projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security sql statements update against sql injection attacks.
[fa-stable.git] / reporting / rep204.php
diff --git a/reporting/rep204.php b/reporting/rep204.php
index c0efd03486be42fd19ed6a4554ebd22b163e835d..07e84e736ac9487948654a197d6dd5c19f823f92 100644 (file)
--- a/reporting/rep204.php
+++ b/reporting/rep204.php
@@ -49,7 +49,7 @@ function getTransactions($fromsupp)
                AND ".TB_PREF."grn_items.po_detail_item = ".TB_PREF."purch_order_details.po_detail_item
                AND qty_recd-quantity_inv <>0 ";
        if ($fromsupp != reserved_words::get_all_numeric())
-               $sql .= "AND ".TB_PREF."grn_batch.supplier_id ='" . $fromsupp . "' ";
+               $sql .= "AND ".TB_PREF."grn_batch.supplier_id =".db_escape($fromsupp)." ";
        $sql .= "ORDER BY ".TB_PREF."grn_batch.supplier_id,
                        ".TB_PREF."grn_batch.id";
 
FrontAccounting stable branch