projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security update merged from 2.1.
[fa-stable.git] / sales / customer_payments.php
diff --git a/sales/customer_payments.php b/sales/customer_payments.php
index 6148985705658fa0f456b5c54b9d4279ff1d89ad..a01bd2896df7df19760a7caa17dc94ce56f54b19 100644 (file)
--- a/sales/customer_payments.php
+++ b/sales/customer_payments.php
@@ -204,7 +204,7 @@ function read_customer_data()
                ".TB_PREF."credit_status.dissallow_invoices
                FROM ".TB_PREF."debtors_master, ".TB_PREF."credit_status
                WHERE ".TB_PREF."debtors_master.credit_status = ".TB_PREF."credit_status.id
-                       AND ".TB_PREF."debtors_master.debtor_no = '" . $_POST['customer_id'] . "'";
+                       AND ".TB_PREF."debtors_master.debtor_no = ".db_escape($_POST['customer_id']);
 
        $result = db_query($sql, "could not query customers");
 
FrontAccounting stable branch