X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=inventory%2Fincludes%2Fdb%2Fitems_locations_db.inc;h=ae7d352ef420b6a4e2a32f9735b17a4075901c9d;hb=54d84ff9a67620ab38c676cdbcf87853632724f0;hp=3df2780332a0a180199ced9d228f814a6ada00fa;hpb=2829455fee1259fb5013f382309cb3e61e9381ef;p=fa-stable.git

diff --git a/inventory/includes/db/items_locations_db.inc b/inventory/includes/db/items_locations_db.inc
index 3df27803..ae7d352e 100644
--- a/inventory/includes/db/items_locations_db.inc
+++ b/inventory/includes/db/items_locations_db.inc
@@ -12,13 +12,14 @@
 function add_item_location($loc_code, $location_name, $delivery_address, $phone, $fax, $email, $contact)
 {
 	$sql = "INSERT INTO ".TB_PREF."locations (loc_code, location_name, delivery_address, phone, fax, email, contact)
-		VALUES (".db_escape($loc_code).", ".db_escape($location_name).", ".db_escape($delivery_address).", ".db_escape($phone).", ".db_escape($fax).", ".db_escape($email).", ".db_escape($contact).")";
-
+		VALUES (".db_escape($loc_code).", ".db_escape($location_name)
+		.", ".db_escape($delivery_address).", ".db_escape($phone)
+		.", ".db_escape($fax).", ".db_escape($email).", ".db_escape($contact).")";
 	db_query($sql,"a location could not be added");
 
 	/* Also need to add loc_stock records for all existing items */
 	$sql = "INSERT INTO ".TB_PREF."loc_stock (loc_code, stock_id, reorder_level)
-		SELECT '$loc_code', ".TB_PREF."stock_master.stock_id, 0 FROM ".TB_PREF."stock_master";
+		SELECT ".db_escape($loc_code).", ".TB_PREF."stock_master.stock_id, 0 FROM ".TB_PREF."stock_master";
 
 	db_query($sql,"a location could not be added");
 }
@@ -32,7 +33,7 @@ function update_item_location($loc_code, $location_name, $delivery_address, $pho
     	delivery_address=".db_escape($delivery_address).",
     	phone=".db_escape($phone).", fax=".db_escape($fax).",
     	email=".db_escape($email).", contact=".db_escape($contact)."
-    	WHERE loc_code = '$loc_code'";
+    	WHERE loc_code = ".db_escape($loc_code);
 
 	db_query($sql,"a location could not be updated");
 }
@@ -41,10 +42,10 @@ function update_item_location($loc_code, $location_name, $delivery_address, $pho
 
 function delete_item_location($item_location)
 {
-	$sql="DELETE FROM ".TB_PREF."locations WHERE loc_code='$item_location'";
+	$sql="DELETE FROM ".TB_PREF."locations WHERE loc_code=".db_escape($item_location);
 	db_query($sql,"a location could not be deleted");
 
-	$sql = "DELETE FROM ".TB_PREF."loc_stock WHERE loc_code ='$item_location'";
+	$sql = "DELETE FROM ".TB_PREF."loc_stock WHERE loc_code =".db_escape($item_location);
 	db_query($sql,"a location could not be deleted");
 }
 
@@ -52,7 +53,7 @@ function delete_item_location($item_location)
 
 function get_item_location($item_location)
 {
-	$sql="SELECT * FROM ".TB_PREF."locations WHERE loc_code='$item_location'";
+	$sql="SELECT * FROM ".TB_PREF."locations WHERE loc_code=".db_escape($item_location);
 
 	$result = db_query($sql,"a location could not be retrieved");
 
@@ -64,7 +65,7 @@ function get_item_location($item_location)
 function set_reorder_level($stock_id, $loc_code, $reorder_level)
 {
 	$sql = "UPDATE ".TB_PREF."loc_stock SET reorder_level = $reorder_level
-		WHERE stock_id = '$stock_id' AND loc_code = '$loc_code'";
+		WHERE stock_id = ".db_escape($stock_id)." AND loc_code = ".db_escape($loc_code);
 
 	db_query($sql,"an item reorder could not be set");
 }
@@ -76,7 +77,8 @@ function get_loc_details($stock_id)
 	$sql = "SELECT ".TB_PREF."loc_stock.*, ".TB_PREF."locations.location_name
 		FROM ".TB_PREF."loc_stock, ".TB_PREF."locations
 		WHERE ".TB_PREF."loc_stock.loc_code=".TB_PREF."locations.loc_code
-		AND ".TB_PREF."loc_stock.stock_id = '" . $stock_id . "' ORDER BY ".TB_PREF."loc_stock.loc_code";
+		AND ".TB_PREF."loc_stock.stock_id = ".db_escape($stock_id) 
+		." ORDER BY ".TB_PREF."loc_stock.loc_code";
 	return db_query($sql,"an item reorder could not be retreived");
 }