$total = array();
$grandtotal = array(0,0,0,0);
- $sql = "SELECT supplier_id, supp_name AS name, curr_code FROM ".TB_PREF."suppliers ";
+ $sql = "SELECT supplier_id, supp_name AS name, curr_code FROM ".TB_PREF."suppliers";
if ($fromsupp != ALL_NUMERIC)
- $sql .= "WHERE supplier_id=$fromsupp ";
- $sql .= "ORDER BY supp_name";
+ $sql .= " WHERE supplier_id=".db_escape($fromsupp);
+ $sql .= " ORDER BY supp_name";
$result = db_query($sql, "The customers could not be retrieved");
while ($myrow=db_fetch($result))