X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fmanage%2Fitems.php;h=9356e0b11fcc729fb06bed9e1a864f58861b95f7;hb=45a035785b9a820621da56dec93078b3ccd9832e;hp=9d30127725d6b60ffa49b70d2af4ceaa768aca28;hpb=902f1015d874c33bd7946b17de2ad80b4f2144b6;p=fa-stable.git

diff --git a/inventory/manage/items.php b/inventory/manage/items.php
index 9d301277..9356e0b1 100644
--- a/inventory/manage/items.php
+++ b/inventory/manage/items.php
@@ -212,16 +212,16 @@ function check_usage($stock_id, $dispmsg=true)
 {
 	$sqls=  array(
 	"SELECT COUNT(*) FROM "
-		.TB_PREF."stock_moves WHERE stock_id='$stock_id'" =>
+		.TB_PREF."stock_moves WHERE stock_id=".db_escape($stock_id) =>
 	 _('Cannot delete this item because there are stock movements that refer to this item.'),
 	"SELECT COUNT(*) FROM "
-		.TB_PREF."bom WHERE component='$stock_id'"=>
+		.TB_PREF."bom WHERE component=".db_escape($stock_id)=>
 	 _('Cannot delete this item record because there are bills of material that require this part as a component.'),
 	"SELECT COUNT(*) FROM "
-		.TB_PREF."sales_order_details WHERE stk_code='$stock_id'" =>
+		.TB_PREF."sales_order_details WHERE stk_code=".db_escape($stock_id) =>
 	 _('Cannot delete this item because there are existing purchase order items for it.'),
 	"SELECT COUNT(*) FROM "
-		.TB_PREF."purch_order_details WHERE item_code='$stock_id'"=>
+		.TB_PREF."purch_order_details WHERE item_code=".db_escape($stock_id)=>
 	 _('Cannot delete this item because there are existing purchase order items for it.')
 	);