Revision 165d1a99
Von Sven Schöling vor fast 11 Jahren hinzugefügt
| SL/CP.pm | ||
|---|---|---|
| 147 | 147 |
|
| 148 | 148 |
my $buysell = $form->{vc} eq 'customer' ? "buy" : "sell";
|
| 149 | 149 |
my $arap = $form->{arap} eq "ar" ? "ar" : "ap";
|
| 150 |
my $invnumber = $form->{invnumber};
|
|
| 151 |
$invnumber =~ s/^\s+//m; |
|
| 152 |
$invnumber =~ s/\s+$//m; |
|
| 153 |
|
|
| 154 |
my $whereinvoice = $invnumber ? qq| AND a.invnumber LIKE '| . $invnumber . qq|' | : undef; |
|
| 150 |
|
|
| 151 |
my @values = (conv_i($form->{"${vc}_id"}), "$form->{currency}");
|
|
| 152 |
my $whereinvoice = ''; |
|
| 153 |
if ($::form->{invnumber}) {
|
|
| 154 |
$whereinvoice = ' AND a.invnumber LIKE ? '; |
|
| 155 |
push @values, $::form->{invnumber};
|
|
| 156 |
} |
|
| 155 | 157 |
|
| 156 | 158 |
my $query = |
| 157 | 159 |
qq|SELECT a.id, a.invnumber, a.transdate, a.amount, a.paid, cu.name AS curr | . |
| 158 | 160 |
qq|FROM $arap a | . |
| 159 | 161 |
qq|LEFT JOIN currencies cu ON (cu.id=a.currency_id)| . |
| 160 | 162 |
qq|WHERE (a.${vc}_id = ?) AND cu.name = ? AND NOT (a.amount = a.paid)| .
|
| 161 |
$whereinvoice .
|
|
| 163 |
$whereinvoice .
|
|
| 162 | 164 |
qq|ORDER BY a.id|; |
| 163 |
|
|
| 164 |
my $sth = prepare_execute_query($form, $dbh, $query, |
|
| 165 |
conv_i($form->{"${vc}_id"}),
|
|
| 166 |
"$form->{currency}");
|
|
| 165 |
|
|
| 166 |
my $sth = prepare_execute_query($form, $dbh, $query, @values); |
|
| 167 | 167 |
|
| 168 | 168 |
$form->{PR} = [];
|
| 169 | 169 |
while (my $ref = $sth->fetchrow_hashref("NAME_lc")) {
|
Auch abrufbar als: Unified diff
SQL injection bei Zahlungsverkehr behoben