Security update merged from 2.1.

[fa-stable.git] / sales / manage / sales_types.php

diff --git a/sales/manage/sales_types.php b/sales/manage/sales_types.php
index 75a504fa5c70a835abf91f2f30af8c7f5377818e..4d9d1f08a54a753940613792eabd3f56d4643bfb 100644 (file)
--- a/sales/manage/sales_types.php
+++ b/sales/manage/sales_types.php
@@ -66,7 +66,7 @@ if ($Mode == 'Delete')
 {
        // PREVENT DELETES IF DEPENDENT RECORDS IN 'debtor_trans'
 
-       $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE tpe='$selected_id'";
+       $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE tpe=".db_escape($selected_id);
        $result = db_query($sql,"check failed");
        check_db_error("The number of transactions using this Sales type record could not be retrieved", $sql);
 
@@ -79,7 +79,7 @@ if ($Mode == 'Delete')
        else
        {
 
-               $sql = "SELECT COUNT(*) FROM ".TB_PREF."debtors_master WHERE sales_type='$selected_id'";
+               $sql = "SELECT COUNT(*) FROM ".TB_PREF."debtors_master WHERE sales_type=".db_escape($selected_id);
                $result = db_query($sql,"check failed");
                check_db_error("The number of customers using this Sales type record could not be retrieved", $sql);