X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=gl%2Fincludes%2Fdb%2Fgl_db_accounts.inc;h=920facba71f574ed6e58cd61621ae8bea719261f;hb=97023f8706bb7149c62ca49eaec123cca3c51fa0;hp=e48823f33e6ec80fad1f08958d925b9125aaea77;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/gl/includes/db/gl_db_accounts.inc b/gl/includes/db/gl_db_accounts.inc
index e48823f3..920facba 100644
--- a/gl/includes/db/gl_db_accounts.inc
+++ b/gl/includes/db/gl_db_accounts.inc
@@ -3,6 +3,7 @@
 
 function add_gl_account($account_code, $account_name, $account_type, $account_code2, $tax_code)
 {
+	$account_name = db_escape($account_name);
 	$sql = "INSERT INTO ".TB_PREF."chart_master (account_code, account_code2, account_name, account_type,
 		tax_code) 
 		VALUES ('$account_code', '$account_code2', '$account_name', $account_type, $tax_code)";
@@ -12,16 +13,17 @@ function add_gl_account($account_code, $account_name, $account_type, $account_co
 
 function update_gl_account($account_code, $account_name, $account_type, $account_code2, $tax_code)
 {
+	$account_name = db_escape($account_name);
     $sql = "UPDATE ".TB_PREF."chart_master SET account_name='$account_name',
 		account_type=$account_type, account_code2='$account_code2',
-		tax_code=$tax_code WHERE account_code = $account_code";
+		tax_code=$tax_code WHERE account_code = '$account_code'";
 
 	db_query($sql, "could not update gl account");
 }
 
 function delete_gl_account($code)
 {
-	$sql = "DELETE FROM ".TB_PREF."chart_master WHERE account_code=$code";
+	$sql = "DELETE FROM ".TB_PREF."chart_master WHERE account_code='$code'";
 
 	db_query($sql, "could not delete gl account");
 }
@@ -55,7 +57,7 @@ function get_gl_accounts_all($balance=-1)
 
 function get_gl_account($code)
 {
-	$sql = "SELECT * FROM ".TB_PREF."chart_master WHERE account_code=$code";
+	$sql = "SELECT * FROM ".TB_PREF."chart_master WHERE account_code='$code'";
 
 	$result = db_query($sql, "could not get gl account");
 	return db_fetch($result);