X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=reporting%2Frep101.php;h=772d33f0cc6aec6a0199746f284dec5ed74a3c25;hb=45a035785b9a820621da56dec93078b3ccd9832e;hp=c57ab3aebe36c7ae45001a9e6ef9e6e1ce6d9b93;hpb=98c3d4786f920b0fbbc415343fe69e9fb69ea995;p=fa-stable.git

diff --git a/reporting/rep101.php b/reporting/rep101.php
index c57ab3ae..772d33f0 100644
--- a/reporting/rep101.php
+++ b/reporting/rep101.php
@@ -59,7 +59,7 @@ function get_open_balance($debtorno, $to, $convert)
     $sql .= ")) AS OutStanding
 		FROM ".TB_PREF."debtor_trans
     	WHERE ".TB_PREF."debtor_trans.tran_date < '$to'
-		AND ".TB_PREF."debtor_trans.debtor_no = '$debtorno'
+		AND ".TB_PREF."debtor_trans.debtor_no = ".db_escape($debtorno)."
 		AND ".TB_PREF."debtor_trans.type <> ".ST_CUSTDELIVERY." GROUP BY debtor_no";
 
     $result = db_query($sql,"No transactions were returned");
@@ -80,7 +80,7 @@ function get_transactions($debtorno, $from, $to)
     	FROM ".TB_PREF."debtor_trans
     	WHERE ".TB_PREF."debtor_trans.tran_date >= '$from'
 		AND ".TB_PREF."debtor_trans.tran_date <= '$to'
-		AND ".TB_PREF."debtor_trans.debtor_no = '$debtorno'
+		AND ".TB_PREF."debtor_trans.debtor_no = ".db_escape($debtorno)."
 		AND ".TB_PREF."debtor_trans.type <> ".ST_CUSTDELIVERY."
     	ORDER BY ".TB_PREF."debtor_trans.tran_date";
 
@@ -140,8 +140,8 @@ function print_customer_balances()
 
 	$sql = "SELECT debtor_no, name, curr_code FROM ".TB_PREF."debtors_master ";
 	if ($fromcust != ALL_NUMERIC)
-		$sql .= "WHERE debtor_no=$fromcust ";
-	$sql .= "ORDER BY name";
+		$sql .= "WHERE debtor_no=".db_escape($fromcust);
+	$sql .= " ORDER BY name";
 	$result = db_query($sql, "The customers could not be retrieved");
 
 	while ($myrow = db_fetch($result))