X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=manufacturing%2Fincludes%2Fdb%2Fwork_centres_db.inc;h=18adc74fdaceba36c7d3d5f195a11f05ab3bd00b;hb=d8863db36cebcc809e1d9000c1f4c81dc4e460d1;hp=e1b8a023a63b112ef8b85a85dba71253f83cf3f2;hpb=0b253e5e0d23400838d3bfb4f27fb3fb2637b3ab;p=fa-stable.git

diff --git a/manufacturing/includes/db/work_centres_db.inc b/manufacturing/includes/db/work_centres_db.inc
index e1b8a023..18adc74f 100644
--- a/manufacturing/includes/db/work_centres_db.inc
+++ b/manufacturing/includes/db/work_centres_db.inc
@@ -20,7 +20,7 @@ function add_work_centre($name, $description)
 function update_work_centre($type_id, $name, $description)
 {
 	$sql = "UPDATE ".TB_PREF."workcentres SET name=".db_escape($name).", description=".db_escape($description)."
-		WHERE id=$type_id";
+		WHERE id=".db_escape($type_id);
 
 	db_query($sql, "could not update work centre");
 }
@@ -35,7 +35,7 @@ function get_all_work_centres($all=false)
 
 function get_work_centre($type_id)
 {
-	$sql = "SELECT * FROM ".TB_PREF."workcentres WHERE id=$type_id";
+	$sql = "SELECT * FROM ".TB_PREF."workcentres WHERE id=".db_escape($type_id);
 
 	$result = db_query($sql, "could not get work centre");
 
@@ -44,7 +44,7 @@ function get_work_centre($type_id)
 
 function delete_work_centre($type_id)
 {
-	$sql="DELETE FROM ".TB_PREF."workcentres WHERE id=$type_id";
+	$sql="DELETE FROM ".TB_PREF."workcentres WHERE id=".db_escape($type_id);
 
 	db_query($sql, "could not delete work centre");
 }