X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fdb%2Fvoiding_db.inc;h=59e3680d2ab9ed08e617e9352136791922485d4d;hb=7d9fe15f85c15572535c5fa4555b9a72e9d93f04;hp=fafac43051a38b3ded47f04514dd9b404c166690;hpb=d567a10b7925c8bb97c734e213d6651a979af29d;p=fa-stable.git

diff --git a/admin/db/voiding_db.inc b/admin/db/voiding_db.inc
index fafac430..59e3680d 100644
--- a/admin/db/voiding_db.inc
+++ b/admin/db/voiding_db.inc
@@ -110,7 +110,8 @@ function void_transaction($type, $type_no, $date_, $memo_)
 
 function get_voided_entry($type, $type_no)
 {
-	$sql = "SELECT * FROM ".TB_PREF."voided WHERE type=$type AND id=$type_no";
+	$sql = "SELECT * FROM ".TB_PREF."voided WHERE type=".db_escape($type)
+		." AND id=".db_escape($type_no);
 
 	$result = db_query($sql, "could not query voided transaction table");
 
@@ -123,7 +124,8 @@ function add_voided_entry($type, $type_no, $date_, $memo_)
 {
 	$date = date2sql($date_);
 	$sql = "INSERT INTO ".TB_PREF."voided (type, id, date_, memo_)
-		VALUES ($type, $type_no, ".db_escape($date).", ".db_escape($memo_).")";
+		VALUES (".db_escape($type).", ".db_escape($type_no).", "
+		.db_escape($date).", ".db_escape($memo_).")";
 
 	db_query($sql, "could not add voided transaction entry");
 }