projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security update merged from 2.1.
[fa-stable.git] / reporting / rep401.php
diff --git a/reporting/rep401.php b/reporting/rep401.php
index 0113375efa720e1ed108f953520437f417c218d8..e72f163ce02037886435cd3e2cfd9f77c0e893c6 100644 (file)
--- a/reporting/rep401.php
+++ b/reporting/rep401.php
@@ -40,8 +40,8 @@ function getTransactions($from, $to)
                        ".TB_PREF."stock_master,
                        ".TB_PREF."bom
                WHERE ".TB_PREF."stock_master.stock_id=".TB_PREF."bom.component
-               AND ".TB_PREF."bom.parent >= '$from'
-               AND ".TB_PREF."bom.parent <= '$to'
+               AND ".TB_PREF."bom.parent >= ".db_escape($from)."
+               AND ".TB_PREF."bom.parent <= ".db_escape($to)."
                ORDER BY
                        ".TB_PREF."bom.parent,
                        ".TB_PREF."bom.component";
FrontAccounting stable branch