X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/kivitendo-erp.git/blobdiff_plain/80ec19fe41dfa899593655963628334ab656ae54..2e5a8be3ab917a1ae8c748f0840491f05770d397:/SL/IR.pm

diff --git a/SL/IR.pm b/SL/IR.pm
index 025c65f2e..90a17e0b3 100644
--- a/SL/IR.pm
+++ b/SL/IR.pm
@@ -866,10 +866,9 @@ sub retrieve_invoice {
     delete($ref->{id});
     map { $form->{$_} = $ref->{$_} } keys %$ref;
     $sth->finish;
-    my $transdate = "current_date";
-    if($form->{invdate}) {
-     $transdate = "'$form->{invdate}'";
-    }
+
+    my $transdate =
+      $form->{invdate} ? $dbh->quote($form->{invdate}) : "current_date";
 
     if(!$form->{taxzone_id}) {
       $form->{taxzone_id} = 0;
@@ -1110,6 +1109,9 @@ sub retrieve_item {
 
   my ($self, $myconfig, $form) = @_;
 
+  # connect to database
+  my $dbh = $form->dbconnect($myconfig);
+
   my $i = $form->{rowcount};
 
   # don't include assemblies or obsolete parts
@@ -1138,20 +1140,13 @@ sub retrieve_item {
 
   my $transdate = "";
   if ($form->{type} eq "invoice") {
-    $transdate = "'$form->{invdate}'";
-  } elsif ($form->{type} eq "purchase_order") {
-    $transdate = "'$form->{transdate}'";
-  } elsif ($form->{type} eq "request_quotation") {
-    $transdate = "'$form->{transdate}'";
-  }
-
-  if ($transdate eq "") {
-    $transdate = "current_date";
+    $transdate =
+      $form->{invdate} ? $dbh->quote($form->{invdate}) : "current_date";
+  } else {
+    $transdate =
+      $form->{transdate} ? $dbh->quote($form->{transdate}) : "current_date";
   }
 
-  # connect to database
-  my $dbh = $form->dbconnect($myconfig);
-
   my $query = qq|SELECT p.id, p.partnumber, p.description, p.sellprice,
                         p.listprice, p.inventory_accno_id,
                         c1.accno AS inventory_accno, c1.new_chart_id AS inventory_new_chart, date($transdate) - c1.valid_from as inventory_valid,