- $sql = "SELECT Count(*) FROM ".TB_PREF."supp_trans WHERE supplier_id='"
- . $_SESSION['supp_trans']->supplier_id . "' AND supp_reference='"
- . $_POST['supp_reference']
- . "' AND ov_amount!=0"; // ignore voided invoice references
+ $sql = "SELECT Count(*) FROM ".TB_PREF."supp_trans WHERE supplier_id="
+ .db_escape($_SESSION['supp_trans']->supplier_id) . " AND supp_reference="
+ .db_escape( $_POST['supp_reference'])
+ . " AND ov_amount!=0"; // ignore voided invoice references