Security update merged from 2.1.

[fa-stable.git] / reporting / rep302.php

diff --git a/reporting/rep302.php b/reporting/rep302.php
index 611e214b0aa98da3779a6c4c5aa405504ba8ecf7..8e5bb6ddfd2e39e0898149e167842b5d82295df1 100644 (file)
--- a/reporting/rep302.php
+++ b/reporting/rep302.php
@@ -44,9 +44,9 @@ function getTransactions($category, $location)
                WHERE ".TB_PREF."stock_master.category_id=".TB_PREF."stock_category.category_id
                AND (".TB_PREF."stock_master.mb_flag='B' OR ".TB_PREF."stock_master.mb_flag='M')";
        if ($category != 0)
-               $sql .= " AND ".TB_PREF."stock_master.category_id = '$category'";
+               $sql .= " AND ".TB_PREF."stock_master.category_id = ".db_escape($category);
        if ($location != 'all')
-               $sql .= " AND IF(".TB_PREF."stock_moves.stock_id IS NULL, '1=1',".TB_PREF."stock_moves.loc_code = '$location')";
+               $sql .= " AND IF(".TB_PREF."stock_moves.stock_id IS NULL, '1=1',".TB_PREF."stock_moves.loc_code = ".db_escape($location).")";
        $sql .= " GROUP BY ".TB_PREF."stock_master.category_id,
                ".TB_PREF."stock_category.description,
                ".TB_PREF."stock_master.stock_id,