Security update merged from 2.1.

[fa-stable.git] / purchasing / supplier_credit.php

diff --git a/purchasing/supplier_credit.php b/purchasing/supplier_credit.php
index 319bab0bb1acf583fec8d99a4198668a47bc718e..c20abbcd38d7b56cbda1c49f16abc4be4af0d8c9 100644 (file)
--- a/purchasing/supplier_credit.php
+++ b/purchasing/supplier_credit.php
@@ -97,7 +97,7 @@ if (isset($_POST['AddGLCodeToTrans'])){
        $Ajax->activate('gl_items');
        $input_error = false;
 
-       $sql = "SELECT account_code, account_name FROM ".TB_PREF."chart_master WHERE account_code='" . $_POST['gl_code'] . "'";
+       $sql = "SELECT account_code, account_name FROM ".TB_PREF."chart_master WHERE account_code=".db_escape($_POST['gl_code']);
        $result = db_query($sql,"get account information");
        if (db_num_rows($result) == 0)
        {