X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Fsupplier_credit.php;h=c20abbcd38d7b56cbda1c49f16abc4be4af0d8c9;hb=8ea6c4dd0d9b31b3456d012b0c94339b801bee0c;hp=319bab0bb1acf583fec8d99a4198668a47bc718e;hpb=3ff9ed87cb909f19c8fe3e7dfda5df79d0c01a6c;p=fa-stable.git

diff --git a/purchasing/supplier_credit.php b/purchasing/supplier_credit.php
index 319bab0b..c20abbcd 100644
--- a/purchasing/supplier_credit.php
+++ b/purchasing/supplier_credit.php
@@ -97,7 +97,7 @@ if (isset($_POST['AddGLCodeToTrans'])){
 	$Ajax->activate('gl_items');
 	$input_error = false;
 
-	$sql = "SELECT account_code, account_name FROM ".TB_PREF."chart_master WHERE account_code='" . $_POST['gl_code'] . "'";
+	$sql = "SELECT account_code, account_name FROM ".TB_PREF."chart_master WHERE account_code=".db_escape($_POST['gl_code']);
 	$result = db_query($sql,"get account information");
 	if (db_num_rows($result) == 0)
 	{