projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Sealing against XSS atacks: purchasing,sales,install,admin,taxes
[fa-stable.git] / sales / manage / sales_areas.php
diff --git a/sales/manage/sales_areas.php b/sales/manage/sales_areas.php
index 7aed3e6e04f0203cbc0ee85feedd41f709b9e09f..7b993667eeb5534632f6e083df4edf293463c181 100644 (file)
--- a/sales/manage/sales_areas.php
+++ b/sales/manage/sales_areas.php
@@ -33,12 +33,12 @@ if (isset($_POST['ADD_ITEM']) || isset($_POST['UPDATE_ITEM']))
        {
        if (isset($selected_id)) 
        {
-               $sql = "UPDATE ".TB_PREF."areas SET description='" . $_POST['description'] . "' WHERE area_code = '$selected_id'";
+               $sql = "UPDATE ".TB_PREF."areas SET description=".db_escape($_POST['description'])." WHERE area_code = '$selected_id'";
        } 
        else 
        {
     
-               $sql = "INSERT INTO ".TB_PREF."areas (description) VALUES ('" . $_POST['description'] . "')";
+               $sql = "INSERT INTO ".TB_PREF."areas (description) VALUES (".db_escape($_POST['description']) . ")";
        }
     
        db_query($sql,"The sales area could not be updated or added");
FrontAccounting stable branch