From 9debf42a1d9760ff49f32031d78c4068e349f9a1 Mon Sep 17 00:00:00 2001
From: Rod Roark <rod@sunsetsystems.com>
Date: Tue, 2 Nov 2010 08:33:21 -0700
Subject: [PATCH] Fixed to use more secure SQL methods.

---
 interface/reports/inventory_transactions.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/reports/inventory_transactions.php b/interface/reports/inventory_transactions.php
index cbe4709d9..2dd7cb2d1 100644
--- a/interface/reports/inventory_transactions.php
+++ b/interface/reports/inventory_transactions.php
@@ -348,7 +348,7 @@ if ($form_action) {
     "LEFT JOIN list_options AS lo2 ON lo2.list_id = 'warehouse' AND " .
     "lo2.option_id = i2.warehouse_id " .
     "LEFT JOIN form_encounter AS fe ON fe.pid = s.pid AND fe.encounter = s.encounter " .
-    "WHERE s.sale_date >= '$from_date' AND s.sale_date <= '$to_date' ";
+    "WHERE s.sale_date >= ? AND s.sale_date <= ? ";
   if ($form_trans_type == 2) { // purchase/return
     $query .= "AND s.pid = 0 AND s.distributor_id = 0 AND s.xfer_inventory_id = 0 AND s.fee != 0 ";
   }
@@ -366,7 +366,7 @@ if ($form_action) {
   }
   $query .= "ORDER BY s.sale_date, s.sale_id";
   //
-  $res = sqlStatement($query);
+  $res = sqlStatement($query, array($from_date, $to_date));
   while ($row = sqlFetchArray($res)) {
     thisLineItem($row);
   }
-- 
2.11.4.GIT