AND ".TB_PREF."grn_items.po_detail_item = ".TB_PREF."purch_order_details.po_detail_item
AND qty_recd-quantity_inv <>0 ";
if ($fromsupp != reserved_words::get_all_numeric())
- $sql .= "AND ".TB_PREF."grn_batch.supplier_id ='" . $fromsupp . "' ";
+ $sql .= "AND ".TB_PREF."grn_batch.supplier_id =".db_escape($fromsupp)." ";
$sql .= "ORDER BY ".TB_PREF."grn_batch.supplier_id,
".TB_PREF."grn_batch.id";