273140c09781676445c0bb886b514bdc (diff)
Fixing a large number of SQL errors in certain circumstances
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@1447 4979c152-3d1c-0410-bac9-87ea11338e46
-rwxr-xr-xLedgerSMB/AA.pm4
-rwxr-xr-xLedgerSMB/CT.pm6
-rwxr-xr-xLedgerSMB/OE.pm8
-rwxr-xr-xLedgerSMB/PE.pm2
4 files changed, 10 insertions, 10 deletions
diff --git a/LedgerSMB/AA.pm b/LedgerSMB/AA.pm
index bca7f391..5bfd0ac1 100755
--- a/LedgerSMB/AA.pm
+++ b/LedgerSMB/AA.pm
@@ -861,12 +861,12 @@ sub transactions {
$where .= qq|
AND (a.id IN (SELECT DISTINCT trans_id
FROM acc_trans
- WHERE lower(memo) LIKE '$var')
+ WHERE lower(memo) LIKE $var)
OR a.id IN
(SELECT DISTINCT trans_id
FROM invoice
WHERE lower(description)
- LIKE '$var'))|;
+ LIKE $var))|;
}
$query .= "WHERE $where
diff --git a/LedgerSMB/CT.pm b/LedgerSMB/CT.pm
index e57af3b6..283ed2bf 100755
--- a/LedgerSMB/CT.pm
+++ b/LedgerSMB/CT.pm
@@ -882,7 +882,7 @@ sub get_history {
$form->sort_order();
if ( $form->{"$form->{db}number"} ne "" ) {
- $var = $dbh->( $form->like( lc $form->{"$form->{db}number"} ) );
+ $var = $dbh->quote( $form->like( lc $form->{"$form->{db}number"} ) );
$where .= " AND lower(ct.$form->{db}number) LIKE $var";
}
@@ -900,8 +900,8 @@ sub get_history {
}
if ( $form->{employee} ne "" ) {
- $var = $form->like( lc $form->{employee} );
- $where .= " AND lower(e.name) LIKE '$var'";
+ $var = $dbh->quote($form->like(lc $form->{employee}));
+ $where .= " AND lower(e.name) LIKE $var";
}
$transwhere .=
diff --git a/LedgerSMB/OE.pm b/LedgerSMB/OE.pm
index af81da1c..015d404c 100755
--- a/LedgerSMB/OE.pm
+++ b/LedgerSMB/OE.pm
@@ -197,10 +197,10 @@ sub transactions {
}
if ( $form->{description} ne "" ) {
- $var = $form->like( lc $form->{description} );
+ $var = $dbh->quote($form->like( lc $form->{description} ));
$query .= " AND o.id IN (SELECT DISTINCT trans_id
FROM orderitems
- WHERE lower(description) LIKE '$var')";
+ WHERE lower(description) LIKE $var)";
push @queryargs, $var;
}
@@ -1992,12 +1992,12 @@ sub get_inventory {
if ( $form->{partnumber} ne "" ) {
$var = $dbh->quote( $form->like( lc $form->{partnumber} ) );
$where .= "
- AND lower(p.partnumber) LIKE '$var'";
+ AND lower(p.partnumber) LIKE $var";
}
if ( $form->{description} ne "" ) {
$var = $dbh->quote( $form->like( lc $form->{description} ) );
$where .= "
- AND lower(p.description) LIKE '$var'";
+ AND lower(p.description) LIKE $var";
}
if ( $form->{partsgroup} ne "" ) {
( $null, $var ) = split /--/, $form->{partsgroup};
diff --git a/LedgerSMB/PE.pm b/LedgerSMB/PE.pm
index 86d3414f..fa1c9eda 100755
--- a/LedgerSMB/PE.pm
+++ b/LedgerSMB/PE.pm
@@ -987,7 +987,7 @@ sub partsgroups {
if ( $form->{partsgroup} ne "" ) {
$var = $dbh->quote( $form->like( lc $form->{partsgroup} ) );
- $where .= " AND lower(partsgroup) LIKE '$var'";
+ $where .= " AND lower(partsgroup) LIKE $var";
}
$query .= qq| WHERE $where ORDER BY $sortorder|;