X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Finquiry%2Fcustomer_allocation_inquiry.php;h=e0567644d21e086ab085b3d3f6c21e170ffeade7;hb=e29ab37ef51f39c200c3772e07eeceef0ce39214;hp=325d848ffd82b5a76cb8f5d3afe8dda68186ee85;hpb=7d9fe15f85c15572535c5fa4555b9a72e9d93f04;p=fa-stable.git

diff --git a/sales/inquiry/customer_allocation_inquiry.php b/sales/inquiry/customer_allocation_inquiry.php
index 325d848f..e0567644 100644
--- a/sales/inquiry/customer_allocation_inquiry.php
+++ b/sales/inquiry/customer_allocation_inquiry.php
@@ -159,7 +159,7 @@ function fmt_credit($row)
     		AND trans.tran_date <= '$date_to'";
 
    	if ($_POST['customer_id'] != reserved_words::get_all())
-   		$sql .= " AND trans.debtor_no = '" . $_POST['customer_id'] . "'";
+   		$sql .= " AND trans.debtor_no = ".db_escape($_POST['customer_id']);
 
    	if (isset($_POST['filterType']) && $_POST['filterType'] != reserved_words::get_all())
    	{