projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Changed db_escape function to avoid XSS attacks via js db injection
[fa-stable.git] / manufacturing / includes / db / work_orders_quick_db.inc
diff --git a/manufacturing/includes/db/work_orders_quick_db.inc b/manufacturing/includes/db/work_orders_quick_db.inc
index 940145af6a5d64802bcbd0cfc7ede6e8f8ee27dd..a687837dabe31299a3acd3fd490abe99da86c174 100644 (file)
--- a/manufacturing/includes/db/work_orders_quick_db.inc
+++ b/manufacturing/includes/db/work_orders_quick_db.inc
@@ -18,7 +18,7 @@ function add_work_order_quick($wo_ref, $loc_code, $units_reqd, $stock_id, $type,
 
        $sql = "INSERT INTO ".TB_PREF."workorders (wo_ref, loc_code, units_reqd, units_issued, stock_id,
                type, additional_costs, date_, released_date, required_by, released, closed)
-       VALUES ('$wo_ref', '$loc_code', $units_reqd, $units_reqd, '$stock_id',
+       VALUES (".db_quote($wo_ref).", ".db_quote($loc_code).", $units_reqd, $units_reqd, '$stock_id',
                $type, $additional_costs, '$date', '$date', '$date', 1, 1)";
        db_query($sql, "could not add work order");
 
FrontAccounting stable branch