X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=purchasing%2Fincludes%2Fpurchasing_db.inc;h=dc9ceccd20293ae65ef70634d37428d1daf61ee3;hb=61c780745e4743d3bf4c8ef8d23ad2f34ddc121b;hp=da038358b1faf5fb95d3cf13e42f1745a6112f88;hpb=8e3567f6952033224a613d9b5a42017bc6295aef;p=fa-stable.git

diff --git a/purchasing/includes/purchasing_db.inc b/purchasing/includes/purchasing_db.inc
index da038358..dc9ceccd 100644
--- a/purchasing/includes/purchasing_db.inc
+++ b/purchasing/includes/purchasing_db.inc
@@ -32,12 +32,12 @@ include_once($path_to_root . "/purchasing/includes/db/suppliers_db.inc");
 // $amount is in SUPPLIERS'S currency
 
 function add_gl_trans_supplier($type, $type_no, $date_, $account, $dimension, $dimension2,  
-	$amount, $supplier_id, $err_msg="", $rate=0)
+	$amount, $supplier_id, $err_msg="", $rate=0, $memo="")
 {
 	if ($err_msg == "")
 		$err_msg = "The supplier GL transaction could not be inserted";	
 		
-	return add_gl_trans($type, $type_no, $date_, $account, $dimension, $dimension2, "", 
+	return add_gl_trans($type, $type_no, $date_, $account, $dimension, $dimension2, $memo, 
 		$amount, get_supplier_currency($supplier_id), 
 		payment_person_types::supplier(), $supplier_id, $err_msg, $rate);
 }
@@ -98,7 +98,7 @@ function add_or_update_purchase_data($supplier_id, $stock_id, $price, $descripti
 	{
 		$sql = "INSERT INTO ".TB_PREF."purch_data (supplier_id, stock_id, price, suppliers_uom,
 			conversion_factor, supplier_description) VALUES ('$supplier_id', '$stock_id', 
-			$price, '$uom', 1, '$description')";
+			$price, '$uom', 1, ".db_escape($description).")";
 		db_query($sql,"The supplier purchasing details could not be added");
 		return;
 	}	
@@ -107,7 +107,7 @@ function add_or_update_purchase_data($supplier_id, $stock_id, $price, $descripti
 	if ($uom != "")
 		$sql .= ",suppliers_uom='$uom'";
 	if ($description != "")	
-		$sql .= ",supplier_description='$description'";
+		$sql .= ",supplier_description=".db_escape($description);
 	$sql .= " WHERE stock_id='$stock_id' AND supplier_id='$supplier_id'";
 	db_query($sql,"The supplier purchasing details could not be updated");
 	return true;