projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
hook_db_prewrite is not properly used inside journal entry. Fixed by @kvvaradha.
[fa-stable.git] / gl / includes / db / gl_db_currencies.inc
diff --git a/gl/includes/db/gl_db_currencies.inc b/gl/includes/db/gl_db_currencies.inc
index 342cddc4eb6275c6a45424fa861c760547cc8eb7..0efa42076564cf2773919ae73a172399e70a77a8 100644 (file)
--- a/gl/includes/db/gl_db_currencies.inc
+++ b/gl/includes/db/gl_db_currencies.inc
@@ -14,9 +14,11 @@
 function update_currency($curr_abrev, $symbol, $currency, $country, 
        $hundreds_name, $auto_update)
 {
-       $sql = "UPDATE ".TB_PREF."currencies SET currency=".db_escape($currency).", curr_symbol='$symbol',
-               country=".db_escape($country).", hundreds_name=".db_escape($hundreds_name)
-               .",auto_update = '$auto_update'"." WHERE curr_abrev = '$curr_abrev'";
+       $sql = "UPDATE ".TB_PREF."currencies SET currency=".db_escape($currency)
+               .", curr_symbol=".db_escape($symbol).", country=".db_escape($country)
+               .", hundreds_name=".db_escape($hundreds_name)
+               .",auto_update = ".db_escape($auto_update)
+                       ." WHERE curr_abrev = ".db_escape($curr_abrev);
 
        db_query($sql, "could not update currency for $curr_abrev");
 }
@@ -26,11 +28,11 @@ function update_currency($curr_abrev, $symbol, $currency, $country,
 function add_currency($curr_abrev, $symbol, $currency, $country, 
        $hundreds_name, $auto_update)
 {
-       $sql = "INSERT INTO ".TB_PREF."currencies (curr_abrev, curr_symbol, currency, country, 
-               hundreds_name, auto_update)
-               VALUES (".db_escape($curr_abrev).", '$symbol', ".db_escape($currency)
-               .", ".db_escape($country).", ".db_escape($hundreds_name)
-               .",".db_escape($auto_update).")";
+       $sql = "INSERT INTO ".TB_PREF."currencies (curr_abrev, curr_symbol, currency, 
+                       country, hundreds_name, auto_update)
+               VALUES (".db_escape($curr_abrev).", ".db_escape($symbol).", "
+               .db_escape($currency).", ".db_escape($country).", "
+               .db_escape($hundreds_name).",".db_escape($auto_update).")";
 
        db_query($sql, "could not add currency for $curr_abrev");
 }
@@ -39,7 +41,7 @@ function add_currency($curr_abrev, $symbol, $currency, $country,
 
 function delete_currency($curr_code)
 {
-       $sql="DELETE FROM ".TB_PREF."currencies WHERE curr_abrev='$curr_code'";
+       $sql="DELETE FROM ".TB_PREF."currencies WHERE curr_abrev=".db_escape($curr_code);
        db_query($sql, "could not delete currency       $curr_code");
 
        $sql="DELETE FROM ".TB_PREF."exchange_rates WHERE curr_code='$curr_code'";
@@ -50,7 +52,7 @@ function delete_currency($curr_code)
 
 function get_currency($curr_code)
 {
-       $sql = "SELECT * FROM ".TB_PREF."currencies WHERE curr_abrev='$curr_code'";
+       $sql = "SELECT * FROM ".TB_PREF."currencies WHERE curr_abrev=".db_escape($curr_code);
        $result = db_query($sql, "could not get currency $curr_code");
 
        $row = db_fetch($result);
@@ -66,6 +68,3 @@ function get_currencies($all=false)
        return db_query($sql, "could not get currencies");
 }
 
-//---------------------------------------------------------------------------------------------
-
-?>
\ No newline at end of file
FrontAccounting stable branch