projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security sql statements update against sql injection attacks.
[fa-stable.git] / reporting / rep203.php
diff --git a/reporting/rep203.php b/reporting/rep203.php
index c276188f8a6d0befbcb2cab9f91cb57c31c0fb85..f61e4bbf69a337a128f14fbf67847ea5ec7d904a 100644 (file)
--- a/reporting/rep203.php
+++ b/reporting/rep203.php
@@ -107,7 +107,7 @@ function print_payment_report()
        $sql = "SELECT supplier_id, supp_name AS name, curr_code, ".TB_PREF."payment_terms.terms FROM ".TB_PREF."suppliers, ".TB_PREF."payment_terms
                WHERE ";
        if ($fromsupp != reserved_words::get_all_numeric())
-               $sql .= "supplier_id=$fromsupp AND ";
+               $sql .= "supplier_id=".db_escape($fromsupp)." AND ";
        $sql .= "".TB_PREF."suppliers.payment_terms = ".TB_PREF."payment_terms.terms_indicator
                ORDER BY supp_name";
        $result = db_query($sql, "The customers could not be retrieved");
FrontAccounting stable branch