{
$date = date2sql($date_);
$sql = "INSERT INTO ".TB_PREF."comments (type, id, date_, memo_)
- VALUES ($type, $type_no, '$date', ".db_quote($memo_).")";
+ VALUES ($type, $type_no, '$date', ".db_escape($memo_).")";
db_query($sql, "could not add comments transaction entry");
}
else
{
$date = date2sql($date_);
- $sql = "UPDATE ".TB_PREF."comments SET memo_=".db_quote($memo_)." WHERE type=$type AND id=$id AND date_='$date'";
+ $sql = "UPDATE ".TB_PREF."comments SET memo_=".db_escape($memo_)." WHERE type=$type AND id=$id AND date_='$date'";
db_query($sql, "could not update comments");
}
}