Fixing a large number of SQL errors in certain circumstances

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@1447 4979c152-3d1c-0410-bac9-87ea11338e46

1 files changed, 4 insertions, 4 deletions

diff --git a/LedgerSMB/OE.pm b/LedgerSMB/OE.pm
index af81da1c..015d404c 100755
--- a/LedgerSMB/OE.pm
+++ b/LedgerSMB/OE.pm
@@ -197,10 +197,10 @@ sub transactions {
     }
 
     if ( $form->{description} ne "" ) {
-        $var = $form->like( lc $form->{description} );
+        $var = $dbh->quote($form->like( lc $form->{description} ));
         $query .= " AND o.id IN (SELECT DISTINCT trans_id
                              FROM orderitems
-			     WHERE lower(description) LIKE '$var')";
+			     WHERE lower(description) LIKE $var)";
         push @queryargs, $var;
     }
 
@@ -1992,12 +1992,12 @@ sub get_inventory {
     if ( $form->{partnumber} ne "" ) {
         $var = $dbh->quote( $form->like( lc $form->{partnumber} ) );
         $where .= "
-			AND lower(p.partnumber) LIKE '$var'";
+			AND lower(p.partnumber) LIKE $var";
     }
     if ( $form->{description} ne "" ) {
         $var = $dbh->quote( $form->like( lc $form->{description} ) );
         $where .= "
-			AND lower(p.description) LIKE '$var'";
+			AND lower(p.description) LIKE $var";
     }
     if ( $form->{partsgroup} ne "" ) {
         ( $null, $var ) = split /--/, $form->{partsgroup};