Security update merged from 2.1.

[fa-stable.git] / purchasing / po_entry_items.php

diff --git a/purchasing/po_entry_items.php b/purchasing/po_entry_items.php
index a5f4b7d59e9f2e7919a03b134c18b71b0bbe067b..2f903ba12be839caa38e95236ec79283cf17f080 100644 (file)
--- a/purchasing/po_entry_items.php
+++ b/purchasing/po_entry_items.php
@@ -228,7 +228,7 @@ function handle_add_new_item()
                if ($allow_update == true)
                {
                        $sql = "SELECT description, units, mb_flag
-                               FROM ".TB_PREF."stock_master WHERE stock_id = '". $_POST['stock_id'] . "'";
+                               FROM ".TB_PREF."stock_master WHERE stock_id = ".db_escape($_POST['stock_id']);
 
                    $result = db_query($sql,"The stock details for " . $_POST['stock_id'] . " could not be retrieved");