X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fdb%2Fcomments_db.inc;h=fd7af9c5e6991a6da98fd5be2c032628b07447ab;hb=6918bb5a9e5505ebdeb1abd93127a68db5ece8b6;hp=6f9ba120a7a754606ab9cae492c6fc30b0483adc;hpb=46d3debec422c5ad5ee99c4acfe42bfa60308afb;p=fa-stable.git

diff --git a/includes/db/comments_db.inc b/includes/db/comments_db.inc
index 6f9ba120..fd7af9c5 100644
--- a/includes/db/comments_db.inc
+++ b/includes/db/comments_db.inc
@@ -17,7 +17,7 @@ function add_comments($type, $type_no, $date_, $memo_)
 	{
     	$date = date2sql($date_);
     	$sql = "INSERT INTO ".TB_PREF."comments (type, id, date_, memo_)
-    		VALUES ($type, $type_no, '$date', ".db_quote($memo_).")";
+    		VALUES ($type, $type_no, '$date', ".db_escape($memo_).")";
 
     	db_query($sql, "could not add comments transaction entry");
 	}
@@ -35,7 +35,7 @@ function update_comments($type, $id, $date_, $memo_)
 	else
 	{
 		$date = date2sql($date_);
-    	$sql = "UPDATE ".TB_PREF."comments SET memo_=".db_quote($memo_)." WHERE type=$type AND id=$id AND date_='$date'";
+    	$sql = "UPDATE ".TB_PREF."comments SET memo_=".db_escape($memo_)." WHERE type=$type AND id=$id AND date_='$date'";
     	db_query($sql, "could not update comments");
 	}
 }