projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Security update merged from 2.1.
[fa-stable.git]
/
reporting
/
rep202.php
diff --git
a/reporting/rep202.php
b/reporting/rep202.php
index 97156dc513ccc06ec51dd6e78f77230421b8096b..3f68bb5adcbe094115247a67361dd382baeef146 100644
(file)
--- a/
reporting/rep202.php
+++ b/
reporting/rep202.php
@@
-137,10
+137,10
@@
function print_aged_supplier_analysis()
$pastdue1 = $PastDueDays1 + 1 . "-" . $PastDueDays2 . " " . _('Days');
$pastdue2 = _('Over') . " " . $PastDueDays2 . " " . _('Days');
$pastdue1 = $PastDueDays1 + 1 . "-" . $PastDueDays2 . " " . _('Days');
$pastdue2 = _('Over') . " " . $PastDueDays2 . " " . _('Days');
- $sql = "SELECT supplier_id, supp_name AS name, curr_code FROM ".TB_PREF."suppliers
";
+ $sql = "SELECT supplier_id, supp_name AS name, curr_code FROM ".TB_PREF."suppliers";
if ($fromsupp != ALL_NUMERIC)
if ($fromsupp != ALL_NUMERIC)
- $sql .= "
WHERE supplier_id=$fromsupp "
;
- $sql .= "ORDER BY supp_name";
+ $sql .= "
WHERE supplier_id=".db_escape($fromsupp)
;
+ $sql .= "
ORDER BY supp_name";
$result = db_query($sql, "The suppliers could not be retrieved");
while ($myrow=db_fetch($result))
$result = db_query($sql, "The suppliers could not be retrieved");
while ($myrow=db_fetch($result))