X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fcustomer_payments.php;h=a01bd2896df7df19760a7caa17dc94ce56f54b19;hb=2a42ffb56ef6651b8a136cd89271e65d397d7677;hp=6148985705658fa0f456b5c54b9d4279ff1d89ad;hpb=1ac154437d918ee3a904e16eacbfc3dc476b1fdf;p=fa-stable.git

diff --git a/sales/customer_payments.php b/sales/customer_payments.php
index 61489857..a01bd289 100644
--- a/sales/customer_payments.php
+++ b/sales/customer_payments.php
@@ -204,7 +204,7 @@ function read_customer_data()
 		".TB_PREF."credit_status.dissallow_invoices
 		FROM ".TB_PREF."debtors_master, ".TB_PREF."credit_status
 		WHERE ".TB_PREF."debtors_master.credit_status = ".TB_PREF."credit_status.id
-			AND ".TB_PREF."debtors_master.debtor_no = '" . $_POST['customer_id'] . "'";
+			AND ".TB_PREF."debtors_master.debtor_no = ".db_escape($_POST['customer_id']);
 
 	$result = db_query($sql, "could not query customers");