Security update merged from 2.1.

[fa-stable.git] / inventory / includes / db / items_trans_db.inc

diff --git a/inventory/includes/db/items_trans_db.inc b/inventory/includes/db/items_trans_db.inc
index 0bcdb82b80e6e12f7fb26108745cd2fa8e5f9c5a..7292814d35c38d95e0f52befcb6dbd8227d9ce05 100644 (file)
--- a/inventory/includes/db/items_trans_db.inc
+++ b/inventory/includes/db/items_trans_db.inc
@@ -25,11 +25,11 @@ function stock_cost_update($stock_id, $material_cost, $labour_cost, $overhead_co
        
        begin_transaction();
        
-       $sql = "UPDATE ".TB_PREF."stock_master SET material_cost=$material_cost, 
-               labour_cost=$labour_cost, 
-               overhead_cost=$overhead_cost, 
-               last_cost=$last_cost 
-               WHERE stock_id='$stock_id'";
+       $sql = "UPDATE ".TB_PREF."stock_master SET material_cost=".db_escape($material_cost).", 
+               labour_cost=".db_escape($labour_cost).", 
+               overhead_cost=".db_escape($overhead_cost).", 
+               last_cost=".db_escape($last_cost)." 
+               WHERE stock_id=".db_escape($stock_id);
        db_query($sql,"The cost details for the inventory item could not be updated");
 
        $qoh = get_qoh_on_date($_POST['stock_id']);