projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Security statements update against sql injection attacks.
[fa-stable.git]
/
manufacturing
/
search_work_orders.php
diff --git
a/manufacturing/search_work_orders.php
b/manufacturing/search_work_orders.php
index ea3aae225683a22587d6e307bf4457dfc6687276..447dbd0782cbedf4013bb08fda3e87a99426356c 100644
(file)
--- a/
manufacturing/search_work_orders.php
+++ b/
manufacturing/search_work_orders.php
@@
-183,17
+183,17
@@
if (check_value('OpenOnly') || $outstanding_only != 0)
if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != $all_items)
{
if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != $all_items)
{
- $sql .= " AND workorder.loc_code=
'" . $_POST['StockLocation'] . "' "
;
+ $sql .= " AND workorder.loc_code=
".db_escape($_POST['StockLocation'])
;
}
if (isset($_POST['OrderNumber']) && $_POST['OrderNumber'] != "")
{
}
if (isset($_POST['OrderNumber']) && $_POST['OrderNumber'] != "")
{
- $sql .= " AND workorder.wo_ref LIKE
'%". $_POST['OrderNumber'] . "%'"
;
+ $sql .= " AND workorder.wo_ref LIKE
".db_escape('%'.$_POST['OrderNumber'].'%')
;
}
if (isset($_POST['SelectedStockItem']) && $_POST['SelectedStockItem'] != $all_items)
{
}
if (isset($_POST['SelectedStockItem']) && $_POST['SelectedStockItem'] != $all_items)
{
- $sql .= " AND workorder.stock_id=
'". $_POST['SelectedStockItem'] . "'"
;
+ $sql .= " AND workorder.stock_id=
".db_escape($_POST['SelectedStockItem'])
;
}
if (check_value('OverdueOnly'))
}
if (check_value('OverdueOnly'))