X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fdb%2Freferences_db.inc;h=16d599e0cc8fce132c28f7dd2f447edce9845e96;hb=652bb39a7321f6c4bb73ea96071f068ae1358af8;hp=9b769859da7269053c91462100cb78fa56de1dab;hpb=46d3debec422c5ad5ee99c4acfe42bfa60308afb;p=fa-stable.git

diff --git a/includes/db/references_db.inc b/includes/db/references_db.inc
index 9b769859..16d599e0 100644
--- a/includes/db/references_db.inc
+++ b/includes/db/references_db.inc
@@ -1,12 +1,23 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 //--------------------------------------------------------------------------------------------------
 
 function get_reference($type, $id)
 {
 	$sql = "SELECT * FROM ".TB_PREF."refs WHERE type=$type AND id=$id";
 
-	return db_query($sql, "could not query reference table");
+	$result = db_query($sql, "could not query reference table");
+    $row = db_fetch($result);
+    return $row['reference'];
 }
 
 //--------------------------------------------------------------------------------------------------
@@ -14,7 +25,7 @@ function get_reference($type, $id)
 function add_reference($type, $id, $reference)
 {
 	$sql = "INSERT INTO ".TB_PREF."refs (type, id, reference)
-		VALUES ($type, $id, " . db_quote(trim($reference)) . ")";
+		VALUES ($type, $id, " . db_escape(trim($reference)) . ")";
 
 	db_query($sql, "could not add reference entry");
 }
@@ -43,7 +54,7 @@ function find_reference($type, $reference)
 
 function save_next_reference($type, $reference)
 {
-    $sql = "UPDATE ".TB_PREF."sys_types SET next_reference=" . db_quote(trim($reference)) . " WHERE type_id = $type";
+    $sql = "UPDATE ".TB_PREF."sys_types SET next_reference=" . db_escape(trim($reference)) . " WHERE type_id = $type";
 
 	db_query($sql, "The next transaction ref for $type could not be updated");
 }