Sealing against XSS atacks: purchasing,sales,install,admin,taxes

[fa-stable.git] / purchasing / includes / db / po_db.inc

diff --git a/purchasing/includes/db/po_db.inc b/purchasing/includes/db/po_db.inc
index ba2740e927f1b0dc296bd0bd7c9d20c9a7409ffd..cb2a1e49cfeca3cd93e2a8af32575a2f5023e415 100644 (file)
--- a/purchasing/includes/db/po_db.inc
+++ b/purchasing/includes/db/po_db.inc
@@ -19,7 +19,7 @@ function add_po(&$po_obj)
 
      /*Insert to purchase order header record */
      $sql = "INSERT INTO ".TB_PREF."purch_orders (supplier_id, Comments, ord_date, reference, requisition_no, into_stock_location, delivery_address) VALUES(";
-     $sql .= "' ". $po_obj->supplier_id . "'," .
+     $sql .= db_escape($po_obj->supplier_id) . "," .
          db_escape($po_obj->Comments) . ",'" .
          date2sql($po_obj->orig_order_date) . "', '" .
                 $po_obj->reference . "', " .