Merged changes from main trunk up to version_2_1_4

[fa-stable.git] / purchasing / includes / purchasing_db.inc

diff --git a/purchasing/includes/purchasing_db.inc b/purchasing/includes/purchasing_db.inc
index da038358b1faf5fb95d3cf13e42f1745a6112f88..850d22910f8821a4c87c851f96cbfb7fb55c7aa1 100644 (file)
--- a/purchasing/includes/purchasing_db.inc
+++ b/purchasing/includes/purchasing_db.inc
@@ -98,7 +98,7 @@ function add_or_update_purchase_data($supplier_id, $stock_id, $price, $descripti
        {
                $sql = "INSERT INTO ".TB_PREF."purch_data (supplier_id, stock_id, price, suppliers_uom,
                        conversion_factor, supplier_description) VALUES ('$supplier_id', '$stock_id', 
-                       $price, '$uom', 1, '$description')";
+                       $price, '$uom', 1, ".db_escape($description).")";
                db_query($sql,"The supplier purchasing details could not be added");
                return;
        }       
@@ -107,7 +107,7 @@ function add_or_update_purchase_data($supplier_id, $stock_id, $price, $descripti
        if ($uom != "")
                $sql .= ",suppliers_uom='$uom'";
        if ($description != "") 
-               $sql .= ",supplier_description='$description'";
+               $sql .= ",supplier_description=".db_escape($description);
        $sql .= " WHERE stock_id='$stock_id' AND supplier_id='$supplier_id'";
        db_query($sql,"The supplier purchasing details could not be updated");
        return true;