Security statements update against sql injection attacks.

[fa-stable.git] / inventory / manage / item_units.php

diff --git a/inventory/manage/item_units.php b/inventory/manage/item_units.php
index 95473885f348109a1b2d2c1608ed67aa91dc3e56..688fda3b492ee78e5a139543b44f331fb0968dd7 100644 (file)
--- a/inventory/manage/item_units.php
+++ b/inventory/manage/item_units.php
@@ -34,6 +34,12 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
                display_error(_("The unit of measure code cannot be empty."));
                set_focus('abbr');
        }
+       if (strlen(db_escape($_POST['abbr']))>(20+2))
+       {
+               $input_error = 1;
+               display_error(_("The unit of measure code is too long."));
+               set_focus('abbr');
+       }
        if (strlen($_POST['description']) == 0)
        {
                $input_error = 1;