diff options
-rwxr-xr-x | LedgerSMB/AA.pm | 4 | ||||
-rwxr-xr-x | LedgerSMB/CT.pm | 6 | ||||
-rwxr-xr-x | LedgerSMB/OE.pm | 8 | ||||
-rwxr-xr-x | LedgerSMB/PE.pm | 2 |
4 files changed, 10 insertions, 10 deletions
diff --git a/LedgerSMB/AA.pm b/LedgerSMB/AA.pm index bca7f391..5bfd0ac1 100755 --- a/LedgerSMB/AA.pm +++ b/LedgerSMB/AA.pm @@ -861,12 +861,12 @@ sub transactions { $where .= qq| AND (a.id IN (SELECT DISTINCT trans_id FROM acc_trans - WHERE lower(memo) LIKE '$var') + WHERE lower(memo) LIKE $var) OR a.id IN (SELECT DISTINCT trans_id FROM invoice WHERE lower(description) - LIKE '$var'))|; + LIKE $var))|; } $query .= "WHERE $where diff --git a/LedgerSMB/CT.pm b/LedgerSMB/CT.pm index e57af3b6..283ed2bf 100755 --- a/LedgerSMB/CT.pm +++ b/LedgerSMB/CT.pm @@ -882,7 +882,7 @@ sub get_history { $form->sort_order(); if ( $form->{"$form->{db}number"} ne "" ) { - $var = $dbh->( $form->like( lc $form->{"$form->{db}number"} ) ); + $var = $dbh->quote( $form->like( lc $form->{"$form->{db}number"} ) ); $where .= " AND lower(ct.$form->{db}number) LIKE $var"; } @@ -900,8 +900,8 @@ sub get_history { } if ( $form->{employee} ne "" ) { - $var = $form->like( lc $form->{employee} ); - $where .= " AND lower(e.name) LIKE '$var'"; + $var = $dbh->quote($form->like(lc $form->{employee})); + $where .= " AND lower(e.name) LIKE $var"; } $transwhere .= diff --git a/LedgerSMB/OE.pm b/LedgerSMB/OE.pm index af81da1c..015d404c 100755 --- a/LedgerSMB/OE.pm +++ b/LedgerSMB/OE.pm @@ -197,10 +197,10 @@ sub transactions { } if ( $form->{description} ne "" ) { - $var = $form->like( lc $form->{description} ); + $var = $dbh->quote($form->like( lc $form->{description} )); $query .= " AND o.id IN (SELECT DISTINCT trans_id FROM orderitems - WHERE lower(description) LIKE '$var')"; + WHERE lower(description) LIKE $var)"; push @queryargs, $var; } @@ -1992,12 +1992,12 @@ sub get_inventory { if ( $form->{partnumber} ne "" ) { $var = $dbh->quote( $form->like( lc $form->{partnumber} ) ); $where .= " - AND lower(p.partnumber) LIKE '$var'"; + AND lower(p.partnumber) LIKE $var"; } if ( $form->{description} ne "" ) { $var = $dbh->quote( $form->like( lc $form->{description} ) ); $where .= " - AND lower(p.description) LIKE '$var'"; + AND lower(p.description) LIKE $var"; } if ( $form->{partsgroup} ne "" ) { ( $null, $var ) = split /--/, $form->{partsgroup}; diff --git a/LedgerSMB/PE.pm b/LedgerSMB/PE.pm index 86d3414f..fa1c9eda 100755 --- a/LedgerSMB/PE.pm +++ b/LedgerSMB/PE.pm @@ -987,7 +987,7 @@ sub partsgroups { if ( $form->{partsgroup} ne "" ) { $var = $dbh->quote( $form->like( lc $form->{partsgroup} ) ); - $where .= " AND lower(partsgroup) LIKE '$var'"; + $where .= " AND lower(partsgroup) LIKE $var"; } $query .= qq| WHERE $where ORDER BY $sortorder|; |