X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fcost_update.php;h=e268f360dbdcdca8d6200bf88d087a57ab98b36d;hb=af78fbb535a6fedbc2eb70a26ddc39739be2b986;hp=bfaf0f33b986a957604e2ea714f35fa5a20f430c;hpb=80dd97a37f674cc3691fa04af4c29607067566b2;p=fa-stable.git

diff --git a/inventory/cost_update.php b/inventory/cost_update.php
index bfaf0f33..e268f360 100644
--- a/inventory/cost_update.php
+++ b/inventory/cost_update.php
@@ -91,7 +91,7 @@ set_global_stock_item($_POST['stock_id']);
 $sql = "SELECT description, units, material_cost, labour_cost,
 	overhead_cost, mb_flag
 	FROM ".TB_PREF."stock_master
-	WHERE stock_id='" . $_POST['stock_id'] . "'
+	WHERE stock_id=".db_escape($_POST['stock_id']) . "
 	GROUP BY description, units, material_cost, labour_cost, overhead_cost, mb_flag";
 $result = db_query($sql);
 check_db_error("The cost details for the item could not be retrieved", $sql);