- prices_dec=$price_dec,
- qty_dec=$qty_dec,
- rates_dec=$exrate_dec,
- percent_dec=$percent_dec,
- show_gl=$showgl,
- show_codes=$showcodes,
- date_format=$date_format,
- date_sep=$date_sep,
- tho_sep=$tho_sep,
- dec_sep=$dec_sep,
- theme='$theme',
- page_size='$pagesize'
- WHERE user_id = '$user_id'";
-
- db_query($sql, "could not update user display prefs for $user_id");
+ prices_dec=".db_escape($price_dec).",
+ qty_dec=".db_escape($qty_dec).",
+ rates_dec=".db_escape($exrate_dec).",
+ percent_dec=".db_escape($percent_dec).",
+ show_gl=".db_escape($showgl).",
+ show_codes=".db_escape($showcodes).",
+ date_format=".db_escape($date_format).",
+ date_sep=".db_escape($date_sep).",
+ tho_sep=".db_escape($tho_sep).",
+ dec_sep=".db_escape($dec_sep).",
+ theme=".db_escape($theme).",
+ page_size=".db_escape($pagesize).",
+ show_hints=$show_hints,
+ print_profile=".db_escape($profile).",
+ rep_popup=$rep_popup,
+ query_size=$query_size,
+ graphic_links=$graphic_links,
+ language=".db_escape($lang).",
+ sticky_doc_date=".db_escape($stickydate)."
+ WHERE id = ".db_escape($id);
+
+ db_query($sql, "could not update user display prefs for $id");