mirror of
https://github.com/itflow-org/itflow
synced 2026-03-01 11:24:52 +00:00
Escaped Variables
This commit is contained in:
o-psi
@@ -22,10 +22,10 @@ if (isset($_GET['client_id'])) {
|
|||||||
$result_client_details = mysqli_query($mysqli, $sql_client_details);
|
$result_client_details = mysqli_query($mysqli, $sql_client_details);
|
||||||
$row_client_details = mysqli_fetch_assoc($result_client_details);
|
$row_client_details = mysqli_fetch_assoc($result_client_details);
|
||||||
|
|
||||||
$client_name = $row_client_details['client_name'];
|
$client_name = nullable_html_entities($row_client_details['client_name']);
|
||||||
$client_type = $row_client_details['client_type'];
|
$client_type = nullable_html_entities($row_client_details['client_type']);
|
||||||
$client_website = $row_client_details['client_website'];
|
$client_website = nullable_html_entities($row_client_details['client_website']);
|
||||||
$client_net_terms = $row_client_details['client_net_terms'];
|
$client_net_terms = intval($row_client_details['client_net_terms']);
|
||||||
|
|
||||||
$sql_client_unpaid_invoices = "
|
$sql_client_unpaid_invoices = "
|
||||||
SELECT
|
SELECT
|
||||||
@@ -82,16 +82,16 @@ if (isset($_GET['client_id'])) {
|
|||||||
<tbody>
|
<tbody>
|
||||||
<?php
|
<?php
|
||||||
while ($row = mysqli_fetch_assoc($result_client_unpaid_invoices)) {
|
while ($row = mysqli_fetch_assoc($result_client_unpaid_invoices)) {
|
||||||
$invoice_number = $row['invoice_number'];
|
$invoice_number = intval($row['invoice_number']);
|
||||||
$invoice_id = $row['invoice_id'];
|
$invoice_id = intval($row['invoice_id']);
|
||||||
$invoice_prefix = $row['invoice_prefix'];
|
$invoice_prefix = nullable_html_entities($row['invoice_prefix']);
|
||||||
$invoice_date = $row['invoice_date'];
|
$invoice_date = nullable_html_entities($row['invoice_date']);
|
||||||
$invoice_amount = $row['invoice_amount'];
|
$invoice_amount = floatval($row['invoice_amount']);
|
||||||
$invoice_amount_formatted = numfmt_format_currency($currency_format, $invoice_amount, $currency_code);
|
$invoice_amount_formatted = numfmt_format_currency($currency_format, $invoice_amount, $currency_code);
|
||||||
$invoice_url = "invoice.php?invoice_id=$invoice_id";
|
$invoice_url = intval("invoice.php?invoice_id=$invoice_id");
|
||||||
$invoice_due = $row['invoice_due'];
|
$invoice_due = nullable_html_entities($row['invoice_due']);
|
||||||
|
|
||||||
$invoice_balance = calculateInvoiceBalance($mysqli, $invoice_id);
|
$invoice_balance = floatval(calculateInvoiceBalance($mysqli, $invoice_id));
|
||||||
$invoice_balance_formatted = numfmt_format_currency($currency_format, $invoice_balance, $currency_code);
|
$invoice_balance_formatted = numfmt_format_currency($currency_format, $invoice_balance, $currency_code);
|
||||||
|
|
||||||
?>
|
?>
|
||||||
@@ -151,10 +151,10 @@ if (isset($_GET['client_id'])) {
|
|||||||
$result_client_payments = mysqli_query($mysqli, $sql_client_payments);
|
$result_client_payments = mysqli_query($mysqli, $sql_client_payments);
|
||||||
|
|
||||||
while ($row = mysqli_fetch_assoc($result_client_payments)) {
|
while ($row = mysqli_fetch_assoc($result_client_payments)) {
|
||||||
$payment_date = $row['payment_date'];
|
$payment_date = nullable_html_entities($row['payment_date']);
|
||||||
$payment_amount = $row['payment_amount'];
|
$payment_amount = floatval($row['payment_amount']);
|
||||||
$payment_reference = $row['payment_reference'];
|
$payment_reference = nullable_html_entities($row['payment_reference']);
|
||||||
$invoice_number = $row['invoice_prefix'].$row['invoice_number'];
|
$invoice_number = nullable_html_entities($row['invoice_prefix'].$row['invoice_number']);
|
||||||
$payment_amount_formatted = numfmt_format_currency($currency_format, $payment_amount, $currency_code);
|
$payment_amount_formatted = numfmt_format_currency($currency_format, $payment_amount, $currency_code);
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|||||||
Reference in New Issue
Block a user