$duedate = date2sql($due_date);
$sql = "INSERT INTO ".TB_PREF."dimensions (reference, name, type_, date_, due_date)
- VALUES ('$reference', '$name', $type_, '$date', '$duedate')";
+ VALUES (".db_escape($reference).", ".db_escape($name).", $type_, '$date', '$duedate')";
db_query($sql, "could not add dimension");
$id = db_insert_id();
add_comments(systypes::dimension(), $id, $date_, $memo_);
- add_forms_for_sys_type(systypes::dimension(), $id);
-
references::save_last($reference, systypes::dimension());
commit_transaction();
$date = date2sql($date_);
$duedate = date2sql($due_date);
- $sql = "UPDATE ".TB_PREF."dimensions SET name='$name',
+ $sql = "UPDATE ".TB_PREF."dimensions SET name=".db_escape($name).",
type_ = $type_,
date_='$date',
due_date='$duedate'
delete_comments(systypes::dimension(), $id);
- delete_forms_for_systype(systypes::dimension(), $id);
-
commit_transaction();
}
{
if ($html)
$dim = " ";
- else
+ else
$dim = "";
- }
+ }
else
{
$row = get_dimension($id, true);
$dim = $row['reference'] . $space . $row['name'];
}
-
+
return $dim;
}