Add Where clause to only accept saved payment by logged in session_client_id in Client Portal

2026-02-28 10:54:52 +00:00 · 2025-11-16 15:33:45 -05:00
parent b0724f5b66
commit efcc0fd5cb
1 changed files with 1 additions and 1 deletions
--- a/client/post.php
+++ b/client/post.php
@@ -440,7 +440,7 @@ if (isset($_GET['add_payment_by_provider'])) {
    $sql = mysqli_query($mysqli,"SELECT * FROM invoices
            LEFT JOIN clients ON invoice_client_id = client_id
            LEFT JOIN contacts ON client_id = contact_client_id AND contact_primary = 1
-            WHERE invoice_id = $invoice_id"
+            WHERE invoice_id = $invoice_id AND client_id = $session_client_id"
    );
    $row = mysqli_fetch_array($sql);
    $invoice_number = intval($row['invoice_number']);