function add_account_type($id, $name, $class_id, $parent)
{
$sql = "INSERT INTO ".TB_PREF."chart_types (id, name, class_id, parent)
- VALUES ($id, ".db_escape($name).", $class_id, $parent)";
+ VALUES ($id, ".db_escape($name).", ".db_escape($class_id).", ".db_escape($parent).")";
return db_query($sql);
}
function update_account_type($id, $name, $class_id, $parent)
{
$sql = "UPDATE ".TB_PREF."chart_types SET name=".db_escape($name).",
- class_id=$class_id, parent=$parent WHERE id = $id";
+ class_id=".db_escape($class_id).", parent=".db_escape($parent)
+ ." WHERE id = ".db_escape($id);
return db_query($sql, "could not update account type");
}
function get_account_type($id)
{
- $sql = "SELECT * FROM ".TB_PREF."chart_types WHERE id = $id";
+ $sql = "SELECT * FROM ".TB_PREF."chart_types WHERE id = ".db_escape($id);
$result = db_query($sql, "could not get account type");
function get_account_type_name($id)
{
- $sql = "SELECT name FROM ".TB_PREF."chart_types WHERE id = $id";
+ $sql = "SELECT name FROM ".TB_PREF."chart_types WHERE id = ".db_escape($id);
$result = db_query($sql, "could not get account type");
function delete_account_type($id)
{
- $sql = "DELETE FROM ".TB_PREF."chart_types WHERE id = $id";
+ $sql = "DELETE FROM ".TB_PREF."chart_types WHERE id = ".db_escape($id);
db_query($sql, "could not delete account type");
}
function add_account_class($id, $name, $ctype)
{
$sql = "INSERT INTO ".TB_PREF."chart_class (cid, class_name, ctype)
- VALUES ($id, ".db_escape($name).", $ctype)";
+ VALUES (".db_escape($id).", ".db_escape($name).", ".db_escape($ctype).")";
return db_query($sql);
}
function update_account_class($id, $name, $ctype)
{
$sql = "UPDATE ".TB_PREF."chart_class SET class_name=".db_escape($name).",
- ctype=$ctype WHERE cid = $id";
+ ctype=".db_escape($balance)." WHERE cid = ".db_escape($id);
return db_query($sql);
}
function get_account_class($id)
{
- $sql = "SELECT * FROM ".TB_PREF."chart_class WHERE cid = $id";
+ $sql = "SELECT * FROM ".TB_PREF."chart_class WHERE cid = ".db_escape($id);
$result = db_query($sql, "could not get account type");
function get_account_class_name($id)
{
- $sql = "SELECT class_name FROM ".TB_PREF."chart_class WHERE cid = $id";
+ $sql = "SELECT class_name FROM ".TB_PREF."chart_class WHERE cid =".db_escape($id);
$result = db_query($sql, "could not get account type");
function delete_account_class($id)
{
- $sql = "DELETE FROM ".TB_PREF."chart_class WHERE cid = $id";
+ $sql = "DELETE FROM ".TB_PREF."chart_class WHERE cid = ".db_escape($id);
db_query($sql, "could not delete account type");
}