X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=purchasing%2Fpo_receive_items.php;h=1c6e6d627a0280aff0a50deafff18578e7160f5b;hb=510d6e1925c4d1621ae3efd85e117cc9bb4320f0;hp=601e5d5f0458f83e388be565080646e0343b9c06;hpb=ddadb47f2620ce6902ad4694ce6512568862ba05;p=fa-stable.git

diff --git a/purchasing/po_receive_items.php b/purchasing/po_receive_items.php
index 601e5d5f..1c6e6d62 100644
--- a/purchasing/po_receive_items.php
+++ b/purchasing/po_receive_items.php
@@ -121,7 +121,7 @@ function check_po_changed()
 	// Otherwise if you try to fullfill item quantities separately will give error.
 	$sql = "SELECT item_code, quantity_ordered, quantity_received, qty_invoiced
 		FROM ".TB_PREF."purch_order_details
-		WHERE order_no=" . $_SESSION['PO']->order_no 
+		WHERE order_no=".db_escape($_SESSION['PO']->order_no)
 		." ORDER BY po_detail_item";
 
 	$result = db_query($sql, "could not query purch order details");