diff options
Diffstat (limited to 'admin/WebConsole/includes/HTMLSELECT.php')
-rw-r--r-- | admin/WebConsole/includes/HTMLSELECT.php | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/admin/WebConsole/includes/HTMLSELECT.php b/admin/WebConsole/includes/HTMLSELECT.php index 077e7680..5db2e45b 100644 --- a/admin/WebConsole/includes/HTMLSELECT.php +++ b/admin/WebConsole/includes/HTMLSELECT.php @@ -20,6 +20,9 @@ // - clausulawhere: Clausula Where adicional // ************************************************************************************************************************************************* function HTMLSELECT($cmd,$idcentro,$nombretabla,$identificador,$nombreid,$nombreliteral,$ancho,$eventochg = "",$clase="",$clausulawhere=""){ + $nombretabla=htmlentities($nombretabla); + $nombreid=htmlentities($nombreid); + $nombreliteral=htmlentities($nombreliteral); if (!empty($eventochg)) $eventochg='onchange="'.$eventochg.'(this);"'; if (empty($clase)) $clase='formulariodatos'; $SelectHtml=""; @@ -30,7 +33,7 @@ function HTMLSELECT($cmd,$idcentro,$nombretabla,$identificador,$nombreid,$nombre $cmd->texto.=" AND (".$clausulawhere.")"; } else{ - $cmd->texto='SELECT * FROM '.$nombretabla; + $cmd->texto='SELECT DISTINCT '.$nombreid.', '.$nombreliteral.' FROM '.$nombretabla; if(!empty($clausulawhere)) $cmd->texto.=" WHERE (".$clausulawhere.")"; } @@ -49,4 +52,4 @@ function HTMLSELECT($cmd,$idcentro,$nombretabla,$identificador,$nombreid,$nombre }$SelectHtml.= '</SELECT>'; $rs->Cerrar(); return($SelectHtml); -}
\ No newline at end of file +} |