<?php
-
+/**********************************************************************
+ Copyright (C) FrontAccounting, LLC.
+ Released under the terms of the GNU Affero General Public License,
+ AGPL, as published by the Free Software Foundation, either version
+ 3 of the License, or (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+***********************************************************************/
function add_dimension($reference, $name, $type_, $date_, $due_date, $memo_)
{
begin_transaction();
$duedate = date2sql($due_date);
$sql = "INSERT INTO ".TB_PREF."dimensions (reference, name, type_, date_, due_date)
- VALUES ('$reference', '$name', $type_, '$date', '$duedate')";
+ VALUES (".db_escape($reference).", ".db_escape($name).", $type_, '$date', '$duedate')";
db_query($sql, "could not add dimension");
$id = db_insert_id();
$date = date2sql($date_);
$duedate = date2sql($due_date);
- $sql = "UPDATE ".TB_PREF."dimensions SET name='$name',
+ $sql = "UPDATE ".TB_PREF."dimensions SET name=".db_escape($name).",
type_ = $type_,
date_='$date',
due_date='$duedate'
projects / fa-stable.git / blobdiff