editable=".db_escape($editable);
if ($units != '')
- $sql .= ", units='$units'";
+ $sql .= ", units=".db_escape($units);
if ($mb_flag != '')
- $sql .= ", mb_flag='$mb_flag'";
+ $sql .= ", mb_flag=".db_escape($mb_flag);
$sql .= " WHERE stock_id=".db_escape($stock_id);
{
$sql = "INSERT INTO ".TB_PREF."stock_master (stock_id, description, long_description, category_id,
tax_type_id, units, mb_flag, sales_account, inventory_account, cogs_account,
- adjustment_account, assembly_account, dimension_id, dimension2_id, no_sale, editable)
+ adjustment_account, assembly_account, dimension_id, dimension2_id, no_sale, no_purchase, editable)
VALUES (".db_escape($stock_id).", ".db_escape($description).", ".db_escape($long_description).",
".db_escape($category_id).", ".db_escape($tax_type_id).", "
.db_escape($units).", ".db_escape($mb_flag).",
}
return $msg;
}
-?>
\ No newline at end of file