X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=gl%2Fmanage%2Fexchange_rates.php;h=0127b40be7fa6212bd3b7ff8aaac7aacc98a470e;hb=510d6e1925c4d1621ae3efd85e117cc9bb4320f0;hp=e7a7f574cfa92f7a39072add3c6f0d5705e8cb76;hpb=f0f460043b9bcb6153c0f6f82d4a74433efe4ad8;p=fa-stable.git

diff --git a/gl/manage/exchange_rates.php b/gl/manage/exchange_rates.php
index e7a7f574..0127b40b 100644
--- a/gl/manage/exchange_rates.php
+++ b/gl/manage/exchange_rates.php
@@ -186,7 +186,7 @@ set_global_curr_code($_POST['curr_abrev']);
 
 $sql = "SELECT date_, rate_buy, id FROM "
 	.TB_PREF."exchange_rates "
-	."WHERE curr_code='".$_POST['curr_abrev']."'
+	."WHERE curr_code=".db_escape($_POST['curr_abrev'])."
 	 ORDER BY date_ DESC";
 
 $cols = array(