X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=gl%2Fincludes%2Fdb%2Fgl_db_accounts.inc;h=4d51985f1ce959a1a8042b1b5b8da45a93b6af0e;hb=65c68ebb3a09aa06418fb7f5e1712ca8012d756f;hp=275037086c872b499163b2ccab026780ae225b28;hpb=f00216978947d0fd076550f1969430265a270ce7;p=fa-stable.git

diff --git a/gl/includes/db/gl_db_accounts.inc b/gl/includes/db/gl_db_accounts.inc
index 27503708..4d51985f 100644
--- a/gl/includes/db/gl_db_accounts.inc
+++ b/gl/includes/db/gl_db_accounts.inc
@@ -5,8 +5,8 @@ function add_gl_account($account_code, $account_name, $account_type, $account_co
 {
 	$account_name = db_escape($account_name);
 	$sql = "INSERT INTO ".TB_PREF."chart_master (account_code, account_code2, account_name, account_type,
-		tax_code) 
-		VALUES ('$account_code', '$account_code2', $account_name, $account_type, $tax_code)";
+		tax_code)
+		VALUES (".db_escape($account_code).", ".db_escape($account_code2).", $account_name, $account_type, $tax_code)";
 
 	db_query($sql, "could not add gl account");
 }
@@ -15,7 +15,7 @@ function update_gl_account($account_code, $account_name, $account_type, $account
 {
 	$account_name = db_escape($account_name);
     $sql = "UPDATE ".TB_PREF."chart_master SET account_name=$account_name,
-		account_type=$account_type, account_code2='$account_code2',
+		account_type=$account_type, account_code2=".db_escape($account_code2).",
 		tax_code=$tax_code WHERE account_code = '$account_code'";
 
 	db_query($sql, "could not update gl account");
@@ -35,10 +35,10 @@ function get_gl_accounts($from=null, $to=null)
 		WHERE ".TB_PREF."chart_master.account_type=".TB_PREF."chart_types.id";
 	if ($from != null)
 		$sql .= " AND ".TB_PREF."chart_master.account_code >= '$from'";
-	if ($to != null)	
+	if ($to != null)
 		$sql .= " AND ".TB_PREF."chart_master.account_code <= '$to'";
 	$sql .= " ORDER BY account_code";
-	
+
 	return db_query($sql, "could not get gl accounts");
 }
 
@@ -48,10 +48,10 @@ function get_gl_accounts_all($balance=-1)
 		FROM ".TB_PREF."chart_master,".TB_PREF."chart_types, ".TB_PREF."chart_class
 		WHERE ".TB_PREF."chart_master.account_type=".TB_PREF."chart_types.id AND
 		".TB_PREF."chart_types.class_id=".TB_PREF."chart_class.cid";
-	if ($balance != -1)				
+	if ($balance != -1)
 		$sql .= " AND ".TB_PREF."chart_class.balance_sheet=$balance";
 	$sql .= " ORDER BY ".TB_PREF."chart_class.cid, ".TB_PREF."chart_types.id, ".TB_PREF."chart_master.account_code";
-	
+
 	return db_query($sql, "could not get gl accounts");
 }
 
@@ -69,12 +69,12 @@ function is_account_balancesheet($code)
 		WHERE ".TB_PREF."chart_master.account_type=".TB_PREF."chart_types.id AND
 		".TB_PREF."chart_types.class_id=".TB_PREF."chart_class.cid
 		AND ".TB_PREF."chart_master.account_code='$code'";
-	
+
 	$result = db_query($sql,"could not retreive the account class for $code");
 	$row = db_fetch_row($result);
 	return $row[0];
 }
-	
+
 function get_gl_account_name($code)
 {
 	$sql = "SELECT account_name from ".TB_PREF."chart_master WHERE account_code='$code'";