X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fview_print_transaction.php;h=3969418151680e4e5941a15115909e8e4f47506c;hb=45a035785b9a820621da56dec93078b3ccd9832e;hp=90943fe75bb00647eba2504920cf33afe8ebfaab;hpb=f0f460043b9bcb6153c0f6f82d4a74433efe4ad8;p=fa-stable.git diff --git a/admin/view_print_transaction.php b/admin/view_print_transaction.php index 90943fe7..39694181 100644 --- a/admin/view_print_transaction.php +++ b/admin/view_print_transaction.php @@ -109,11 +109,11 @@ function handle_search() $sql .= " ,$trans_ref "; $sql .= ", ".$_POST['filterType']." as type FROM $table_name - WHERE $trans_no_name >= " . $_POST['FromTransNo']. " - AND $trans_no_name <= " . $_POST['ToTransNo']; + WHERE $trans_no_name >= ".db_escape($_POST['FromTransNo']). " + AND $trans_no_name <= ".db_escape($_POST['ToTransNo']); if ($type_name != null) - $sql .= " AND `$type_name` = " . $_POST['filterType']; + $sql .= " AND `$type_name` = ".db_escape($_POST['filterType']); $sql .= " ORDER BY $trans_no_name";