Security update merged from 2.1.

[fa-stable.git] / reporting / rep105.php

diff --git a/reporting/rep105.php b/reporting/rep105.php
index dd535b9858b4b23cb993b9c05ffd636349b1a58b..4b6a086cc55b00166070f36d650eeac56d3425d0 100644 (file)
--- a/reporting/rep105.php
+++ b/reporting/rep105.php
@@ -57,11 +57,11 @@ function GetSalesOrders($from, $to, $category=0, $location=null, $backorder=0)
             WHERE ".TB_PREF."sales_orders.ord_date >='$fromdate'
                 AND ".TB_PREF."sales_orders.ord_date <='$todate'";
        if ($category > 0)
-               $sql .= " AND ".TB_PREF."stock_master.category_id=$category";
+               $sql .= " AND ".TB_PREF."stock_master.category_id=".db_escape($category);
        if ($location != null)
-               $sql .= " AND ".TB_PREF."sales_orders.from_stk_loc='$location'";
+               $sql .= " AND ".TB_PREF."sales_orders.from_stk_loc=".db_escape($location);
        if ($backorder)
-               $sql .= "AND ".TB_PREF."sales_order_details.quantity - ".TB_PREF."sales_order_details.qty_sent > 0";
+               $sql .= " AND ".TB_PREF."sales_order_details.quantity - ".TB_PREF."sales_order_details.qty_sent > 0";
        $sql .= " ORDER BY ".TB_PREF."sales_orders.order_no";
 
        return db_query($sql, "Error getting order details");