Security sql statements update against sql injection attacks.

[fa-stable.git] / sales / inquiry / customer_inquiry.php

diff --git a/sales/inquiry/customer_inquiry.php b/sales/inquiry/customer_inquiry.php
index 85a8d70da85f158148da96426edd489406d5fb14..f4491e0846c8cb4948ec65c890e7eb0a64e8ce79 100644 (file)
--- a/sales/inquiry/customer_inquiry.php
+++ b/sales/inquiry/customer_inquiry.php
@@ -230,7 +230,7 @@ function check_overdue($row)
                        AND trans.branch_code = branch.branch_code";
 
        if ($_POST['customer_id'] != reserved_words::get_all())
-               $sql .= " AND trans.debtor_no = '" . $_POST['customer_id'] . "'";
+               $sql .= " AND trans.debtor_no = ".db_escape($_POST['customer_id']);
 
        if ($_POST['filterType'] != reserved_words::get_all())
        {