projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security sql statements update against sql injection attacks.
[fa-stable.git] / reporting / rep401.php
diff --git a/reporting/rep401.php b/reporting/rep401.php
index 8ae240e353ddcd682b970db7a3d7887b791281fb..fc1468fcc44dd15ece2d9625a58ca6c128d50c2a 100644 (file)
--- a/reporting/rep401.php
+++ b/reporting/rep401.php
@@ -40,8 +40,8 @@ function getTransactions($from, $to)
                        ".TB_PREF."stock_master,
                        ".TB_PREF."bom
                WHERE ".TB_PREF."stock_master.stock_id=".TB_PREF."bom.component
-               AND ".TB_PREF."bom.parent >= '$from'
-               AND ".TB_PREF."bom.parent <= '$to'
+               AND ".TB_PREF."bom.parent >= ".db_escape($from)."
+               AND ".TB_PREF."bom.parent <= ".db_escape($to)."
                ORDER BY
                        ".TB_PREF."bom.parent,
                        ".TB_PREF."bom.component";
FrontAccounting stable branch