X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=reporting%2Frep209.php;h=9015a1b2564b35525de8bca02450a0f504e00788;hb=e29ab37ef51f39c200c3772e07eeceef0ce39214;hp=b9a8a049509fd75b3252f9abc339b2bced951cd1;hpb=86e4d1627183fb4d97fe145a5dd33b43b03284ee;p=fa-stable.git

diff --git a/reporting/rep209.php b/reporting/rep209.php
index b9a8a049..9015a1b2 100644
--- a/reporting/rep209.php
+++ b/reporting/rep209.php
@@ -35,7 +35,7 @@ function get_po($order_no)
 		FROM ".TB_PREF."purch_orders, ".TB_PREF."suppliers, ".TB_PREF."locations
 		WHERE ".TB_PREF."purch_orders.supplier_id = ".TB_PREF."suppliers.supplier_id
 		AND ".TB_PREF."locations.loc_code = into_stock_location
-		AND ".TB_PREF."purch_orders.order_no = " . $order_no;
+		AND ".TB_PREF."purch_orders.order_no = ".db_escape($order_no);
    	$result = db_query($sql, "The order cannot be retrieved");
     return db_fetch($result);
 }
@@ -46,7 +46,7 @@ function get_po_details($order_no)
 		FROM ".TB_PREF."purch_order_details
 		LEFT JOIN ".TB_PREF."stock_master
 		ON ".TB_PREF."purch_order_details.item_code=".TB_PREF."stock_master.stock_id
-		WHERE order_no =$order_no ";
+		WHERE order_no =".db_escape($order_no)." ";
 	$sql .= " ORDER BY po_detail_item";
 	return db_query($sql, "Retreive order Line Items");
 }