Security update merged from 2.1.

[fa-stable.git] / reporting / rep301.php

diff --git a/reporting/rep301.php b/reporting/rep301.php
index eac7b1227601d23e3ea579d7f243e5deb5a76d4f..3b091cde1da032217492d436284d6a298829e37e 100644 (file)
--- a/reporting/rep301.php
+++ b/reporting/rep301.php
@@ -52,9 +52,9 @@ function getTransactions($category, $location)
                        ".TB_PREF."stock_master.description
                HAVING SUM(".TB_PREF."stock_moves.qty) != 0";
                if ($category != 0)
-                       $sql .= " AND ".TB_PREF."stock_master.category_id = '$category'";
+                       $sql .= " AND ".TB_PREF."stock_master.category_id = ".db_escape($category);
                if ($location != 'all')
-                       $sql .= " AND ".TB_PREF."stock_moves.loc_code = '$location'";
+                       $sql .= " AND ".TB_PREF."stock_moves.loc_code = ".db_escape($location);
                $sql .= " ORDER BY ".TB_PREF."stock_master.category_id,
                        ".TB_PREF."stock_master.stock_id";