$duedate = date2sql($due_date);
$sql = "INSERT INTO ".TB_PREF."dimensions (reference, name, type_, date_, due_date)
- VALUES (".db_escape($reference).", ".db_escape($name).", $type_, '$date', '$duedate')";
+ VALUES (".db_escape($reference).", ".db_escape($name).", ".db_escape($type_)
+ .", ".db_escape($date_).", ".db_escape($due_date).")";
db_query($sql, "could not add dimension");
$id = db_insert_id();
$duedate = date2sql($due_date);
$sql = "UPDATE ".TB_PREF."dimensions SET name=".db_escape($name).",
- type_ = $type_,
- date_='$date',
- due_date='$duedate'
- WHERE id = $id";
+ type_ = ".db_escape($type_).",
+ date_=".db_escape($date_).",
+ due_date=".db_escape($due_date)."
+ WHERE id = ".db_escape($id);
db_query($sql, "could not update dimension");
begin_transaction();
// delete the actual dimension
- $sql="DELETE FROM ".TB_PREF."dimensions WHERE id=$id";
+ $sql="DELETE FROM ".TB_PREF."dimensions WHERE id=".db_escape($id);
db_query($sql,"The dimension could not be deleted");
delete_comments(ST_DIMENSION, $id);
function get_dimension($id, $allow_null=false)
{
- $sql = "SELECT * FROM ".TB_PREF."dimensions WHERE id=$id";
+ $sql = "SELECT * FROM ".TB_PREF."dimensions WHERE id=".db_escape($id);
$result = db_query($sql, "The dimension could not be retrieved");
function dimension_has_payments($id)
{
- $sql = "SELECT SUM(amount) FROM ".TB_PREF."gl_trans WHERE dimension_id = $id";
+ $sql = "SELECT SUM(amount) FROM ".TB_PREF."gl_trans WHERE dimension_id = ".db_escape($id);
$res = db_query($sql, "Transactions could not be calculated");
$row = db_fetch_row($res);
return ($row[0] != 0.0);
function close_dimension($id)
{
- $sql = "UPDATE ".TB_PREF."dimensions SET closed='1' WHERE id = $id";
+ $sql = "UPDATE ".TB_PREF."dimensions SET closed='1' WHERE id = ".db_escape($id);
db_query($sql, "could not close dimension");
}
projects / fa-stable.git / blobdiff