projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security statements update against sql injection attacks.
[fa-stable.git] / purchasing / supplier_credit.php
diff --git a/purchasing/supplier_credit.php b/purchasing/supplier_credit.php
index bc60f4de4a92e4b089bace07d72bc3b61d52d478..1f615ec9f8969b778ebe43396d19ada100603cb5 100644 (file)
--- a/purchasing/supplier_credit.php
+++ b/purchasing/supplier_credit.php
@@ -110,7 +110,7 @@ if (isset($_POST['AddGLCodeToTrans'])){
        $Ajax->activate('gl_items');
        $input_error = false;
 
-       $sql = "SELECT account_code, account_name FROM ".TB_PREF."chart_master WHERE account_code='" . $_POST['gl_code'] . "'";
+       $sql = "SELECT account_code, account_name FROM ".TB_PREF."chart_master WHERE account_code=".db_escape($_POST['gl_code']);
        $result = db_query($sql,"get account information");
        if (db_num_rows($result) == 0)
        {
FrontAccounting stable branch