X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=reporting%2Frep302.php;h=d4f29975d496045d7842e5a5cc7b16f40d78f346;hb=e29ab37ef51f39c200c3772e07eeceef0ce39214;hp=e92c27c5ff4a5fc4249f40c28861e55c86f828b8;hpb=7d9fe15f85c15572535c5fa4555b9a72e9d93f04;p=fa-stable.git

diff --git a/reporting/rep302.php b/reporting/rep302.php
index e92c27c5..d4f29975 100644
--- a/reporting/rep302.php
+++ b/reporting/rep302.php
@@ -44,9 +44,9 @@ function getTransactions($category, $location)
 		WHERE ".TB_PREF."stock_master.category_id=".TB_PREF."stock_category.category_id
 		AND (".TB_PREF."stock_master.mb_flag='B' OR ".TB_PREF."stock_master.mb_flag='M')";
 	if ($category != 0)
-		$sql .= " AND ".TB_PREF."stock_master.category_id = '$category'";
+		$sql .= " AND ".TB_PREF."stock_master.category_id = ".db_escape($category);
 	if ($location != 'all')
-		$sql .= " AND IF(".TB_PREF."stock_moves.stock_id IS NULL, '1=1',".TB_PREF."stock_moves.loc_code = '$location')";
+		$sql .= " AND IF(".TB_PREF."stock_moves.stock_id IS NULL, '1=1',".TB_PREF."stock_moves.loc_code = ".db_escape($location).")";
 	$sql .= " GROUP BY ".TB_PREF."stock_master.category_id,
 		".TB_PREF."stock_category.description,
 		".TB_PREF."stock_master.stock_id,