X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=gl%2Fincludes%2Fdb%2Fgl_db_accounts.inc;h=7b1cb63bec9b81741bd65933ee2018deb98e04d7;hb=54d84ff9a67620ab38c676cdbcf87853632724f0;hp=45fb83018d477915784c624e6109d8de0bbe7268;hpb=2829455fee1259fb5013f382309cb3e61e9381ef;p=fa-stable.git

diff --git a/gl/includes/db/gl_db_accounts.inc b/gl/includes/db/gl_db_accounts.inc
index 45fb8301..7b1cb63b 100644
--- a/gl/includes/db/gl_db_accounts.inc
+++ b/gl/includes/db/gl_db_accounts.inc
@@ -13,7 +13,8 @@ function add_gl_account($account_code, $account_name, $account_type, $account_co
 {
 	$account_name = db_escape($account_name);
 	$sql = "INSERT INTO ".TB_PREF."chart_master (account_code, account_code2, account_name, account_type)
-		VALUES (".db_escape($account_code).", ".db_escape($account_code2).", $account_name, $account_type)";
+		VALUES (".db_escape($account_code).", ".db_escape($account_code2).", "
+			.db_escape($account_name).", ".db_escape($account_type).")";
 
 	db_query($sql, "could not add gl account");
 }
@@ -21,16 +22,16 @@ function add_gl_account($account_code, $account_name, $account_type, $account_co
 function update_gl_account($account_code, $account_name, $account_type, $account_code2)
 {
 	$account_name = db_escape($account_name);
-    $sql = "UPDATE ".TB_PREF."chart_master SET account_name=$account_name,
-		account_type=$account_type, account_code2=".db_escape($account_code2)
-		." WHERE account_code = '$account_code'";
+    $sql = "UPDATE ".TB_PREF."chart_master SET account_name=".db_escape($account_name)
+    .",account_type=".db_escape($account_type).", account_code2=".db_escape($account_code2)
+		." WHERE account_code = ".db_escape($account_code);
 
 	db_query($sql, "could not update gl account");
 }
 
 function delete_gl_account($code)
 {
-	$sql = "DELETE FROM ".TB_PREF."chart_master WHERE account_code='$code'";
+	$sql = "DELETE FROM ".TB_PREF."chart_master WHERE account_code=".db_escape($code);
 
 	db_query($sql, "could not delete gl account");
 }
@@ -41,9 +42,9 @@ function get_gl_accounts($from=null, $to=null)
 		FROM ".TB_PREF."chart_master,".TB_PREF."chart_types
 		WHERE ".TB_PREF."chart_master.account_type=".TB_PREF."chart_types.id";
 	if ($from != null)
-		$sql .= " AND ".TB_PREF."chart_master.account_code >= '$from'";
+		$sql .= " AND ".TB_PREF."chart_master.account_code >= ".db_escape($from);
 	if ($to != null)
-		$sql .= " AND ".TB_PREF."chart_master.account_code <= '$to'";
+		$sql .= " AND ".TB_PREF."chart_master.account_code <= ".db_escape($to);
 	$sql .= " ORDER BY account_code";
 
 	return db_query($sql, "could not get gl accounts");
@@ -71,7 +72,7 @@ function get_gl_accounts_all($balance=-1)
 
 function get_gl_account($code)
 {
-	$sql = "SELECT * FROM ".TB_PREF."chart_master WHERE account_code='$code'";
+	$sql = "SELECT * FROM ".TB_PREF."chart_master WHERE account_code=".db_escape($code);
 
 	$result = db_query($sql, "could not get gl account");
 	return db_fetch($result);
@@ -79,10 +80,11 @@ function get_gl_account($code)
 
 function is_account_balancesheet($code)
 {
-	$sql = "SELECT ".TB_PREF."chart_class.balance_sheet FROM ".TB_PREF."chart_class, ".TB_PREF."chart_types, ".TB_PREF."chart_master
+	$sql = "SELECT ".TB_PREF."chart_class.balance_sheet FROM ".TB_PREF."chart_class, "
+		.TB_PREF."chart_types, ".TB_PREF."chart_master
 		WHERE ".TB_PREF."chart_master.account_type=".TB_PREF."chart_types.id AND
 		".TB_PREF."chart_types.class_id=".TB_PREF."chart_class.cid
-		AND ".TB_PREF."chart_master.account_code='$code'";
+		AND ".TB_PREF."chart_master.account_code=".db_escape($code);
 
 	$result = db_query($sql,"could not retreive the account class for $code");
 	$row = db_fetch_row($result);
@@ -91,7 +93,7 @@ function is_account_balancesheet($code)
 
 function get_gl_account_name($code)
 {
-	$sql = "SELECT account_name from ".TB_PREF."chart_master WHERE account_code='$code'";
+	$sql = "SELECT account_name from ".TB_PREF."chart_master WHERE account_code=".db_escape($code);
 
 	$result = db_query($sql,"could not retreive the account name for $code");