X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Fpo_entry_items.php;h=988c90faf3a1b15af98e82d0c8eb5af3af9484cb;hb=b42c1c9bab4d4b210be10523582c4c1b06a9b4e1;hp=a5f4b7d59e9f2e7919a03b134c18b71b0bbe067b;hpb=80dd97a37f674cc3691fa04af4c29607067566b2;p=fa-stable.git

diff --git a/purchasing/po_entry_items.php b/purchasing/po_entry_items.php
index a5f4b7d5..988c90fa 100644
--- a/purchasing/po_entry_items.php
+++ b/purchasing/po_entry_items.php
@@ -24,11 +24,11 @@ if ($use_date_picker)
 
 if (isset($_GET['ModifyOrderNumber'])) 
 {
-	page(_("Modify Purchase Order #") . $_GET['ModifyOrderNumber'], false, false, "", $js);
+	page(_($help_context = "Modify Purchase Order #") . $_GET['ModifyOrderNumber'], false, false, "", $js);
 } 
 else 
 {
-	page(_("Purchase Order Entry"), false, false, "", $js);
+	page(_($help_context = "Purchase Order Entry"), false, false, "", $js);
 }
 
 //---------------------------------------------------------------------------------------------------
@@ -228,7 +228,7 @@ function handle_add_new_item()
 		if ($allow_update == true)
 		{
 		   	$sql = "SELECT description, units, mb_flag
-				FROM ".TB_PREF."stock_master WHERE stock_id = '". $_POST['stock_id'] . "'";
+				FROM ".TB_PREF."stock_master WHERE stock_id = ".db_escape($_POST['stock_id']);
 
 		    $result = db_query($sql,"The stock details for " . $_POST['stock_id'] . " could not be retrieved");