function get_voided_entry($type, $type_no)
{
- $sql = "SELECT * FROM ".TB_PREF."voided WHERE type=$type AND id=$type_no";
+ $sql = "SELECT * FROM ".TB_PREF."voided WHERE type=".db_escape($type)
+ ." AND id=".db_escape($type_no);
$result = db_query($sql, "could not query voided transaction table");
{
$date = date2sql($date_);
$sql = "INSERT INTO ".TB_PREF."voided (type, id, date_, memo_)
- VALUES ($type, $type_no, ".db_escape($date).", ".db_escape($memo_).")";
+ VALUES (".db_escape($type).", ".db_escape($type_no).", "
+ .db_escape($date).", ".db_escape($memo_).")";
db_query($sql, "could not add voided transaction entry");
}