Databse INSERT/UPDATE secured against db javscript injection

[fa-stable.git] / gl / includes / db / gl_db_accounts.inc

diff --git a/gl/includes/db/gl_db_accounts.inc b/gl/includes/db/gl_db_accounts.inc
index 920facba71f574ed6e58cd61621ae8bea719261f..275037086c872b499163b2ccab026780ae225b28 100644 (file)
--- a/gl/includes/db/gl_db_accounts.inc
+++ b/gl/includes/db/gl_db_accounts.inc
@@ -6,7 +6,7 @@ function add_gl_account($account_code, $account_name, $account_type, $account_co
        $account_name = db_escape($account_name);
        $sql = "INSERT INTO ".TB_PREF."chart_master (account_code, account_code2, account_name, account_type,
                tax_code) 
-               VALUES ('$account_code', '$account_code2', '$account_name', $account_type, $tax_code)";
+               VALUES ('$account_code', '$account_code2', $account_name, $account_type, $tax_code)";
 
        db_query($sql, "could not add gl account");
 }
@@ -14,7 +14,7 @@ function add_gl_account($account_code, $account_name, $account_type, $account_co
 function update_gl_account($account_code, $account_name, $account_type, $account_code2, $tax_code)
 {
        $account_name = db_escape($account_name);
-    $sql = "UPDATE ".TB_PREF."chart_master SET account_name='$account_name',
+    $sql = "UPDATE ".TB_PREF."chart_master SET account_name=$account_name,
                account_type=$account_type, account_code2='$account_code2',
                tax_code=$tax_code WHERE account_code = '$account_code'";