From 1e85fc89e1a41d52f3f4bc1df032e85b06c2516d Mon Sep 17 00:00:00 2001
From: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>
Date: Fri, 27 Jul 2007 05:29:00 +0000
Subject: Fixing a large number of SQL errors in certain circumstances

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@1447 4979c152-3d1c-0410-bac9-87ea11338e46
---
 LedgerSMB/AA.pm | 4 ++--
 LedgerSMB/CT.pm | 6 +++---
 LedgerSMB/OE.pm | 8 ++++----
 LedgerSMB/PE.pm | 2 +-
 4 files changed, 10 insertions(+), 10 deletions(-)

(limited to 'LedgerSMB')

diff --git a/LedgerSMB/AA.pm b/LedgerSMB/AA.pm
index bca7f391..5bfd0ac1 100755
--- a/LedgerSMB/AA.pm
+++ b/LedgerSMB/AA.pm
@@ -861,12 +861,12 @@ sub transactions {
         $where .= qq|
 			AND (a.id IN (SELECT DISTINCT trans_id
 			                FROM acc_trans
-			               WHERE lower(memo) LIKE '$var')
+			               WHERE lower(memo) LIKE $var)
 			                     OR a.id IN 
 			                     (SELECT DISTINCT trans_id
 			                                 FROM invoice
 			                                WHERE lower(description)
-			                                      LIKE '$var'))|;
+			                                      LIKE $var))|;
     }
 
     $query .= "WHERE $where
diff --git a/LedgerSMB/CT.pm b/LedgerSMB/CT.pm
index e57af3b6..283ed2bf 100755
--- a/LedgerSMB/CT.pm
+++ b/LedgerSMB/CT.pm
@@ -882,7 +882,7 @@ sub get_history {
     $form->sort_order();
 
     if ( $form->{"$form->{db}number"} ne "" ) {
-        $var = $dbh->( $form->like( lc $form->{"$form->{db}number"} ) );
+        $var = $dbh->quote( $form->like( lc $form->{"$form->{db}number"} ) );
         $where .= " AND lower(ct.$form->{db}number) LIKE $var";
     }
 
@@ -900,8 +900,8 @@ sub get_history {
     }
 
     if ( $form->{employee} ne "" ) {
-        $var = $form->like( lc $form->{employee} );
-        $where .= " AND lower(e.name) LIKE '$var'";
+        $var = $dbh->quote($form->like(lc $form->{employee}));
+        $where .= " AND lower(e.name) LIKE $var";
     }
 
     $transwhere .=
diff --git a/LedgerSMB/OE.pm b/LedgerSMB/OE.pm
index af81da1c..015d404c 100755
--- a/LedgerSMB/OE.pm
+++ b/LedgerSMB/OE.pm
@@ -197,10 +197,10 @@ sub transactions {
     }
 
     if ( $form->{description} ne "" ) {
-        $var = $form->like( lc $form->{description} );
+        $var = $dbh->quote($form->like( lc $form->{description} ));
         $query .= " AND o.id IN (SELECT DISTINCT trans_id
                              FROM orderitems
-			     WHERE lower(description) LIKE '$var')";
+			     WHERE lower(description) LIKE $var)";
         push @queryargs, $var;
     }
 
@@ -1992,12 +1992,12 @@ sub get_inventory {
     if ( $form->{partnumber} ne "" ) {
         $var = $dbh->quote( $form->like( lc $form->{partnumber} ) );
         $where .= "
-			AND lower(p.partnumber) LIKE '$var'";
+			AND lower(p.partnumber) LIKE $var";
     }
     if ( $form->{description} ne "" ) {
         $var = $dbh->quote( $form->like( lc $form->{description} ) );
         $where .= "
-			AND lower(p.description) LIKE '$var'";
+			AND lower(p.description) LIKE $var";
     }
     if ( $form->{partsgroup} ne "" ) {
         ( $null, $var ) = split /--/, $form->{partsgroup};
diff --git a/LedgerSMB/PE.pm b/LedgerSMB/PE.pm
index 86d3414f..fa1c9eda 100755
--- a/LedgerSMB/PE.pm
+++ b/LedgerSMB/PE.pm
@@ -987,7 +987,7 @@ sub partsgroups {
 
     if ( $form->{partsgroup} ne "" ) {
         $var = $dbh->quote( $form->like( lc $form->{partsgroup} ) );
-        $where .= " AND lower(partsgroup) LIKE '$var'";
+        $where .= " AND lower(partsgroup) LIKE $var";
     }
     $query .= qq| WHERE $where ORDER BY $sortorder|;
 
-- 
cgit v1.2.3