From 90ae24e1d905ee20915b65a8d6d82d94d0694edc Mon Sep 17 00:00:00 2001 From: =?utf8?q?Sven=20Sch=C3=B6ling?= Date: Sun, 5 Dec 2021 19:16:52 +0100 Subject: [PATCH] Form: get_history sql escaping --- SL/Form.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SL/Form.pm b/SL/Form.pm index 2e9458956..a01e9a8c6 100644 --- a/SL/Form.pm +++ b/SL/Form.pm @@ -2956,7 +2956,7 @@ sub get_history { qq|SELECT h.employee_id, h.itime::timestamp(0) AS itime, h.addition, h.what_done, emp.name, h.snumbers, h.trans_id AS id | . qq|FROM history_erp h | . qq|LEFT JOIN employee emp ON (emp.id = h.employee_id) | . - qq|WHERE (trans_id = | . $trans_id . qq|) $restriction | . + qq|WHERE (trans_id = | . $dbh->quote($trans_id) . qq|) $restriction | . $order; my $sth = $dbh->prepare($query) || $self->dberror($query); -- 2.20.1