Security update merged from 2.1.

[fa-stable.git] / inventory / manage / items.php

diff --git a/inventory/manage/items.php b/inventory/manage/items.php
index 9d30127725d6b60ffa49b70d2af4ceaa768aca28..9356e0b11fcc729fb06bed9e1a864f58861b95f7 100644 (file)
--- a/inventory/manage/items.php
+++ b/inventory/manage/items.php
@@ -212,16 +212,16 @@ function check_usage($stock_id, $dispmsg=true)
 {
        $sqls=  array(
        "SELECT COUNT(*) FROM "
-               .TB_PREF."stock_moves WHERE stock_id='$stock_id'" =>
+               .TB_PREF."stock_moves WHERE stock_id=".db_escape($stock_id) =>
         _('Cannot delete this item because there are stock movements that refer to this item.'),
        "SELECT COUNT(*) FROM "
-               .TB_PREF."bom WHERE component='$stock_id'"=>
+               .TB_PREF."bom WHERE component=".db_escape($stock_id)=>
         _('Cannot delete this item record because there are bills of material that require this part as a component.'),
        "SELECT COUNT(*) FROM "
-               .TB_PREF."sales_order_details WHERE stk_code='$stock_id'" =>
+               .TB_PREF."sales_order_details WHERE stk_code=".db_escape($stock_id) =>
         _('Cannot delete this item because there are existing purchase order items for it.'),
        "SELECT COUNT(*) FROM "
-               .TB_PREF."purch_order_details WHERE item_code='$stock_id'"=>
+               .TB_PREF."purch_order_details WHERE item_code=".db_escape($stock_id)=>
         _('Cannot delete this item because there are existing purchase order items for it.')
        );