<?php
-
+/**********************************************************************
+ Copyright (C) FrontAccounting, LLC.
+ Released under the terms of the GNU General Public License, GPL,
+ as published by the Free Software Foundation, either version 3
+ of the License, or (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
//---------------------------------------------------------------------------------------------
function update_currency($curr_abrev, $symbol, $currency, $country, $hundreds_name)
{
- $sql = "UPDATE ".TB_PREF."currencies SET currency='$currency', curr_symbol='$symbol',
- country='$country', hundreds_name='$hundreds_name' WHERE curr_abrev = '$curr_abrev'";
-
+ $sql = "UPDATE ".TB_PREF."currencies SET currency=".db_escape($currency).", curr_symbol='$symbol',
+ country=".db_escape($country).", hundreds_name=".db_escape($hundreds_name)." WHERE curr_abrev = '$curr_abrev'";
+
db_query($sql, "could not update currency for $curr_abrev");
}
function add_currency($curr_abrev, $symbol, $currency, $country, $hundreds_name)
{
- $sql = "INSERT INTO ".TB_PREF."currencies (curr_abrev, curr_symbol, currency, country, hundreds_name)
- VALUES ('$curr_abrev', '$symbol', '$currency', '$country', '$hundreds_name')";
-
+ $sql = "INSERT INTO ".TB_PREF."currencies (curr_abrev, curr_symbol, currency, country, hundreds_name)
+ VALUES (".db_escape($curr_abrev).", '$symbol', ".db_escape($currency).", ".db_escape($country).", ".db_escape($hundreds_name).")";
+
db_query($sql, "could not add currency for $curr_abrev");
}
{
$sql="DELETE FROM ".TB_PREF."currencies WHERE curr_abrev='$curr_code'";
db_query($sql, "could not delete currency $curr_code");
-
+
$sql="DELETE FROM ".TB_PREF."exchange_rates WHERE curr_code='$curr_code'";
db_query($sql, "could not delete exchange rates for currency $curr_code");
}
function get_currency($curr_code)
{
- $sql = "SELECT * FROM ".TB_PREF."currencies WHERE curr_abrev='$curr_code'";
+ $sql = "SELECT * FROM ".TB_PREF."currencies WHERE curr_abrev='$curr_code'";
$result = db_query($sql, "could not get currency $curr_code");
-
+
$row = db_fetch($result);
- return $row;
+ return $row;
}
//---------------------------------------------------------------------------------------------
function get_currencies()
{
- $sql = "SELECT * FROM ".TB_PREF."currencies";
+ $sql = "SELECT * FROM ".TB_PREF."currencies";
return db_query($sql, "could not get currencies");
}