X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=gl%2Finquiry%2Fbank_inquiry.php;h=33112d70d3632651d6d251a00d73ff1677d5414c;hb=a73365128653d7c172874ec53a6da3b4fac69123;hp=ec98d993db5186b332f4b3cab465ba3deb9ebcca;hpb=80dd97a37f674cc3691fa04af4c29607067566b2;p=fa-stable.git

diff --git a/gl/inquiry/bank_inquiry.php b/gl/inquiry/bank_inquiry.php
index ec98d993..33112d70 100644
--- a/gl/inquiry/bank_inquiry.php
+++ b/gl/inquiry/bank_inquiry.php
@@ -59,7 +59,7 @@ $date_to = date2sql($_POST['TransToDate']);
 if (!isset($_POST['bank_account']))
 	$_POST['bank_account'] = "";
 $sql = "SELECT ".TB_PREF."bank_trans.* FROM ".TB_PREF."bank_trans
-	WHERE ".TB_PREF."bank_trans.bank_act = '" . $_POST['bank_account'] . "'
+	WHERE ".TB_PREF."bank_trans.bank_act = ".db_escape($_POST['bank_account']) . "
 	AND trans_date >= '$date_after'
 	AND trans_date <= '$date_to'
 	ORDER BY trans_date,".TB_PREF."bank_trans.id";
@@ -76,7 +76,8 @@ $th = array(_("Type"), _("#"), _("Reference"), _("Date"),
 	_("Debit"), _("Credit"), _("Balance"), _("Person/Item"), "");
 table_header($th);
 
-$sql = "SELECT SUM(amount) FROM ".TB_PREF."bank_trans WHERE bank_act='" . $_POST['bank_account'] . "'
+$sql = "SELECT SUM(amount) FROM ".TB_PREF."bank_trans WHERE bank_act="
+	.db_escape($_POST['bank_account']) . "
 	AND trans_date < '$date_after'";
 $before_qty = db_query($sql, "The starting balance on hand could not be calculated");