Security update merged from 2.1.

[fa-stable.git] / reporting / rep201.php

diff --git a/reporting/rep201.php b/reporting/rep201.php
index a5614755dc079e4f0053fcafc8cc91847a51f8e6..532da5fceeb789a3685bd248157feb96188ccf34 100644 (file)
--- a/reporting/rep201.php
+++ b/reporting/rep201.php
@@ -130,10 +130,10 @@ function print_supplier_balances()
        $total = array();
        $grandtotal = array(0,0,0,0);
 
-       $sql = "SELECT supplier_id, supp_name AS name, curr_code FROM ".TB_PREF."suppliers ";
+       $sql = "SELECT supplier_id, supp_name AS name, curr_code FROM ".TB_PREF."suppliers";
        if ($fromsupp != ALL_NUMERIC)
-               $sql .= "WHERE supplier_id=$fromsupp ";
-       $sql .= "ORDER BY supp_name";
+               $sql .= " WHERE supplier_id=".db_escape($fromsupp);
+       $sql .= " ORDER BY supp_name";
        $result = db_query($sql, "The customers could not be retrieved");
 
        while ($myrow=db_fetch($result))