Stable branch merged up to 2.3.21

[fa-stable.git] / inventory / includes / db / items_db.inc

diff --git a/inventory/includes/db/items_db.inc b/inventory/includes/db/items_db.inc
index 60bac30061679dae94b8c90eb2a5b28d263fe265..260f4e0bce6cf0987e3d6758515d2fe84e595944 100644 (file)
--- a/inventory/includes/db/items_db.inc
+++ b/inventory/includes/db/items_db.inc
@@ -30,10 +30,10 @@ function update_item($stock_id, $description, $long_description, $category_id,
                editable=".db_escape($editable);
 
        if ($units != '')
-               $sql .= ", units='$units'";
+               $sql .= ", units=".db_escape($units);
 
        if ($mb_flag != '')
-               $sql .= ", mb_flag='$mb_flag'";
+               $sql .= ", mb_flag=".db_escape($mb_flag);
 
        $sql .= " WHERE stock_id=".db_escape($stock_id);
 
@@ -160,4 +160,4 @@ function item_in_foreign_codes($stock_id)
        }
        return $msg;
 }
-?>
\ No newline at end of file
+?>