X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fdb%2Fcomments_db.inc;h=d431e97d108a2d3f72ff322e65327097749338eb;hb=f7bede43880bec03b2ea812a4ea87c0e1fbee969;hp=27e4405d1305184c5dc21df7a0d8a31b90e09f00;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/includes/db/comments_db.inc b/includes/db/comments_db.inc
index 27e4405d..d431e97d 100644
--- a/includes/db/comments_db.inc
+++ b/includes/db/comments_db.inc
@@ -1,11 +1,20 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 //--------------------------------------------------------------------------------------------------
 
 function get_comments($type, $type_no)
 {
 	$sql = "SELECT * FROM ".TB_PREF."comments WHERE type=$type AND id=$type_no";
-	
+
 	return db_query($sql, "could not query comments transaction table");
 }
 
@@ -13,29 +22,29 @@ function get_comments($type, $type_no)
 
 function add_comments($type, $type_no, $date_, $memo_)
 {
-	if ($memo_ != null && $memo_ != "") 
-	{	
+	if ($memo_ != null && $memo_ != "")
+	{
     	$date = date2sql($date_);
     	$sql = "INSERT INTO ".TB_PREF."comments (type, id, date_, memo_)
-    		VALUES ($type, $type_no, '$date', '$memo_')";
-    				
+    		VALUES ($type, $type_no, '$date', ".db_escape($memo_).")";
+
     	db_query($sql, "could not add comments transaction entry");
-	}				
+	}
 }
 
 //--------------------------------------------------------------------------------------------------
 
 function update_comments($type, $id, $date_, $memo_)
 {
-	if ($date_ == null) 
+	if ($date_ == null)
 	{
     	delete_comments($type, $id);
-    	add_comments($type, $id, '', $memo_);
-	} 
-	else 
+    	add_comments($type, $id, Today(), $memo_);
+	}
+	else
 	{
 		$date = date2sql($date_);
-    	$sql = "UPDATE ".TB_PREF."comments SET memo_='$memo_' WHERE type=$type AND id=$id AND date_='$date'";
+    	$sql = "UPDATE ".TB_PREF."comments SET memo_=".db_escape($memo_)." WHERE type=$type AND id=$id AND date_='$date'";
     	db_query($sql, "could not update comments");
 	}
 }
@@ -45,7 +54,7 @@ function update_comments($type, $id, $date_, $memo_)
 function delete_comments($type, $type_no)
 {
 	$sql = "DELETE FROM ".TB_PREF."comments WHERE type=$type AND id=$type_no";
-	
+
 	db_query($sql, "could not delete from comments transaction table");
 }