X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=reporting%2Frep104.php;h=de7d5400bc1d9edb24fecfc85d5c5e0aeb5261d4;hb=e29ab37ef51f39c200c3772e07eeceef0ce39214;hp=42eed72221a47de131e3e05ce6171b0fd705220d;hpb=7d9fe15f85c15572535c5fa4555b9a72e9d93f04;p=fa-stable.git

diff --git a/reporting/rep104.php b/reporting/rep104.php
index 42eed722..de7d5400 100644
--- a/reporting/rep104.php
+++ b/reporting/rep104.php
@@ -40,7 +40,7 @@ function fetch_items($category=0)
 				".TB_PREF."stock_category
 			WHERE ".TB_PREF."stock_master.category_id=".TB_PREF."stock_category.category_id";
 		if ($category != 0)
-			$sql .= " AND ".TB_PREF."stock_category.category_id = '$category'";
+			$sql .= " AND ".TB_PREF."stock_category.category_id = ".db_escape($category);
 		$sql .= " ORDER BY ".TB_PREF."stock_master.category_id,
 				".TB_PREF."stock_master.stock_id";
 
@@ -57,7 +57,7 @@ function get_kits($category=0)
 			ON i.category_id=c.category_id";
 	$sql .=	" WHERE !i.is_foreign AND i.item_code!=i.stock_id";
 	if ($category != 0)
-		$sql .= " AND c.category_id = '$category'";
+		$sql .= " AND c.category_id = ".db_escape($category);
 	$sql .= " GROUP BY i.item_code";
     return db_query($sql,"No kits were returned");
 }