X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fui%2Fui_msgs.inc;h=1319f362014590d1713c84f338b166d2d9be03d5;hb=5d3fcb9c57e586c20651594edf91a2dccb08df00;hp=a0c1aff4252b960cfdaf7c6b9342dc15cd2bf989;hpb=c09be0dad6b05131e240349a375af7a4b7bf3444;p=fa-stable.git

diff --git a/includes/ui/ui_msgs.inc b/includes/ui/ui_msgs.inc
index a0c1aff4..1319f362 100644
--- a/includes/ui/ui_msgs.inc
+++ b/includes/ui/ui_msgs.inc
@@ -1,5 +1,14 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 function display_error($msg, $center=true)
 {
 	trigger_error($msg, E_USER_ERROR);
@@ -46,7 +55,7 @@ function stock_item_heading($stock_id)
 {
 	if ($stock_id != "") 
 	{
-		$result = db_query("SELECT description, units FROM ".TB_PREF."stock_master WHERE stock_id='$stock_id'");		
+		$result = db_query("SELECT description, units FROM ".TB_PREF."stock_master WHERE stock_id=".db_escape($stock_id));
         $myrow = db_fetch_row($result);
         
     	display_heading("$stock_id - $myrow[0]");