AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 11:24:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed HTML Data input on tickets

Browse Source
This commit is contained in:
johnny@pittpc.com
2021-01-15 16:39:25 -05:00
parent 76b9aef9ab
commit 74efc339ef
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
post.php
View File

@@ -742,7 +742,7 @@ if(isset($_POST['add_ticket'])){
$client_id = intval($_POST['client']); $client_id = intval($_POST['client']);
$subject = strip_tags(mysqli_real_escape_string($mysqli,$_POST['subject'])); $subject = strip_tags(mysqli_real_escape_string($mysqli,$_POST['subject']));
$details = strip_tags(mysqli_real_escape_string($mysqli,$_POST['details'])); $details = mysqli_real_escape_string($mysqli,$_POST['details']);
//Get the next Ticket Number and add 1 for the new ticket number //Get the next Ticket Number and add 1 for the new ticket number
$ticket_number = $config_ticket_next_number; $ticket_number = $config_ticket_next_number;
@@ -764,7 +764,7 @@ if(isset($_POST['edit_ticket'])){
$ticket_id = intval($_POST['ticket_id']); $ticket_id = intval($_POST['ticket_id']);
$subject = strip_tags(mysqli_real_escape_string($mysqli,$_POST['subject'])); $subject = strip_tags(mysqli_real_escape_string($mysqli,$_POST['subject']));
$details = strip_tags(mysqli_real_escape_string($mysqli,$_POST['details'])); $details = mysqli_real_escape_string($mysqli,$_POST['details']);
mysqli_query($mysqli,"UPDATE tickets SET ticket_subject = '$subject', ticket_details = '$details' ticket_updated_at = NOW() WHERE ticket_id = $ticket_id AND company_id = $session_company_id"); mysqli_query($mysqli,"UPDATE tickets SET ticket_subject = '$subject', ticket_details = '$details' ticket_updated_at = NOW() WHERE ticket_id = $ticket_id AND company_id = $session_company_id");
@@ -794,7 +794,7 @@ if(isset($_GET['delete_ticket'])){
if(isset($_POST['add_ticket_update'])){ if(isset($_POST['add_ticket_update'])){
$ticket_id = intval($_POST['ticket_id']); $ticket_id = intval($_POST['ticket_id']);
$ticket_update = strip_tags(mysqli_real_escape_string($mysqli,$_POST['ticket_update'])); $ticket_update = mysqli_real_escape_string($mysqli,$_POST['ticket_update']);
mysqli_query($mysqli,"INSERT INTO ticket_updates SET ticket_update = '$ticket_update', ticket_update_created_at = NOW(), user_id = $session_user_id, ticket_id = $ticket_id, company_id = $session_company_id") or die(mysqli_error($mysqli)); mysqli_query($mysqli,"INSERT INTO ticket_updates SET ticket_update = '$ticket_update', ticket_update_created_at = NOW(), user_id = $session_user_id, ticket_id = $ticket_id, company_id = $session_company_id") or die(mysqli_error($mysqli));