Security update merged from 2.1.

[fa-stable.git] / sales / manage / customers.php

diff --git a/sales/manage/customers.php b/sales/manage/customers.php
index 017d1607b7228da79224bc25810e03a83c832a62..3b967e886a210046fe6ab705e218503bc1e3f09f 100644 (file)
--- a/sales/manage/customers.php
+++ b/sales/manage/customers.php
@@ -93,7 +93,7 @@ function handle_submit()
             credit_limit=" . input_num('credit_limit') . ", 
             sales_type = ".db_escape($_POST['sales_type']) . ", 
             notes=".db_escape($_POST['notes']) . "
-            WHERE debtor_no = '". $_POST['customer_id'] . "'";
+            WHERE debtor_no = ".db_escape($_POST['customer_id']);
 
                db_query($sql,"The customer could not be updated");