Security statements update against sql injection attacks.

[fa-stable.git] / inventory / manage / item_categories.php

diff --git a/inventory/manage/item_categories.php b/inventory/manage/item_categories.php
index f5de480a4aed608016629daa26ec678815180550..149e23e65746acef08af873d36665e94d000f869 100644 (file)
--- a/inventory/manage/item_categories.php
+++ b/inventory/manage/item_categories.php
@@ -57,7 +57,7 @@ if ($Mode == 'Delete')
 {
 
        // PREVENT DELETES IF DEPENDENT RECORDS IN 'stock_master'
-       $sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_master WHERE category_id='$selected_id'";
+       $sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_master WHERE category_id=".db_escape($selected_id);
        $result = db_query($sql, "could not query stock master");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0)