From d267d90ef76c47f516878945c7161bb59eeab8d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9lina?= Date: Mon, 20 Dec 2021 14:22:35 +0100 Subject: [PATCH] escape constant --- htdocs/takepos/ajax/ajax.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/takepos/ajax/ajax.php b/htdocs/takepos/ajax/ajax.php index 6463f65b327..99529e8b46f 100644 --- a/htdocs/takepos/ajax/ajax.php +++ b/htdocs/takepos/ajax/ajax.php @@ -125,7 +125,7 @@ if ($action == 'getProducts') { if ($conf->global->TAKEPOS_PRODUCT_IN_STOCK == 1) { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_stock as ps'; $sql .= ' ON (p.rowid = ps.fk_product'; - $sql .= " AND ps.fk_entrepot = ".((int) $conf->global->{'CASHDESK_ID_WAREHOUSE'.$_SESSION['takeposterminal']}) . ')'; + $sql .= " AND ps.fk_entrepot = ".((int) $db->escape($conf->global->{'CASHDESK_ID_WAREHOUSE'.$_SESSION['takeposterminal']})) . ')'; } $sql .= ' WHERE entity IN ('.getEntity('product').')'; if ($filteroncategids) {