X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fdb%2Fcomments_db.inc;h=d431e97d108a2d3f72ff322e65327097749338eb;hb=05ba2d82d4230a8ea991920515cdc2377fcacfd0;hp=6f9ba120a7a754606ab9cae492c6fc30b0483adc;hpb=46d3debec422c5ad5ee99c4acfe42bfa60308afb;p=fa-stable.git diff --git a/includes/db/comments_db.inc b/includes/db/comments_db.inc index 6f9ba120..d431e97d 100644 --- a/includes/db/comments_db.inc +++ b/includes/db/comments_db.inc @@ -1,5 +1,14 @@ . +***********************************************************************/ //-------------------------------------------------------------------------------------------------- function get_comments($type, $type_no) @@ -17,7 +26,7 @@ function add_comments($type, $type_no, $date_, $memo_) { $date = date2sql($date_); $sql = "INSERT INTO ".TB_PREF."comments (type, id, date_, memo_) - VALUES ($type, $type_no, '$date', ".db_quote($memo_).")"; + VALUES ($type, $type_no, '$date', ".db_escape($memo_).")"; db_query($sql, "could not add comments transaction entry"); } @@ -30,12 +39,12 @@ function update_comments($type, $id, $date_, $memo_) if ($date_ == null) { delete_comments($type, $id); - add_comments($type, $id, '', $memo_); + add_comments($type, $id, Today(), $memo_); } else { $date = date2sql($date_); - $sql = "UPDATE ".TB_PREF."comments SET memo_=".db_quote($memo_)." WHERE type=$type AND id=$id AND date_='$date'"; + $sql = "UPDATE ".TB_PREF."comments SET memo_=".db_escape($memo_)." WHERE type=$type AND id=$id AND date_='$date'"; db_query($sql, "could not update comments"); } }