Additional security fixes in sql statements.

[fa-stable.git] / gl / manage / bank_accounts.php

diff --git a/gl/manage/bank_accounts.php b/gl/manage/bank_accounts.php
index fb57c0f527c0b08536c9ae712d8728a3a8dde381..83d425f80093dc39f953b31ec3936f5757d243cd 100644 (file)
--- a/gl/manage/bank_accounts.php
+++ b/gl/manage/bank_accounts.php
@@ -63,10 +63,10 @@ elseif( $Mode == 'Delete')
        //the link to delete a selected record was clicked instead of the submit button
 
        $cancel_delete = 0;
-
+       $acc = db_escape($selected_id);
        // PREVENT DELETES IF DEPENDENT RECORDS IN 'bank_trans'
 
-       $sql= "SELECT COUNT(*) FROM ".TB_PREF."bank_trans WHERE bank_act='$selected_id'";
+       $sql= "SELECT COUNT(*) FROM ".TB_PREF."bank_trans WHERE bank_act=$acc";
        $result = db_query($sql,"check failed");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0) 
@@ -74,7 +74,7 @@ elseif( $Mode == 'Delete')
                $cancel_delete = 1;
                display_error(_("Cannot delete this bank account because transactions have been created using this account."));
        }
-       $sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_pos WHERE pos_account='$selected_id'";
+       $sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_pos WHERE pos_account=$acc";
        $result = db_query($sql,"check failed");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0)