projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security sql statements update against sql injection attacks.
[fa-stable.git] / reporting / rep501.php
diff --git a/reporting/rep501.php b/reporting/rep501.php
index b697925f1f87654b8c6d232db434d91a46085a97..0435dafb1a3947a6624deba259db7fe55024dd8f 100644 (file)
--- a/reporting/rep501.php
+++ b/reporting/rep501.php
@@ -32,8 +32,8 @@ function getTransactions($from, $to)
        $sql = "SELECT *
                FROM
                        ".TB_PREF."dimensions
-               WHERE reference >= '$from'
-               AND reference <= '$to'
+               WHERE reference >= ".db_escape($from)."
+               AND reference <= ".db_escape($to)."
                ORDER BY
                        reference";
 
FrontAccounting stable branch