projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Security update merged from 2.1.
[fa-stable.git]
/
purchasing
/
po_entry_items.php
diff --git
a/purchasing/po_entry_items.php
b/purchasing/po_entry_items.php
index a5f4b7d59e9f2e7919a03b134c18b71b0bbe067b..2f903ba12be839caa38e95236ec79283cf17f080 100644
(file)
--- a/
purchasing/po_entry_items.php
+++ b/
purchasing/po_entry_items.php
@@
-228,7
+228,7
@@
function handle_add_new_item()
if ($allow_update == true)
{
$sql = "SELECT description, units, mb_flag
if ($allow_update == true)
{
$sql = "SELECT description, units, mb_flag
- FROM ".TB_PREF."stock_master WHERE stock_id =
'". $_POST['stock_id'] . "'"
;
+ FROM ".TB_PREF."stock_master WHERE stock_id =
".db_escape($_POST['stock_id'])
;
$result = db_query($sql,"The stock details for " . $_POST['stock_id'] . " could not be retrieved");
$result = db_query($sql,"The stock details for " . $_POST['stock_id'] . " could not be retrieved");