From c2d184f576a99793f8b4877c641b4be9e288aa87 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Mon, 8 Jun 2009 22:26:27 +0000
Subject: [PATCH] Fix: Search on debit/credit

---
 htdocs/compta/bank/account.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/htdocs/compta/bank/account.php b/htdocs/compta/bank/account.php
index 93827dc894c..74ff851d7a5 100644
--- a/htdocs/compta/bank/account.php
+++ b/htdocs/compta/bank/account.php
@@ -184,25 +184,25 @@ if ($account || $_GET["ref"])
 	$mode_search = 0;
 	if ($_REQUEST["req_desc"])
 	{
-		$sql_rech.= " AND b.label like '%".$_REQUEST["req_desc"]."%'";
+		$sql_rech.= " AND b.label like '%".addslashes($_REQUEST["req_desc"])."%'";
 		$param.='&amp;req_desc='.urlencode($_REQUEST["req_desc"]);
 		$mode_search = 1;
 	}
 	if ($_REQUEST["req_debit"])
 	{
-		$sql_rech.=" AND b.amount = -".$_REQUEST["req_debit"];
+		$sql_rech.=" AND b.amount = -".price2num($_REQUEST["req_debit"]);
 		$param.='&amp;req_debit='.urlencode($_REQUEST["req_debit"]);
 		$mode_search = 1;
 	}
 	if ($_REQUEST["req_credit"])
 	{
-		$sql_rech.=" AND b.amount = ".$_REQUEST["req_credit"];
+		$sql_rech.=" AND b.amount = ".price2num($_REQUEST["req_credit"]);
 		$param.='&amp;req_credit='.urlencode($_REQUEST["req_credit"]);
 		$mode_search = 1;
 	}
 	if ($_REQUEST["thirdparty"])
 	{
-		$sql_rech.=" AND (IFNULL(s.nom,'') LIKE '%".$_REQUEST["thirdparty"]."%')";
+		$sql_rech.=" AND (IFNULL(s.nom,'') LIKE '%".addslashes($_REQUEST["thirdparty"])."%')";
 		$param.='&amp;thirdparty='.urlencode($_REQUEST["thirdparty"]);
 		$mode_search = 1;
 	}