Merging version 2.1 RC to main trunk.

[fa-stable.git] / gl / includes / db / gl_db_currencies.inc

diff --git a/gl/includes/db/gl_db_currencies.inc b/gl/includes/db/gl_db_currencies.inc
index 8c9ad97924b16ce0457b8a04eacd4e53a3d7dbe5..0c386f8395bd9f923192e8cef9ade0b36dacaa4e 100644 (file)
--- a/gl/includes/db/gl_db_currencies.inc
+++ b/gl/includes/db/gl_db_currencies.inc
@@ -1,12 +1,21 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+       Released under the terms of the GNU General Public License, GPL, 
+       as published by the Free Software Foundation, either version 3 
+       of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 //---------------------------------------------------------------------------------------------
 
 function update_currency($curr_abrev, $symbol, $currency, $country, $hundreds_name)
 {
-       $sql = "UPDATE ".TB_PREF."currencies SET currency='$currency', curr_symbol='$symbol',
-               country='$country', hundreds_name='$hundreds_name' WHERE curr_abrev = '$curr_abrev'";   
-                       
+       $sql = "UPDATE ".TB_PREF."currencies SET currency=".db_escape($currency).", curr_symbol='$symbol',
+               country=".db_escape($country).", hundreds_name=".db_escape($hundreds_name)." WHERE curr_abrev = '$curr_abrev'";
+
        db_query($sql, "could not update currency for $curr_abrev");
 }
 
@@ -14,9 +23,9 @@ function update_currency($curr_abrev, $symbol, $currency, $country, $hundreds_na
 
 function add_currency($curr_abrev, $symbol, $currency, $country, $hundreds_name)
 {
-       $sql = "INSERT INTO ".TB_PREF."currencies (curr_abrev, curr_symbol, currency, country, hundreds_name) 
-               VALUES ('$curr_abrev', '$symbol', '$currency', '$country', '$hundreds_name')";
-       
+       $sql = "INSERT INTO ".TB_PREF."currencies (curr_abrev, curr_symbol, currency, country, hundreds_name)
+               VALUES (".db_escape($curr_abrev).", '$symbol', ".db_escape($currency).", ".db_escape($country).", ".db_escape($hundreds_name).")";
+
        db_query($sql, "could not add currency for $curr_abrev");
 }
 
@@ -26,7 +35,7 @@ function delete_currency($curr_code)
 {
        $sql="DELETE FROM ".TB_PREF."currencies WHERE curr_abrev='$curr_code'";
        db_query($sql, "could not delete currency       $curr_code");
-       
+
        $sql="DELETE FROM ".TB_PREF."exchange_rates WHERE curr_code='$curr_code'";
        db_query($sql, "could not delete exchange rates for currency $curr_code");
 }
@@ -35,18 +44,18 @@ function delete_currency($curr_code)
 
 function get_currency($curr_code)
 {
-       $sql = "SELECT * FROM ".TB_PREF."currencies WHERE curr_abrev='$curr_code'";     
+       $sql = "SELECT * FROM ".TB_PREF."currencies WHERE curr_abrev='$curr_code'";
        $result = db_query($sql, "could not get currency $curr_code");
-       
+
        $row = db_fetch($result);
-       return $row;                    
+       return $row;
 }
 
 //---------------------------------------------------------------------------------------------
 
 function get_currencies()
 {
-       $sql = "SELECT * FROM ".TB_PREF."currencies";   
+       $sql = "SELECT * FROM ".TB_PREF."currencies";
        return db_query($sql, "could not get currencies");
 }