X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=dimensions%2Fincludes%2Fdimensions_db.inc;h=d0299b668b740906efa69d4dd3f3107fab557ba6;hb=156d47999bf4384377ab07d8a23d622d55d1f4d7;hp=8ad1cfb1f35edf6ce29dd573f23acd805a743c56;hpb=7a50c189ea995d5fe6785feb7710c00396065d2b;p=fa-stable.git

diff --git a/dimensions/includes/dimensions_db.inc b/dimensions/includes/dimensions_db.inc
index 8ad1cfb1..d0299b66 100644
--- a/dimensions/includes/dimensions_db.inc
+++ b/dimensions/includes/dimensions_db.inc
@@ -8,7 +8,7 @@ function add_dimension($reference, $name, $type_, $date_, $due_date, $memo_)
 	$duedate = date2sql($due_date);
 
 	$sql = "INSERT INTO ".TB_PREF."dimensions (reference, name, type_, date_, due_date)
-		VALUES ('$reference', '$name', $type_, '$date', '$duedate')";
+		VALUES (".db_escape($reference).", ".db_escape($name).", $type_, '$date', '$duedate')";
 	db_query($sql, "could not add dimension");
 
 	$id = db_insert_id();
@@ -29,7 +29,7 @@ function update_dimension($id, $name, $type_, $date_, $due_date, $memo_)
 	$date = date2sql($date_);
 	$duedate = date2sql($due_date);
 
-	$sql = "UPDATE ".TB_PREF."dimensions SET name='$name',
+	$sql = "UPDATE ".TB_PREF."dimensions SET name=".db_escape($name).",
 		type_ = $type_,
 		date_='$date',
 		due_date='$duedate'