projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Security sql statements update against sql injection attacks.
[fa-stable.git]
/
sales
/
manage
/
credit_status.php
diff --git
a/sales/manage/credit_status.php
b/sales/manage/credit_status.php
index 8d9400cc886a81757263a7f5b6722137d5b7d95c..998da84b66927883802c8760e9ab289468cd32fd 100644
(file)
--- a/
sales/manage/credit_status.php
+++ b/
sales/manage/credit_status.php
@@
-59,7
+59,7
@@
if ($Mode=='UPDATE_ITEM' && can_process())
function can_delete($selected_id)
{
$sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master
function can_delete($selected_id)
{
$sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master
- WHERE credit_status=
$selected_id"
;
+ WHERE credit_status=
".db_escape($selected_id)
;
$result = db_query($sql, "could not query customers");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
$result = db_query($sql, "could not query customers");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)