Security update merged from 2.1.

[fa-stable.git] / sales / inquiry / customer_allocation_inquiry.php

diff --git a/sales/inquiry/customer_allocation_inquiry.php b/sales/inquiry/customer_allocation_inquiry.php
index 252e961154d203d08386a0b17d575e2eca3e0704..fae2ad0ff7c0c840558e3b3f1bef71d75e9e22e9 100644 (file)
--- a/sales/inquiry/customer_allocation_inquiry.php
+++ b/sales/inquiry/customer_allocation_inquiry.php
@@ -161,7 +161,7 @@ function fmt_credit($row)
                AND trans.tran_date <= '$date_to'";
 
        if ($_POST['customer_id'] != ALL_TEXT)
-               $sql .= " AND trans.debtor_no = '" . $_POST['customer_id'] . "'";
+               $sql .= " AND trans.debtor_no = ".db_escape($_POST['customer_id']);
 
        if (isset($_POST['filterType']) && $_POST['filterType'] != ALL_TEXT)
        {