2.4.4 no Longer Displays 0.00 Sales Invoices in customer_inquiry.php. Fixed. $Braath...

[fa-stable.git] / includes / db / comments_db.inc

diff --git a/includes/db/comments_db.inc b/includes/db/comments_db.inc
index 9a484da257b2600d91003ace891072e403396228..0a9a53e9d7a6d90a5e9eae59b9d1bb8fd00eabf9 100644 (file)
--- a/includes/db/comments_db.inc
+++ b/includes/db/comments_db.inc
@@ -1,10 +1,20 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+       Released under the terms of the GNU General Public License, GPL, 
+       as published by the Free Software Foundation, either version 3 
+       of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 //--------------------------------------------------------------------------------------------------
 
 function get_comments($type, $type_no)
 {
-       $sql = "SELECT * FROM ".TB_PREF."comments WHERE type=$type AND id=$type_no";
+       $sql = "SELECT * FROM ".TB_PREF."comments WHERE type="
+               .db_escape($type)." AND id=".db_escape($type_no);
 
        return db_query($sql, "could not query comments transaction table");
 }
@@ -17,7 +27,8 @@ function add_comments($type, $type_no, $date_, $memo_)
        {
        $date = date2sql($date_);
        $sql = "INSERT INTO ".TB_PREF."comments (type, id, date_, memo_)
-               VALUES ($type, $type_no, '$date', ".db_escape($memo_).")";
+               VALUES (".db_escape($type).", ".db_escape($type_no)
+                       .", '$date', ".db_escape($memo_).")";
 
        db_query($sql, "could not add comments transaction entry");
        }
@@ -35,7 +46,9 @@ function update_comments($type, $id, $date_, $memo_)
        else
        {
                $date = date2sql($date_);
-       $sql = "UPDATE ".TB_PREF."comments SET memo_=".db_escape($memo_)." WHERE type=$type AND id=$id AND date_='$date'";
+       $sql = "UPDATE ".TB_PREF."comments SET memo_=".db_escape($memo_)
+                       ." WHERE type=".db_escape($type)." AND id=".db_escape($id)
+                       ." AND date_='$date'";
        db_query($sql, "could not update comments");
        }
 }
@@ -44,11 +57,11 @@ function update_comments($type, $id, $date_, $memo_)
 
 function delete_comments($type, $type_no)
 {
-       $sql = "DELETE FROM ".TB_PREF."comments WHERE type=$type AND id=$type_no";
+       $sql = "DELETE FROM ".TB_PREF."comments WHERE type=".db_escape($type)
+               ." AND id=".db_escape($type_no);
 
        db_query($sql, "could not delete from comments transaction table");
 }
 
 //--------------------------------------------------------------------------------------------------
 
-?>
\ No newline at end of file