From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Thu, 21 Oct 2010 10:09:22 +0000 (+0000)
Subject: Additional sql parameters cleanup.
X-Git-Tag: v2.4.2~19^2~555
X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=ee5d494e30480a5a77b573a9c2e97803d3c67789;p=fa-stable.git

Additional sql parameters cleanup.
---

diff --git a/purchasing/includes/db/suppalloc_db.inc b/purchasing/includes/db/suppalloc_db.inc
index 959be3e2..f9eed1a8 100644
--- a/purchasing/includes/db/suppalloc_db.inc
+++ b/purchasing/includes/db/suppalloc_db.inc
@@ -69,7 +69,7 @@ function clear_supp_alloctions($type, $type_no, $date="")
 {
 	// clear any allocations for this transaction
 	$sql = "SELECT * FROM ".TB_PREF."supp_allocations
-		WHERE (trans_type_from=$type AND trans_no_from=$type_no)
+		WHERE (trans_type_from=".db_escape($type)." AND trans_no_from=".db_escape($type_no).")
 		OR (trans_type_to=".db_escape($type)." AND trans_no_to=".db_escape($type_no).")";
 	$result = db_query($sql, "could not void supp transactions for type=$type and trans_no=$type_no");