Security update merged from 2.1.
[fa-stable.git] / sales / manage / credit_status.php
index 097956b7de2dce13fee9f0a75cce1676045e6533..8bc3683ca6c8215570f67f7ddf32d5ba490b3676 100644 (file)
@@ -59,7 +59,7 @@ if ($Mode=='UPDATE_ITEM' && can_process())
 function can_delete($selected_id)
 {
        $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master 
-               WHERE credit_status=$selected_id";
+               WHERE credit_status=".db_escape($selected_id);
        $result = db_query($sql, "could not query customers");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0)