if ($id>0)
$sql = "UPDATE ".TB_PREF."printers SET description=".db_escape($descr)
.",name=".db_escape($name).",queue=".db_escape($queue)
- .",host=".db_escape($host).",port='$port',timeout='$timeout' "
- ."WHERE id=$id";
+ .",host=".db_escape($host).",port=".db_escape($port).",timeout=".db_escape($timeout)
+ ." WHERE id=".db_escape($id);
else
$sql = "INSERT INTO ".TB_PREF."printers ("
."name,description,queue,host,port,timeout) "
."VALUES (".db_escape($name).",".db_escape($descr).","
- .db_escape($queue).",".db_escape($host).",'$port','$timeout')";
+ .db_escape($queue).",".db_escape($host).",".db_escape($port).",".db_escape($timeout).")";
return db_query($sql,"could not write printer definition");
}
function get_printer($id)
{
$sql = "SELECT * FROM ".TB_PREF."printers
- WHERE id=$id";
+ WHERE id=".db_escape($id);
$result = db_query($sql,"could not get printer definition");
return db_fetch($result);
function get_report_printer($profile, $report)
{
$sql = "SELECT printer FROM ".TB_PREF."print_profiles WHERE "
- ."profile=".db_escape($profile)." AND report=";
+ ."profile=".db_escape($profile)." AND report=".db_escape($report);
$result = db_query($sql.db_escape($report), 'report printer lookup failed');