projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Added POS and cash sale support, some smaller bugfixes.
[fa-stable.git]
/
dimensions
/
includes
/
dimensions_db.inc
diff --git
a/dimensions/includes/dimensions_db.inc
b/dimensions/includes/dimensions_db.inc
index 8ad1cfb1f35edf6ce29dd573f23acd805a743c56..d0299b668b740906efa69d4dd3f3107fab557ba6 100644
(file)
--- a/
dimensions/includes/dimensions_db.inc
+++ b/
dimensions/includes/dimensions_db.inc
@@
-8,7
+8,7
@@
function add_dimension($reference, $name, $type_, $date_, $due_date, $memo_)
$duedate = date2sql($due_date);
$sql = "INSERT INTO ".TB_PREF."dimensions (reference, name, type_, date_, due_date)
$duedate = date2sql($due_date);
$sql = "INSERT INTO ".TB_PREF."dimensions (reference, name, type_, date_, due_date)
- VALUES (
'$reference', '$name'
, $type_, '$date', '$duedate')";
+ VALUES (
".db_escape($reference).", ".db_escape($name)."
, $type_, '$date', '$duedate')";
db_query($sql, "could not add dimension");
$id = db_insert_id();
db_query($sql, "could not add dimension");
$id = db_insert_id();
@@
-29,7
+29,7
@@
function update_dimension($id, $name, $type_, $date_, $due_date, $memo_)
$date = date2sql($date_);
$duedate = date2sql($due_date);
$date = date2sql($date_);
$duedate = date2sql($due_date);
- $sql = "UPDATE ".TB_PREF."dimensions SET name=
'$name'
,
+ $sql = "UPDATE ".TB_PREF."dimensions SET name=
".db_escape($name)."
,
type_ = $type_,
date_='$date',
due_date='$duedate'
type_ = $type_,
date_='$date',
due_date='$duedate'