Added text fields sanitization on upgrdae to 2.2.

[fa-stable.git] / gl / view / gl_trans_view.php

diff --git a/gl/view/gl_trans_view.php b/gl/view/gl_trans_view.php
index c48ed8199fe1df999846657a7e491a11993df356..64e585a5a16b8f2530bfa84d9f0cc3d028b0dc26 100644 (file)
--- a/gl/view/gl_trans_view.php
+++ b/gl/view/gl_trans_view.php
@@ -47,13 +47,17 @@ function display_gl_heading($myrow)
     end_table(1);
 }
 
-$sql = "SELECT ".TB_PREF."gl_trans.*, account_name FROM ".TB_PREF."gl_trans, ".TB_PREF."chart_master WHERE ".TB_PREF."gl_trans.account = ".TB_PREF."chart_master.account_code AND type= " . $_GET['type_id'] . " AND type_no = " . $_GET['trans_no'] . " ORDER BY counter";
+$sql = "SELECT ".TB_PREF."gl_trans.*, account_name FROM "
+       .TB_PREF."gl_trans, ".TB_PREF."chart_master WHERE "
+       .TB_PREF."gl_trans.account = ".TB_PREF."chart_master.account_code AND type= " 
+       .db_escape($_GET['type_id']) . " AND type_no = ".db_escape($_GET['trans_no']) 
+       . " ORDER BY counter";
 $result = db_query($sql,"could not get transactions");
 //alert("sql = ".$sql);
 
 if (db_num_rows($result) == 0)
 {
-    echo "<p><center>" . _("No general ledger transactions have been created for") . " " .$systypes_array$_GET['type_id']]." " . _("number") . " " . $_GET['trans_no'] . "</center></p><br><br>";
+    echo "<p><center>" . _("No general ledger transactions have been created for") . " " .$systypes_array[$_GET['type_id']]." " . _("number") . " " . $_GET['trans_no'] . "</center></p><br><br>";
        end_page(true);
        exit;
 }