X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=inline;f=purchasing%2Finquiry%2Fsupplier_allocation_inquiry.php;h=0a5c65d8f0f5e88ac12985571d7cf543374f728a;hb=8ea6c4dd0d9b31b3456d012b0c94339b801bee0c;hp=89383141a161f41b3561143d6e6d8e0fa2a4a697;hpb=f0f460043b9bcb6153c0f6f82d4a74433efe4ad8;p=fa-stable.git

diff --git a/purchasing/inquiry/supplier_allocation_inquiry.php b/purchasing/inquiry/supplier_allocation_inquiry.php
index 89383141..0a5c65d8 100644
--- a/purchasing/inquiry/supplier_allocation_inquiry.php
+++ b/purchasing/inquiry/supplier_allocation_inquiry.php
@@ -142,8 +142,9 @@ function fmt_credit($row)
     	WHERE supplier.supplier_id = trans.supplier_id
      	AND trans.tran_date >= '$date_after'
     	AND trans.tran_date <= '$date_to'";
+
    	if ($_POST['supplier_id'] != ALL_TEXT)
-   		$sql .= " AND trans.supplier_id = '" . $_POST['supplier_id'] . "'";
+   		$sql .= " AND trans.supplier_id = ".db_escape($_POST['supplier_id']);
    	if (isset($_POST['filterType']) && $_POST['filterType'] != ALL_TEXT)
    	{
    		if (($_POST['filterType'] == '1') || ($_POST['filterType'] == '2'))