X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fcost_update.php;h=1c05c3bbecffd04dbf38e8af870aefb747c1ea11;hb=1760750c302521293d3d7403dc8d69d8c4cf7c2c;hp=bfaf0f33b986a957604e2ea714f35fa5a20f430c;hpb=80dd97a37f674cc3691fa04af4c29607067566b2;p=fa-stable.git

diff --git a/inventory/cost_update.php b/inventory/cost_update.php
index bfaf0f33..1c05c3bb 100644
--- a/inventory/cost_update.php
+++ b/inventory/cost_update.php
@@ -23,7 +23,7 @@ include_once($path_to_root . "/inventory/includes/inventory_db.inc");
 $js = "";
 if ($use_popup_windows)
 	$js .= get_js_open_window(900, 500);
-page(_("Inventory Item Cost Update"), false, false, "", $js);
+page(_($help_context = "Inventory Item Cost Update"), false, false, "", $js);
 
 //--------------------------------------------------------------------------------------
 
@@ -91,7 +91,7 @@ set_global_stock_item($_POST['stock_id']);
 $sql = "SELECT description, units, material_cost, labour_cost,
 	overhead_cost, mb_flag
 	FROM ".TB_PREF."stock_master
-	WHERE stock_id='" . $_POST['stock_id'] . "'
+	WHERE stock_id=".db_escape($_POST['stock_id']) . "
 	GROUP BY description, units, material_cost, labour_cost, overhead_cost, mb_flag";
 $result = db_query($sql);
 check_db_error("The cost details for the item could not be retrieved", $sql);