Security statements update against sql injection attacks.

[fa-stable.git] / manufacturing / includes / db / work_centres_db.inc

diff --git a/manufacturing/includes/db/work_centres_db.inc b/manufacturing/includes/db/work_centres_db.inc
index c01ad50f410e4987fe7c6705bcb55ed02897ef8b..31736af58b70e6ff23794098e1b7ca5b2e507dc3 100644 (file)
--- a/manufacturing/includes/db/work_centres_db.inc
+++ b/manufacturing/includes/db/work_centres_db.inc
@@ -20,7 +20,7 @@ function add_work_centre($name, $description)
 function update_work_centre($type_id, $name, $description)
 {
        $sql = "UPDATE ".TB_PREF."workcentres SET name=".db_escape($name).", description=".db_escape($description)."
-               WHERE id=$type_id";
+               WHERE id=".db_escape($type_id);
 
        db_query($sql, "could not update work centre");
 }
@@ -34,7 +34,7 @@ function get_all_work_centres()
 
 function get_work_centre($type_id)
 {
-       $sql = "SELECT * FROM ".TB_PREF."workcentres WHERE id=$type_id";
+       $sql = "SELECT * FROM ".TB_PREF."workcentres WHERE id=".db_escape($type_id);
 
        $result = db_query($sql, "could not get work centre");
 
@@ -43,7 +43,7 @@ function get_work_centre($type_id)
 
 function delete_work_centre($type_id)
 {
-       $sql="DELETE FROM ".TB_PREF."workcentres WHERE id=$type_id";
+       $sql="DELETE FROM ".TB_PREF."workcentres WHERE id=".db_escape($type_id);
 
        db_query($sql, "could not delete work centre");
 }