projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security statements update against sql injection attacks.
[fa-stable.git] / manufacturing / manage / work_centres.php
diff --git a/manufacturing/manage/work_centres.php b/manufacturing/manage/work_centres.php
index 19227df8e3e3f8fb668b38be6fa68056734cf9c4..017b96c8ae05d0b0ac93a8b73fc65846ceb5c098 100644 (file)
--- a/manufacturing/manage/work_centres.php
+++ b/manufacturing/manage/work_centres.php
@@ -56,7 +56,7 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 
 function can_delete($selected_id)
 {
-       $sql= "SELECT COUNT(*) FROM ".TB_PREF."bom WHERE workcentre_added='$selected_id'";      
+       $sql= "SELECT COUNT(*) FROM ".TB_PREF."bom WHERE workcentre_added=".db_escape($selected_id);
        $result = db_query($sql, "check can delete work centre");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0) 
@@ -65,7 +65,7 @@ function can_delete($selected_id)
                return false;
        }
        
-       $sql= "SELECT COUNT(*) FROM ".TB_PREF."wo_requirements WHERE workcentre='$selected_id'";
+       $sql= "SELECT COUNT(*) FROM ".TB_PREF."wo_requirements WHERE workcentre=".db_escape($selected_id);
        $result = db_query($sql, "check can delete work centre");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0) 
FrontAccounting stable branch