Security update merged from 2.1.

[fa-stable.git] / reporting / rep203.php

diff --git a/reporting/rep203.php b/reporting/rep203.php
index 91fdfde62b5356cc9f1a287ef13532ecf0a132b2..27eef02b5dd538a10c2975d8f47bdf98dbe7b6e0 100644 (file)
--- a/reporting/rep203.php
+++ b/reporting/rep203.php
@@ -104,7 +104,7 @@ function print_payment_report()
        $sql = "SELECT supplier_id, supp_name AS name, curr_code, ".TB_PREF."payment_terms.terms FROM ".TB_PREF."suppliers, ".TB_PREF."payment_terms
                WHERE ";
        if ($fromsupp != ALL_NUMERIC)
-               $sql .= "supplier_id=$fromsupp AND ";
+               $sql .= "supplier_id=".db_escape($fromsupp)." AND ";
        $sql .= "".TB_PREF."suppliers.payment_terms = ".TB_PREF."payment_terms.terms_indicator
                ORDER BY supp_name";
        $result = db_query($sql, "The customers could not be retrieved");