X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=gl%2Fincludes%2Fdb%2Fgl_db_bank_accounts.inc;h=2c405614b9b8b2db9f8a9db18e1894df73bd18fb;hb=65c68ebb3a09aa06418fb7f5e1712ca8012d756f;hp=138ad95a40c78c9aa57b48e211a625375e4ac1f6;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/gl/includes/db/gl_db_bank_accounts.inc b/gl/includes/db/gl_db_bank_accounts.inc
index 138ad95a..2c405614 100644
--- a/gl/includes/db/gl_db_bank_accounts.inc
+++ b/gl/includes/db/gl_db_bank_accounts.inc
@@ -2,28 +2,28 @@
 
 //---------------------------------------------------------------------------------------------
 
-function add_bank_account($account_code, $account_type, $bank_account_name, $bank_name, $bank_account_number, 
+function add_bank_account($account_code, $account_type, $bank_account_name, $bank_name, $bank_account_number,
 	$bank_address, $bank_curr_code)
 {
-	$sql = "INSERT INTO ".TB_PREF."bank_accounts (account_code, account_type, bank_account_name, bank_name, bank_account_number, bank_address, bank_curr_code) 
-		VALUES ('$account_code', $account_type, '$bank_account_name', '$bank_name', '$bank_account_number', 
-		'$bank_address', '$bank_curr_code')";	
-	
+	$sql = "INSERT INTO ".TB_PREF."bank_accounts (account_code, account_type, bank_account_name, bank_name, bank_account_number, bank_address, bank_curr_code)
+		VALUES (".db_escape($account_code).", $account_type, ".db_escape($bank_account_name).", ".db_escape($bank_name).", ".db_escape($bank_account_number).",
+		".db_escape($bank_address).", '$bank_curr_code')";
+
 	db_query($sql, "could not add a bank account for $account_code");
 }
 
 //---------------------------------------------------------------------------------------------
 
-function update_bank_account($account_code, $account_type, $bank_account_name, $bank_name, $bank_account_number, 
+function update_bank_account($account_code, $account_type, $bank_account_name, $bank_name, $bank_account_number,
 	$bank_address, $bank_curr_code)
 {
-	$sql = "UPDATE ".TB_PREF."bank_accounts	SET account_type = $account_type, 
-		bank_account_name='$bank_account_name', bank_name='$bank_name',
-		bank_account_number='$bank_account_number', bank_curr_code='$bank_curr_code',
-		bank_address='$bank_address' WHERE account_code = '$account_code'";
-			
+	$sql = "UPDATE ".TB_PREF."bank_accounts	SET account_type = $account_type,
+		bank_account_name=".db_escape($bank_account_name).", bank_name=".db_escape($bank_name).",
+		bank_account_number=".db_escape($bank_account_number).", bank_curr_code='$bank_curr_code',
+		bank_address=".db_escape($bank_address)." WHERE account_code = '$account_code'";
+
 	db_query($sql, "could not update bank account for $account_code");
-}	
+}
 
 //---------------------------------------------------------------------------------------------
 
@@ -31,7 +31,7 @@ function delete_bank_account($account_code)
 {
 	$sql = "DELETE FROM ".TB_PREF."bank_accounts WHERE account_code='$account_code'";
 
-	db_query($sql,"could not delete bank account for $account_code");	
+	db_query($sql,"could not delete bank account for $account_code");
 }
 
 
@@ -42,7 +42,7 @@ function get_bank_account($account_code)
 	$sql = "SELECT * FROM ".TB_PREF."bank_accounts WHERE account_code='$account_code'";
 
 	$result = db_query($sql, "could not retreive bank account for $account_code");
-	
+
 	return db_fetch($result);
 }