Security update merged from 2.1.

[fa-stable.git] / inventory / includes / db / movement_types_db.inc

diff --git a/inventory/includes/db/movement_types_db.inc b/inventory/includes/db/movement_types_db.inc
index 41fd14acc4cdc0f5c0be3629963657d2d2d5e507..210cad432ea789700b29262da8b8150d7095704d 100644 (file)
--- a/inventory/includes/db/movement_types_db.inc
+++ b/inventory/includes/db/movement_types_db.inc
@@ -20,7 +20,7 @@ function add_movement_type($name)
 function update_movement_type($type_id, $name)
 {
        $sql = "UPDATE ".TB_PREF."movement_types SET name=".db_escape($name)."
-                       WHERE id=$type_id";
+                       WHERE id=".db_escape($type_id);
 
        db_query($sql, "could not update item movement type");
 }
@@ -35,7 +35,8 @@ function get_all_movement_type($all=false)
 
 function get_movement_type($type_id)
 {
-       $sql = "SELECT * FROM ".TB_PREF."movement_types WHERE id=$type_id";
+       $sql = "SELECT * FROM ".TB_PREF."movement_types WHERE id=".db_escape($type_id);
+
        $result = db_query($sql, "could not get item movement type");
 
        return db_fetch($result);
@@ -43,7 +44,7 @@ function get_movement_type($type_id)
 
 function delete_movement_type($type_id)
 {
-       $sql="DELETE FROM ".TB_PREF."movement_types WHERE id=$type_id";
+       $sql="DELETE FROM ".TB_PREF."movement_types WHERE id=".db_escape($type_id);
 
        db_query($sql, "could not delete item movement type");
 }