X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Finquiry%2Fsales_deliveries_view.php;h=72e6d132da71930d9f5e84a1a0bdb40aa0d3d9c2;hb=8ea6c4dd0d9b31b3456d012b0c94339b801bee0c;hp=9e4a03a66efaf4aa811d9a326087d4d761029a1a;hpb=3ff9ed87cb909f19c8fe3e7dfda5df79d0c01a6c;p=fa-stable.git

diff --git a/sales/inquiry/sales_deliveries_view.php b/sales/inquiry/sales_deliveries_view.php
index 9e4a03a6..72e6d132 100644
--- a/sales/inquiry/sales_deliveries_view.php
+++ b/sales/inquiry/sales_deliveries_view.php
@@ -204,7 +204,8 @@ if ($_POST['OutstandingOnly'] == true) {
 //figure out the sql required from the inputs available
 if (isset($_POST['DeliveryNumber']) && $_POST['DeliveryNumber'] != "")
 {
-	$sql .= " AND trans.trans_no LIKE '%". $_POST['DeliveryNumber'] ."'";
+	$delivery = "%".$_POST['DeliveryNumber'];
+	$sql .= " AND trans.trans_no LIKE ".db_escape($delivery);
  	$sql .= " GROUP BY trans.trans_no";
 }
 else
@@ -213,13 +214,13 @@ else
 	$sql .= " AND trans.tran_date <= '".date2sql($_POST['DeliveryToDate'])."'";
 
 	if ($selected_customer != -1)
-		$sql .= " AND trans.debtor_no='" . $selected_customer . "' ";
+		$sql .= " AND trans.debtor_no=".db_escape($selected_customer)." ";
 
 	if (isset($selected_stock_item))
-		$sql .= " AND line.stock_id='". $selected_stock_item ."' ";
+		$sql .= " AND line.stock_id=".db_escape($selected_stock_item)." ";
 
 	if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT)
-		$sql .= " AND sorder.from_stk_loc = '". $_POST['StockLocation'] . "' ";
+		$sql .= " AND sorder.from_stk_loc = ".db_escape($_POST['StockLocation'])." ";
 
 	$sql .= " GROUP BY trans.trans_no ";