) {
#$klass = $form->parse_amount($myconfig, $form->{"klass_$i"});
$price = $form->parse_amount($myconfig, $form->{"price_$i"});
- $pricegroup_id =
- $form->parse_amount($myconfig, $form->{"pricegroup_id_$i"});
$query = qq|INSERT INTO prices (parts_id, pricegroup_id, price) | .
qq|VALUES(?, ?, ?)|;
- @values = (conv_i($form->{id}), conv_i($pricegroup_id), $price);
+ @values = (conv_i($form->{id}), conv_i($form->{"pricegroup_id_$i"}), $price);
do_query($form, $dbh, $query, @values);
}
}
<tr>
<td width=50%><input type=hidden name="pricegroup_[% loop.count %]" size=30 value="[% HTML.escape(row.pricegroup) %]">[% HTML.escape(row.pricegroup) %]</td>
<td width=50%><input name="price_[% loop.count %]" size=11 value="[% LxERP.format_amount(row.price, -2) %]"></td>
- <input type=hidden name="pricegroup_id_[% loop.count %]" value="[% LxERP.format_amount(row.pricegroup_id, -2) %]">
+ <input type="hidden" name="pricegroup_id_[% loop.count %]" value="[% HTML.escape(row.pricegroup_id) %]">
</tr>
[%- END %]
</table>
<tr>
<td width=50%><input type=hidden name="pricegroup_[% loop.count %]" size=30 value="[% HTML.escape(row.pricegroup) %]">[% HTML.escape(row.pricegroup) %]</td>
<td width=50%><input name="price_[% loop.count %]" size=11 value="[% LxERP.format_amount(row.price, -2) %]"></td>
- <input type=hidden name="pricegroup_id_[% loop.count %]" value="[% LxERP.format_amount(row.pricegroup_id, -2) %]">
+ <input type="hidden" name="pricegroup_id_[% loop.count %]" value="[% HTML.escape(row.pricegroup_id) %]">
</tr>
[%- END %]
</table>