Committed with db_escape instead of db_quote

[fa-stable.git] / inventory / includes / db / items_units_db.inc

diff --git a/inventory/includes/db/items_units_db.inc b/inventory/includes/db/items_units_db.inc
index 05cb544ca86663a5ac6c1d5e22971c604276b086..f7ad5f655241135c9db5a1d8bee2972ce7ad1ffd 100644 (file)
--- a/inventory/includes/db/items_units_db.inc
+++ b/inventory/includes/db/items_units_db.inc
@@ -4,14 +4,14 @@ function write_item_unit($selected, $abbr, $description, $decimals)
 {
     if($selected!='')
                $sql = "UPDATE ".TB_PREF."item_units SET
-               abbr = ".db_quote($abbr).",
-               name = ".db_quote($description).",
+               abbr = ".db_escape($abbr).",
+               name = ".db_escape($description).",
                decimals = $decimals
                WHERE    abbr = '$selected'";
     else
                $sql = "INSERT INTO ".TB_PREF."item_units
-                       (abbr, name, decimals) VALUES( ".db_quote($abbr).",
-                       ".db_quote($description).", $decimals)";
+                       (abbr, name, decimals) VALUES( ".db_escape($abbr).",
+                       ".db_escape($description).", $decimals)";
 
        db_query($sql,"an item unit could not be updated");
 }