From 5adcdd6b4e9715189a2a40b70ba70c3e55b1df0a Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@inodbox.com>
Date: Tue, 22 Mar 2022 12:27:36 +0100
Subject: [PATCH] FIX use sanitize instead escape

---
 htdocs/core/customreports.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/customreports.php b/htdocs/core/customreports.php
index df7ff549bbb..b640df8768f 100644
--- a/htdocs/core/customreports.php
+++ b/htdocs/core/customreports.php
@@ -565,7 +565,7 @@ if (!empty($search_measures) && !empty($search_xaxis)) {
 			$tmpval = explode('.', $val);
 			//var_dump($arrayofxaxis[$val]['table']);
 			if (! in_array($arrayofxaxis[$val]['table'], $listoftablesalreadyadded)) {	// We do not add join for main table already added
-				$sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$arrayofxaxis[$val]['table'].' as '.$db->escape($tmpval[0]);
+				$sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$arrayofxaxis[$val]['table'].' as '.$db->sanitize($tmpval[0]);
 				$listoftablesalreadyadded[$arrayofxaxis[$val]['table']] = $arrayofxaxis[$val]['table'];
 			}
 		} else {