Committed with db_escape instead of db_quote

[fa-stable.git] / inventory / includes / db / items_category_db.inc

diff --git a/inventory/includes/db/items_category_db.inc b/inventory/includes/db/items_category_db.inc
index 5372e0aff3c14460189398385e4f73096802f0e9..8883b5f2fdd13299904b37864e4d9d4bc084d1c5 100644 (file)
--- a/inventory/includes/db/items_category_db.inc
+++ b/inventory/includes/db/items_category_db.inc
@@ -4,7 +4,7 @@ function add_item_category($description)
 
 {
        $sql = "INSERT INTO ".TB_PREF."stock_category (description)
-               VALUES (".db_quote($description).")";
+               VALUES (".db_escape($description).")";
 
        db_query($sql,"an item category could not be added");
 }
@@ -12,7 +12,7 @@ function add_item_category($description)
 function update_item_category($ItemCategory, $description)
 
 {
-       $sql = "UPDATE ".TB_PREF."stock_category SET description = ".db_quote($description)."
+       $sql = "UPDATE ".TB_PREF."stock_category SET description = ".db_escape($description)."
         WHERE category_id = '$ItemCategory'";
 
        db_query($sql,"an item category could not be updated");