X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=reporting%2Frep105.php;h=4b6a086cc55b00166070f36d650eeac56d3425d0;hb=303eb17e9cdd9702eee9fdfcaee51e654a1da541;hp=dd535b9858b4b23cb993b9c05ffd636349b1a58b;hpb=ddadb47f2620ce6902ad4694ce6512568862ba05;p=fa-stable.git

diff --git a/reporting/rep105.php b/reporting/rep105.php
index dd535b98..4b6a086c 100644
--- a/reporting/rep105.php
+++ b/reporting/rep105.php
@@ -57,11 +57,11 @@ function GetSalesOrders($from, $to, $category=0, $location=null, $backorder=0)
             WHERE ".TB_PREF."sales_orders.ord_date >='$fromdate'
                 AND ".TB_PREF."sales_orders.ord_date <='$todate'";
 	if ($category > 0)
-		$sql .= " AND ".TB_PREF."stock_master.category_id=$category";
+		$sql .= " AND ".TB_PREF."stock_master.category_id=".db_escape($category);
 	if ($location != null)
-		$sql .= " AND ".TB_PREF."sales_orders.from_stk_loc='$location'";
+		$sql .= " AND ".TB_PREF."sales_orders.from_stk_loc=".db_escape($location);
 	if ($backorder)
-		$sql .= "AND ".TB_PREF."sales_order_details.quantity - ".TB_PREF."sales_order_details.qty_sent > 0";
+		$sql .= " AND ".TB_PREF."sales_order_details.quantity - ".TB_PREF."sales_order_details.qty_sent > 0";
 	$sql .= " ORDER BY ".TB_PREF."sales_orders.order_no";
 
 	return db_query($sql, "Error getting order details");