Security update merged from 2.1.
[fa-stable.git] / gl / includes / db / gl_db_banking.inc
index b20644c58c2d79113383e18df7ce2057ff4ee6be..bbef96d21c4aeb404f8fd28b9c50e584830f5e5c 100644 (file)
@@ -18,7 +18,7 @@ function add_exchange_variation($trans_type, $trans_no, $date_, $acc_id, $accoun
                $date_ = Today();
        $rate = get_exchange_rate_from_home_currency($currency, $date_);
        $result = db_query("SELECT SUM(amount) FROM ".TB_PREF."bank_trans WHERE 
-               bank_act='$acc_id' AND trans_date<='".date2sql($date_)."'", 
+               bank_act=".db_escape($acc_id)." AND trans_date<='".date2sql($date_)."'", 
                "Transactions for account $account could not be calculated");
        $row = db_fetch_row($result);
        $foreign_amount = $row[0];