X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fshipping_companies.php;h=ec9f89536d93744df579f8c28963a36cdfa508cc;hb=6d2dce24184f25478260fcfe240ca7fcc7c61c0c;hp=9fd8af5991bd19aa6fd0b0ca538786ba60a2e3f7;hpb=6183e9450dcd7e4c747889c10903f6ff1b0add33;p=fa-stable.git

diff --git a/admin/shipping_companies.php b/admin/shipping_companies.php
index 9fd8af59..ec9f8953 100644
--- a/admin/shipping_companies.php
+++ b/admin/shipping_companies.php
@@ -36,10 +36,10 @@ if (isset($_POST['ADD_ITEM']) && can_process())
 {
 
 	$sql = "INSERT INTO ".TB_PREF."shippers (shipper_name, contact, phone, address)
-		VALUES ('" . $_POST['shipper_name'] . "', '" .
-		$_POST['contact'] . "', '" .
-		$_POST['phone'] . "', '" .
-		$_POST['address'] . "')";
+		VALUES (" . db_escape($_POST['shipper_name']) . ", " .
+		db_escape($_POST['contact']). ", " .
+		db_escape($_POST['phone']). ", " .
+		db_escape($_POST['address']) . ")";
 
 	db_query($sql,"The Shipping Company could not be added");
 	meta_forward($_SERVER['PHP_SELF']);
@@ -50,10 +50,10 @@ if (isset($_POST['ADD_ITEM']) && can_process())
 if (isset($_POST['UPDATE_ITEM']) && can_process()) 
 {
 
-	$sql = "UPDATE ".TB_PREF."shippers SET shipper_name='" . $_POST['shipper_name'] . "' ,
-		contact ='" . $_POST['contact'] . "' ,
-		phone ='" . $_POST['phone'] . "' ,
-		address ='" . $_POST['address'] . "'
+	$sql = "UPDATE ".TB_PREF."shippers SET shipper_name=" . db_escape($_POST['shipper_name']). " ,
+		contact =" . db_escape($_POST['contact']). " ,
+		phone =" . db_escape($_POST['phone']). " ,
+		address =" . db_escape($_POST['address']). "
 		WHERE shipper_id = $selected_id";
 
 	db_query($sql,"The shipping company could not be updated");