X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=gl%2Fincludes%2Fdb%2Fgl_db_currencies.inc;h=a4ddf95a4807febd1fabc9dda7f6b667194773d2;hb=9a98bb3bc7a94f1a8e47f8dab45a87c8b4212080;hp=342cddc4eb6275c6a45424fa861c760547cc8eb7;hpb=a1e0df1ef259550f26bc150cf912fd518c7344e3;p=fa-stable.git

diff --git a/gl/includes/db/gl_db_currencies.inc b/gl/includes/db/gl_db_currencies.inc
index 342cddc4..a4ddf95a 100644
--- a/gl/includes/db/gl_db_currencies.inc
+++ b/gl/includes/db/gl_db_currencies.inc
@@ -14,9 +14,11 @@
 function update_currency($curr_abrev, $symbol, $currency, $country, 
 	$hundreds_name, $auto_update)
 {
-	$sql = "UPDATE ".TB_PREF."currencies SET currency=".db_escape($currency).", curr_symbol='$symbol',
-		country=".db_escape($country).", hundreds_name=".db_escape($hundreds_name)
-		.",auto_update = '$auto_update'"." WHERE curr_abrev = '$curr_abrev'";
+	$sql = "UPDATE ".TB_PREF."currencies SET currency=".db_escape($currency)
+		.", curr_symbol=".db_escape($symbol).",	country=".db_escape($country)
+		.", hundreds_name=".db_escape($hundreds_name)
+		.",auto_update = ".db_escape($auto_update)
+			." WHERE curr_abrev = ".db_escape($curr_abrev);
 
 	db_query($sql, "could not update currency for $curr_abrev");
 }
@@ -26,11 +28,11 @@ function update_currency($curr_abrev, $symbol, $currency, $country,
 function add_currency($curr_abrev, $symbol, $currency, $country, 
 	$hundreds_name, $auto_update)
 {
-	$sql = "INSERT INTO ".TB_PREF."currencies (curr_abrev, curr_symbol, currency, country, 
-		hundreds_name, auto_update)
-		VALUES (".db_escape($curr_abrev).", '$symbol', ".db_escape($currency)
-		.", ".db_escape($country).", ".db_escape($hundreds_name)
-		.",".db_escape($auto_update).")";
+	$sql = "INSERT INTO ".TB_PREF."currencies (curr_abrev, curr_symbol, currency, 
+			country, hundreds_name, auto_update)
+		VALUES (".db_escape($curr_abrev).", ".db_escape($symbol).", "
+		.db_escape($currency).", ".db_escape($country).", "
+		.db_escape($hundreds_name).",".db_escape($auto_update).")";
 
 	db_query($sql, "could not add currency for $curr_abrev");
 }
@@ -39,7 +41,7 @@ function add_currency($curr_abrev, $symbol, $currency, $country,
 
 function delete_currency($curr_code)
 {
-	$sql="DELETE FROM ".TB_PREF."currencies WHERE curr_abrev='$curr_code'";
+	$sql="DELETE FROM ".TB_PREF."currencies WHERE curr_abrev=".db_escape($curr_code);
 	db_query($sql, "could not delete currency	$curr_code");
 
 	$sql="DELETE FROM ".TB_PREF."exchange_rates WHERE curr_code='$curr_code'";
@@ -50,7 +52,7 @@ function delete_currency($curr_code)
 
 function get_currency($curr_code)
 {
-	$sql = "SELECT * FROM ".TB_PREF."currencies WHERE curr_abrev='$curr_code'";
+	$sql = "SELECT * FROM ".TB_PREF."currencies WHERE curr_abrev=".db_escape($curr_code);
 	$result = db_query($sql, "could not get currency $curr_code");
 
 	$row = db_fetch($result);
@@ -66,6 +68,4 @@ function get_currencies($all=false)
 	return db_query($sql, "could not get currencies");
 }
 
-//---------------------------------------------------------------------------------------------
-
 ?>
\ No newline at end of file