X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fui%2Fui_msgs.inc;h=1319f362014590d1713c84f338b166d2d9be03d5;hb=d859c6081f650d22eba97b13a298b681148d0d6d;hp=8925c030ba4954248e3f88cb9f4876e936281d23;hpb=d567a10b7925c8bb97c734e213d6651a979af29d;p=fa-stable.git

diff --git a/includes/ui/ui_msgs.inc b/includes/ui/ui_msgs.inc
index 8925c030..1319f362 100644
--- a/includes/ui/ui_msgs.inc
+++ b/includes/ui/ui_msgs.inc
@@ -55,7 +55,7 @@ function stock_item_heading($stock_id)
 {
 	if ($stock_id != "") 
 	{
-		$result = db_query("SELECT description, units FROM ".TB_PREF."stock_master WHERE stock_id='$stock_id'");		
+		$result = db_query("SELECT description, units FROM ".TB_PREF."stock_master WHERE stock_id=".db_escape($stock_id));
         $myrow = db_fetch_row($result);
         
     	display_heading("$stock_id - $myrow[0]");