Databse INSERT/UPDATE secured against db javscript injection

[fa-stable.git] / sales / sales_order_entry.php

diff --git a/sales/sales_order_entry.php b/sales/sales_order_entry.php
index 16098b0f1b8744eb5b10aed975035fdb60c028d0..25d381a4004561b7b8916f48b0f328e8a0e9fa78 100644 (file)
--- a/sales/sales_order_entry.php
+++ b/sales/sales_order_entry.php
@@ -135,7 +135,7 @@ function copy_to_cart()
        if ($cart->trans_type!=30) {
                $cart->reference = $_POST['ref'];
        }
-       $cart->Comments =  str_replace("'", "\\'", $_POST['Comments']);
+       $cart->Comments =  $_POST['Comments'];
 
        $cart->document_date = $_POST['OrderDate'];
        $cart->due_date = $_POST['delivery_date'];