Additional sql parameters cleanup.

author Janusz Dobrowolski <janusz@frontaccounting.eu>

Thu, 21 Oct 2010 10:09:22 +0000 (10:09 +0000)

committer Janusz Dobrowolski <janusz@frontaccounting.eu>

Thu, 21 Oct 2010 10:09:22 +0000 (10:09 +0000)
author Janusz Dobrowolski <janusz@frontaccounting.eu>
Thu, 21 Oct 2010 10:09:22 +0000 (10:09 +0000)
committer Janusz Dobrowolski <janusz@frontaccounting.eu>
Thu, 21 Oct 2010 10:09:22 +0000 (10:09 +0000)
diff --git a/purchasing/includes/db/suppalloc_db.inc b/purchasing/includes/db/suppalloc_db.inc

index 959be3e2f2d6a1274737a739c27fb4a838df62a9..f9eed1a86c0a9caf6decb11fc4d9c8dd4f1e1429 100644 (file)
--- a/purchasing/includes/db/suppalloc_db.inc
+++ b/purchasing/includes/db/suppalloc_db.inc
@@ -69,7 +69,7 @@ function clear_supp_alloctions($type, $type_no, $date="")
  {
         // clear any allocations for this transaction
         $sql = "SELECT * FROM ".TB_PREF."supp_allocations
-               WHERE (trans_type_from=$type AND trans_no_from=$type_no)
+               WHERE (trans_type_from=".db_escape($type)." AND trans_no_from=".db_escape($type_no).")
                 OR (trans_type_to=".db_escape($type)." AND trans_no_to=".db_escape($type_no).")";
         $result = db_query($sql, "could not void supp transactions for type=$type and trans_no=$type_no");
author	Janusz Dobrowolski <janusz@frontaccounting.eu>
	Thu, 21 Oct 2010 10:09:22 +0000 (10:09 +0000)
committer	Janusz Dobrowolski <janusz@frontaccounting.eu>
	Thu, 21 Oct 2010 10:09:22 +0000 (10:09 +0000)