Umstellung der Form.pm auf die Verwendung parametrisierter Queries zur Vermeidung...

[kivitendo-erp.git] / SL / IS.pm

diff --git a/SL/IS.pm b/SL/IS.pm
index 6523d24..402df0d 100644 (file)
--- a/SL/IS.pm
+++ b/SL/IS.pm
@@ -711,9 +711,8 @@ sub post_invoice {
           $sth->execute || $form->dberror($query);
 
           if ($sth->fetchrow_array) {
-            $form->update_balance($dbh, "parts", "onhand",
-                                  qq|id = $form->{"id_$i"}|,
-                                  $baseqty * -1)
+            $form->update_balance($dbh, "parts", "onhand", qq|id = ?|,
+                                  $baseqty * -1, $form->{"id_$i"})
               unless $form->{shipped};
           }
           $sth->finish;
@@ -721,9 +720,8 @@ sub post_invoice {
           # record assembly item as allocated
           &process_assembly($dbh, $form, $form->{"id_$i"}, $baseqty);
         } else {
-          $form->update_balance($dbh, "parts", "onhand",
-                                qq|id = $form->{"id_$i"}|,
-                                $baseqty * -1)
+          $form->update_balance($dbh, "parts", "onhand", qq|id = ?|,
+                                $baseqty * -1, $form->{"id_$i"})
             unless $form->{shipped};
 
           $allocated = &cogs($dbh, $form, $form->{"id_$i"}, $baseqty, $basefactor, $i);