AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor calculateInvoiceBalance function to sanitizr

Browse Source 
This commit refactors the calculateInvoiceBalance function in functions.php. The invoice_id parameter is now properly sanitized using intval() to prevent SQL injection attacks. Additionally, the SQL query for retrieving the invoice and payments data has been formatted for better readability.
This commit is contained in:
o-psi
2023-12-21 14:37:19 +00:00
parent 70d99d28bf
commit f1516b06ee
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
functions.php
View File

@@ -892,12 +892,17 @@ function addToMailQueue($mysqli, $data) {
}
function calculateInvoiceBalance($mysqli, $invoice_id) {
$sql_invoice = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = $invoice_id");
$invoice_id_int = intval($invoice_id);
$sql_invoice = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = $invoice_id_int");
$row = mysqli_fetch_array($sql_invoice);
$invoice_amount = floatval($row['invoice_amount']);
$invoice_id = intval($row['invoice_id']);
$sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_invoice_id = $invoice_id");
$sql_payments = mysqli_query(
$mysqli,
"SELECT SUM(payment_amount) AS total_payments FROM payments
WHERE payment_invoice_id = $invoice_id
");
$row = mysqli_fetch_array($sql_payments);
$total_payments = floatval($row['total_payments']);