X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=purchasing%2Fsupplier_invoice.php;h=afa2df18da28a0a573c37f9205c2c238e10f9381;hb=8ea6c4dd0d9b31b3456d012b0c94339b801bee0c;hp=15a6529f1667438d4cb72d32503b4779ac153ef6;hpb=3ff9ed87cb909f19c8fe3e7dfda5df79d0c01a6c;p=fa-stable.git

diff --git a/purchasing/supplier_invoice.php b/purchasing/supplier_invoice.php
index 15a6529f..afa2df18 100644
--- a/purchasing/supplier_invoice.php
+++ b/purchasing/supplier_invoice.php
@@ -99,7 +99,7 @@ if (isset($_POST['AddGLCodeToTrans'])){
 	$Ajax->activate('gl_items');
 	$input_error = false;
 
-	$sql = "SELECT account_code, account_name FROM ".TB_PREF."chart_master WHERE account_code='" . $_POST['gl_code'] . "'";
+	$sql = "SELECT account_code, account_name FROM ".TB_PREF."chart_master WHERE account_code=".db_escape($_POST['gl_code']);
 	$result = db_query($sql,"get account information");
 	if (db_num_rows($result) == 0)
 	{
@@ -186,10 +186,10 @@ function check_data()
 		return false;
 	}
 
-	$sql = "SELECT Count(*) FROM ".TB_PREF."supp_trans WHERE supplier_id='" 
-		. $_SESSION['supp_trans']->supplier_id . "' AND supp_reference='" 
-		. $_POST['supp_reference'] 
-		. "' AND ov_amount!=0"; // ignore voided invoice references
+	$sql = "SELECT Count(*) FROM ".TB_PREF."supp_trans WHERE supplier_id="
+		.db_escape($_SESSION['supp_trans']->supplier_id) . " AND supp_reference=" 
+		.db_escape( $_POST['supp_reference']) 
+		. " AND ov_amount!=0"; // ignore voided invoice references
 
 	$result=db_query($sql,"The sql to check for the previous entry of the same invoice failed");