Security statements update against sql injection attacks.

[fa-stable.git] / purchasing / inquiry / supplier_inquiry.php

diff --git a/purchasing/inquiry/supplier_inquiry.php b/purchasing/inquiry/supplier_inquiry.php
index 5fc3e0c5e9fac053fba5e28836e0924b086add30..138b2d647edf56a096bab512664408b2730221b3 100644 (file)
--- a/purchasing/inquiry/supplier_inquiry.php
+++ b/purchasing/inquiry/supplier_inquiry.php
@@ -178,7 +178,7 @@ function check_overdue($row)
        AND trans.tran_date <= '$date_to'
                AND trans.ov_amount != 0";      // exclude voided transactions
        if ($_POST['supplier_id'] != reserved_words::get_all())
-               $sql .= " AND trans.supplier_id = '" . $_POST['supplier_id'] . "'";
+               $sql .= " AND trans.supplier_id = ".db_escape($_POST['supplier_id']);
        if (isset($_POST['filterType']) && $_POST['filterType'] != reserved_words::get_all())
        {
                if (($_POST['filterType'] == '1'))