projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security sql statements update against sql injection attacks.
[fa-stable.git] / sales / manage / credit_status.php
diff --git a/sales/manage/credit_status.php b/sales/manage/credit_status.php
index 8d9400cc886a81757263a7f5b6722137d5b7d95c..998da84b66927883802c8760e9ab289468cd32fd 100644 (file)
--- a/sales/manage/credit_status.php
+++ b/sales/manage/credit_status.php
@@ -59,7 +59,7 @@ if ($Mode=='UPDATE_ITEM' && can_process())
 function can_delete($selected_id)
 {
        $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master 
-               WHERE credit_status=$selected_id";
+               WHERE credit_status=".db_escape($selected_id);
        $result = db_query($sql, "could not query customers");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0) 
FrontAccounting stable branch