projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Activated strict SQL mode, minor SQL injection fix, fixed _vl() debug helper.
[fa-stable.git] / includes / db / class.reflines_db.inc
diff --git a/includes/db/class.reflines_db.inc b/includes/db/class.reflines_db.inc
index f67aa60ac62fca8ede2c2c4bf842a90d3bbdca91..277ebe74dbe2f8dce456f6fc8d0adf9510d9bfff 100644 (file)
--- a/includes/db/class.reflines_db.inc
+++ b/includes/db/class.reflines_db.inc
@@ -153,7 +153,7 @@ class reflines_db extends data_set {
        function find_refline_id($reference, $type, $fallback=true)
        {
                $sql = "SELECT * FROM ".TB_PREF."reflines WHERE trans_type=".db_escape($type)
-                       ." AND CHAR_LENGTH(`prefix`) AND LEFT('$reference', CHAR_LENGTH(`prefix`)) = `prefix`";
+                       ." AND CHAR_LENGTH(`prefix`) AND LEFT(".db_escape($reference).", CHAR_LENGTH(`prefix`)) = `prefix`";
                if ($fallback)  // if not found return refline with empty prefix
                        $sql .= " UNION SELECT * FROM ".TB_PREF."reflines WHERE trans_type=".db_escape($type)." AND `prefix`=''";
                $ret = db_query($sql, "cannot check reference line id");
FrontAccounting stable branch