X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Fincludes%2Fdb%2Fpo_db.inc;h=cb2a1e49cfeca3cd93e2a8af32575a2f5023e415;hb=8859355ebe0888580acdc194edc121fbcc03b72b;hp=b8ef5ada4410aad4dfd63f4c2c070ea61edece0e;hpb=83d7715f9571cc167be7d54b7f4807ec19d7aa5c;p=fa-stable.git

diff --git a/purchasing/includes/db/po_db.inc b/purchasing/includes/db/po_db.inc
index b8ef5ada..cb2a1e49 100644
--- a/purchasing/includes/db/po_db.inc
+++ b/purchasing/includes/db/po_db.inc
@@ -19,7 +19,7 @@ function add_po(&$po_obj)
 
      /*Insert to purchase order header record */
      $sql = "INSERT INTO ".TB_PREF."purch_orders (supplier_id, Comments, ord_date, reference, requisition_no, into_stock_location, delivery_address) VALUES(";
-     $sql .= "' ". $po_obj->supplier_id . "'," .
+     $sql .= db_escape($po_obj->supplier_id) . "," .
          db_escape($po_obj->Comments) . ",'" .
          date2sql($po_obj->orig_order_date) . "', '" .
 		 $po_obj->reference . "', " .
@@ -64,7 +64,7 @@ function update_po(&$po_obj)
 
     /*Update the purchase order header with any changes */
     $sql = "UPDATE ".TB_PREF."purch_orders SET Comments=" . db_escape($po_obj->Comments) . ",
-		requisition_no= " db_escape(. $po_obj->requisition_no). ",
+		requisition_no= ". db_escape( $po_obj->requisition_no). ",
 		into_stock_location=" . db_escape($po_obj->Location). ",
 		ord_date='" . date2sql($po_obj->orig_order_date) . "',
 		delivery_address=" . db_escape($po_obj->delivery_address);