X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=gl%2Fincludes%2Fdb%2Fgl_db_currencies.inc;h=0c386f8395bd9f923192e8cef9ade0b36dacaa4e;hb=d567a10b7925c8bb97c734e213d6651a979af29d;hp=8c9ad97924b16ce0457b8a04eacd4e53a3d7dbe5;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/gl/includes/db/gl_db_currencies.inc b/gl/includes/db/gl_db_currencies.inc
index 8c9ad979..0c386f83 100644
--- a/gl/includes/db/gl_db_currencies.inc
+++ b/gl/includes/db/gl_db_currencies.inc
@@ -1,12 +1,21 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 //---------------------------------------------------------------------------------------------
 
 function update_currency($curr_abrev, $symbol, $currency, $country, $hundreds_name)
 {
-	$sql = "UPDATE ".TB_PREF."currencies SET currency='$currency', curr_symbol='$symbol',
-		country='$country', hundreds_name='$hundreds_name' WHERE curr_abrev = '$curr_abrev'";	
-			
+	$sql = "UPDATE ".TB_PREF."currencies SET currency=".db_escape($currency).", curr_symbol='$symbol',
+		country=".db_escape($country).", hundreds_name=".db_escape($hundreds_name)." WHERE curr_abrev = '$curr_abrev'";
+
 	db_query($sql, "could not update currency for $curr_abrev");
 }
 
@@ -14,9 +23,9 @@ function update_currency($curr_abrev, $symbol, $currency, $country, $hundreds_na
 
 function add_currency($curr_abrev, $symbol, $currency, $country, $hundreds_name)
 {
-	$sql = "INSERT INTO ".TB_PREF."currencies (curr_abrev, curr_symbol, currency, country, hundreds_name) 
-		VALUES ('$curr_abrev', '$symbol', '$currency', '$country', '$hundreds_name')";
-	
+	$sql = "INSERT INTO ".TB_PREF."currencies (curr_abrev, curr_symbol, currency, country, hundreds_name)
+		VALUES (".db_escape($curr_abrev).", '$symbol', ".db_escape($currency).", ".db_escape($country).", ".db_escape($hundreds_name).")";
+
 	db_query($sql, "could not add currency for $curr_abrev");
 }
 
@@ -26,7 +35,7 @@ function delete_currency($curr_code)
 {
 	$sql="DELETE FROM ".TB_PREF."currencies WHERE curr_abrev='$curr_code'";
 	db_query($sql, "could not delete currency	$curr_code");
-	
+
 	$sql="DELETE FROM ".TB_PREF."exchange_rates WHERE curr_code='$curr_code'";
 	db_query($sql, "could not delete exchange rates for currency $curr_code");
 }
@@ -35,18 +44,18 @@ function delete_currency($curr_code)
 
 function get_currency($curr_code)
 {
-	$sql = "SELECT * FROM ".TB_PREF."currencies WHERE curr_abrev='$curr_code'";	
+	$sql = "SELECT * FROM ".TB_PREF."currencies WHERE curr_abrev='$curr_code'";
 	$result = db_query($sql, "could not get currency $curr_code");
-	
+
 	$row = db_fetch($result);
-	return $row;			
+	return $row;
 }
 
 //---------------------------------------------------------------------------------------------
 
 function get_currencies()
 {
-	$sql = "SELECT * FROM ".TB_PREF."currencies";	
+	$sql = "SELECT * FROM ".TB_PREF."currencies";
 	return db_query($sql, "could not get currencies");
 }