Security statements update against sql injection attacks.

[fa-stable.git] / manufacturing / includes / db / work_orders_quick_db.inc

diff --git a/manufacturing/includes/db/work_orders_quick_db.inc b/manufacturing/includes/db/work_orders_quick_db.inc
index 6e36101338c22a306eeb2458f5968ff4b951e817..152c586d000189cb76619d0c43c708bdf983a2d2 100644 (file)
--- a/manufacturing/includes/db/work_orders_quick_db.inc
+++ b/manufacturing/includes/db/work_orders_quick_db.inc
@@ -31,8 +31,9 @@ function add_work_order_quick($wo_ref, $loc_code, $units_reqd, $stock_id, $type,
                
        $sql = "INSERT INTO ".TB_PREF."workorders (wo_ref, loc_code, units_reqd, units_issued, stock_id,
                type, additional_costs, date_, released_date, required_by, released, closed)
-       VALUES (".db_escape($wo_ref).", ".db_escape($loc_code).", $units_reqd, $units_reqd, '$stock_id',
-               $type, $costs, '$date', '$date', '$date', 1, 1)";
+       VALUES (".db_escape($wo_ref).", ".db_escape($loc_code).", ".db_escape($units_reqd)
+       .", ".db_escape($units_reqd).", ".db_escape($stock_id).",
+               ".db_escape($type).", ".db_escape($costs).", '$date', '$date', '$date', 1, 1)";
        db_query($sql, "could not add work order");
 
        $woid = db_insert_id();