X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Fincludes%2Fdb%2Finvoice_items_db.inc;h=621309bb0464dcb21bd2d1171c008d3e784fc53e;hb=e28f3fe01f168d761393ce2f10409284eef2adb4;hp=18ff4aa9ba37f609783d7f5f2a73c5ebd29e5e8d;hpb=5ac511e332a157799a38f2f7f00e99fabbf64b02;p=fa-stable.git

diff --git a/purchasing/includes/db/invoice_items_db.inc b/purchasing/includes/db/invoice_items_db.inc
index 18ff4aa9..621309bb 100644
--- a/purchasing/includes/db/invoice_items_db.inc
+++ b/purchasing/includes/db/invoice_items_db.inc
@@ -8,8 +8,9 @@ function add_supp_invoice_item($supp_trans_type, $supp_trans_no, $stock_id, $des
 {
 	$sql = "INSERT INTO ".TB_PREF."supp_invoice_items (supp_trans_type, supp_trans_no, stock_id, description, gl_code, unit_price, unit_tax, quantity,
 	  	grn_item_id, po_detail_item_id, memo_) ";
-	$sql .= "VALUES ($supp_trans_type, $supp_trans_no, '$stock_id', '$description', '$gl_code', $unit_price, $unit_tax, $quantity,
-		$grn_item_id, $po_detail_item_id, '$memo_')";
+	$sql .= "VALUES ($supp_trans_type, $supp_trans_no, ".db_escape($stock_id).
+	", ".db_escape($description).", ".db_escape($gl_code).", $unit_price, $unit_tax, $quantity,
+		$grn_item_id, $po_detail_item_id, ".db_escape($memo_).")";
 
 	if ($err_msg == "")
 		$err_msg = "Cannot insert a supplier transaction detail record";