projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Sealing against XSS atacks: purchasing,sales,install,admin,taxes
[fa-stable.git] / sales / includes / db / sales_types_db.inc
diff --git a/sales/includes/db/sales_types_db.inc b/sales/includes/db/sales_types_db.inc
index 338ae59b309b7ea48ae942dec5d16697304dc005..51e1142b39a6912e2037f2af139cec16333e1a23 100644 (file)
--- a/sales/includes/db/sales_types_db.inc
+++ b/sales/includes/db/sales_types_db.inc
@@ -2,14 +2,14 @@
 
 function add_sales_type($name, $tax_included)
 {
-       $sql = "INSERT INTO ".TB_PREF."sales_types (sales_type,tax_included) VALUES ('$name','$tax_included')";
+       $sql = "INSERT INTO ".TB_PREF."sales_types (sales_type,tax_included) VALUES (".db_escape($name).",'$tax_included')";
                
        db_query($sql, "could not add sales type");             
 }
 
 function update_sales_type($id, $name, $tax_included)
 {
-       $sql = "UPDATE ".TB_PREF."sales_types SET sales_type = '$name',
+       $sql = "UPDATE ".TB_PREF."sales_types SET sales_type = ".db_escape($name).",
        tax_included =$tax_included WHERE id = $id";
        
        db_query($sql, "could not update sales type");                  
FrontAccounting stable branch