projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security update merged from 2.1.
[fa-stable.git] / manufacturing / search_work_orders.php
diff --git a/manufacturing/search_work_orders.php b/manufacturing/search_work_orders.php
index b4e0d2f5cb5401d02c601f0435aca1f6ab7a0dd3..cf93441cfaa7332ef74cc7f5e020667a52e9e1a7 100644 (file)
--- a/manufacturing/search_work_orders.php
+++ b/manufacturing/search_work_orders.php
@@ -185,17 +185,17 @@ if (check_value('OpenOnly') || $outstanding_only != 0)
 
 if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != $all_items)
 {
-       $sql .= " AND workorder.loc_code='" . $_POST['StockLocation'] . "' ";
+       $sql .= " AND workorder.loc_code=".db_escape($_POST['StockLocation']);
 }
 
 if (isset($_POST['OrderNumber']) && $_POST['OrderNumber'] != "")
 {
-       $sql .= " AND workorder.wo_ref LIKE '%". $_POST['OrderNumber'] . "%'";
+       $sql .= " AND workorder.wo_ref LIKE ".db_escape('%'.$_POST['OrderNumber'].'%');
 }
 
 if (isset($_POST['SelectedStockItem']) && $_POST['SelectedStockItem'] != $all_items)
 {
-       $sql .= " AND workorder.stock_id='". $_POST['SelectedStockItem'] . "'";
+       $sql .= " AND workorder.stock_id=".db_escape($_POST['SelectedStockItem']);
 }
 
 if (check_value('OverdueOnly'))
FrontAccounting stable branch