X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fview%2Fview_sales_order.php;h=8120332b5d265dc84a94268deb9e3bf16c72f002;hb=8ea6c4dd0d9b31b3456d012b0c94339b801bee0c;hp=352b68234a28dd0b23c0aa532aeb5cd6d4d64d98;hpb=3ff9ed87cb909f19c8fe3e7dfda5df79d0c01a6c;p=fa-stable.git

diff --git a/sales/view/view_sales_order.php b/sales/view/view_sales_order.php
index 352b6823..8120332b 100644
--- a/sales/view/view_sales_order.php
+++ b/sales/view/view_sales_order.php
@@ -90,10 +90,11 @@ if ($_GET['trans_type'] != ST_SALESQUOTE)
 	start_table($table_style);
 	display_heading2(_("Delivery Notes"));
 
+
 	$th = array(_("#"), _("Ref"), _("Date"), _("Total"));
 	table_header($th);
 
-	$sql = "SELECT * FROM ".TB_PREF."debtor_trans WHERE type=".ST_CUSTDELIVERY." AND order_=" . $_GET['trans_no'];
+	$sql = "SELECT * FROM ".TB_PREF."debtor_trans WHERE type=".ST_CUSTDELIVERY." AND order_=".db_escape($_GET['trans_no']);
 	$result = db_query($sql,"The related delivery notes could not be retreived");
 
 	$delivery_total = 0;
@@ -126,7 +127,7 @@ if ($_GET['trans_type'] != ST_SALESQUOTE)
 	$th = array(_("#"), _("Ref"), _("Date"), _("Total"));
 	table_header($th);
 
-	$sql = "SELECT * FROM ".TB_PREF."debtor_trans WHERE type=".ST_SALESINVOICE." AND order_=" . $_GET['trans_no'];
+	$sql = "SELECT * FROM ".TB_PREF."debtor_trans WHERE type=".ST_SALESINVOICE." AND order_=".db_escape($_GET['trans_no']);
 	$result = db_query($sql,"The related invoices could not be retreived");
 
 	$invoices_total = 0;
@@ -158,7 +159,7 @@ if ($_GET['trans_type'] != ST_SALESQUOTE)
 	$th = array(_("#"), _("Ref"), _("Date"), _("Total"));
 	table_header($th);
 
-	$sql = "SELECT * FROM ".TB_PREF."debtor_trans WHERE type=".ST_CUSTCREDIT." AND order_=" . $_GET['trans_no'];
+	$sql = "SELECT * FROM ".TB_PREF."debtor_trans WHERE type=".ST_CUSTCREDIT." AND order_=".db_escape($_GET['trans_no']);
 	$result = db_query($sql,"The related credit notes could not be retreived");
 
 	$credits_total = 0;