From ee5d494e30480a5a77b573a9c2e97803d3c67789 Mon Sep 17 00:00:00 2001 From: Janusz Dobrowolski Date: Thu, 21 Oct 2010 10:09:22 +0000 Subject: [PATCH] Additional sql parameters cleanup. --- purchasing/includes/db/suppalloc_db.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/purchasing/includes/db/suppalloc_db.inc b/purchasing/includes/db/suppalloc_db.inc index 959be3e2..f9eed1a8 100644 --- a/purchasing/includes/db/suppalloc_db.inc +++ b/purchasing/includes/db/suppalloc_db.inc @@ -69,7 +69,7 @@ function clear_supp_alloctions($type, $type_no, $date="") { // clear any allocations for this transaction $sql = "SELECT * FROM ".TB_PREF."supp_allocations - WHERE (trans_type_from=$type AND trans_no_from=$type_no) + WHERE (trans_type_from=".db_escape($type)." AND trans_no_from=".db_escape($type_no).") OR (trans_type_to=".db_escape($type)." AND trans_no_to=".db_escape($type_no).")"; $result = db_query($sql, "could not void supp transactions for type=$type and trans_no=$type_no"); -- 2.30.2