SQL injection bei Zahlungsverkehr behoben

[kivitendo-erp.git] / SL / IC.pm

diff --git a/SL/IC.pm b/SL/IC.pm
index 3b7eb08..ff8484b 100644 (file)
--- a/SL/IC.pm
+++ b/SL/IC.pm
@@ -461,17 +461,17 @@ sub save {
     my $i = $form->{assembly_rows};
     # if last row is not empty add them
     if ($form->{"partnumber_$i"} ne "") {
-       $query = qq|SELECT id FROM parts WHERE partnumber = ?|;
-       my ($partid) = selectrow_query($form, $dbh, $query,$form->{"partnumber_$i"} );
-       if ( $partid ) {
-           $form->{"qty_$i"} = 1 unless ($form->{"qty_$i"});
-           $form->{"id_$i"} = $partid;
-           $form->{"bom_$i"} = 0;
-           $form->{assembly_rows}++;
-       }
-       else {
-           $::form->error($::locale->text("uncorrect partnumber ").$form->{"partnumber_$i"});
-       }
+      $query = qq|SELECT id FROM parts WHERE partnumber = ?|;
+      my ($partid) = selectrow_query($form, $dbh, $query,$form->{"partnumber_$i"} );
+      if ( $partid ) {
+        $form->{"qty_$i"} = 1 unless ($form->{"qty_$i"});
+        $form->{"id_$i"} = $partid;
+        $form->{"bom_$i"} = 0;
+        $form->{assembly_rows}++;
+      }
+      else {
+        $::form->error($::locale->text("uncorrect partnumber ").$form->{"partnumber_$i"});
+      }
     }
 
     for my $i (1 .. $form->{assembly_rows}) {