projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security sql statements update against sql injection attacks.
[fa-stable.git] / reporting / rep301.php
diff --git a/reporting/rep301.php b/reporting/rep301.php
index 2b18d24b2cc477ee0d8068fe610cd932c28e5d88..a576b0f0d0110e4fc7a210667639b4eddbbcd8b5 100644 (file)
--- a/reporting/rep301.php
+++ b/reporting/rep301.php
@@ -52,9 +52,9 @@ function getTransactions($category, $location)
                        ".TB_PREF."stock_master.description
                HAVING SUM(".TB_PREF."stock_moves.qty) != 0";
                if ($category != 0)
-                       $sql .= " AND ".TB_PREF."stock_master.category_id = '$category'";
+                       $sql .= " AND ".TB_PREF."stock_master.category_id = ".db_escape($category);
                if ($location != 'all')
-                       $sql .= " AND ".TB_PREF."stock_moves.loc_code = '$location'";
+                       $sql .= " AND ".TB_PREF."stock_moves.loc_code = ".db_escape($location);
                $sql .= " ORDER BY ".TB_PREF."stock_master.category_id,
                        ".TB_PREF."stock_master.stock_id";
 
FrontAccounting stable branch