X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fdb%2Fcompany_db.inc;h=6a0a4ac4ff6bfc039efc026cb1adcf94dbc3da4f;hb=54d84ff9a67620ab38c676cdbcf87853632724f0;hp=672d95458e6335a58d82570f6a0876e32a673f6c;hpb=d567a10b7925c8bb97c734e213d6651a979af29d;p=fa-stable.git

diff --git a/admin/db/company_db.inc b/admin/db/company_db.inc
index 672d9545..6a0a4ac4 100644
--- a/admin/db/company_db.inc
+++ b/admin/db/company_db.inc
@@ -118,14 +118,14 @@ function add_fiscalyear($from_date, $to_date, $closed)
 	$to = date2sql($to_date);
 
 	$sql = "INSERT INTO ".TB_PREF."fiscal_year (begin, end, closed)
-		VALUES (".db_escape($from).",".db_escape($to).", $closed)";
+		VALUES (".db_escape($from).",".db_escape($to).", ".db_escape($closed).")";
 
 	db_query($sql, "could not add fiscal year");
 }
 
 function update_fiscalyear($id, $closed)
 {
-	$sql = "UPDATE ".TB_PREF."fiscal_year SET closed=$closed
+	$sql = "UPDATE ".TB_PREF."fiscal_year SET closed=".db_escape($closed)."
 		WHERE id=".db_escape($id);
 
 	db_query($sql, "could not update fiscal year");
@@ -151,7 +151,7 @@ function get_current_fiscalyear()
 {
 	$year = get_company_pref('f_year');
 
-	$sql = "SELECT * FROM ".TB_PREF."fiscal_year WHERE id=$year";
+	$sql = "SELECT * FROM ".TB_PREF."fiscal_year WHERE id=".db_escape($year);
 
 	$result = db_query($sql, "could not get current fiscal year");