Security sql statements update against sql injection attacks.
[fa-stable.git] / sales / manage / credit_status.php
index 8d9400cc886a81757263a7f5b6722137d5b7d95c..998da84b66927883802c8760e9ab289468cd32fd 100644 (file)
@@ -59,7 +59,7 @@ if ($Mode=='UPDATE_ITEM' && can_process())
 function can_delete($selected_id)
 {
        $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master 
-               WHERE credit_status=$selected_id";
+               WHERE credit_status=".db_escape($selected_id);
        $result = db_query($sql, "could not query customers");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0)