X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=install%2Fsave.php;h=e6de3fe9297251518ee9e0a22e4a68f325365fbb;hb=492d633dd684e8308c7aafd5922ec52cbfc60498;hp=860e1d67a647430b296c12dbfa1e07a728a5cf16;hpb=cb8cf10b735342399abfce9384565a7474b92947;p=fa-stable.git

diff --git a/install/save.php b/install/save.php
index 860e1d67..e6de3fe9 100644
--- a/install/save.php
+++ b/install/save.php
@@ -253,7 +253,7 @@ else
 // End website company name
 
 // Check if the user has entered a correct path
-if (!file_exists($path_to_root.'/sql/basic.sql')) 
+if (!file_exists($path_to_root.'/sql/en_US-demo.sql')) 
 {
 	set_error('It appears the Absolute path that you entered is incorrect');
 }
@@ -348,9 +348,9 @@ else
 {
 	mysql_select_db($database_name, $db);
 }
-$sql = "UPDATE ".$table_prefix."users SET password = '" . md5($admin_password) . "', email = '$admin_email' WHERE user_id = 'admin'";
+$sql = "UPDATE ".$table_prefix."users SET password = '" . md5($admin_password) . "', email = ".db_escape($admin_email)." WHERE user_id = 'admin'";
 db_query($sql, "could not update admin account");
-$sql = "UPDATE ".$table_prefix."company SET coy_name = '$company_name' WHERE coy_code = 1";
+$sql = "UPDATE ".$table_prefix."company SET coy_name = ".db_escape($company_name)." WHERE coy_code = 1";
 db_query($sql, "could not update company name. Do it manually later in Setup");
 
 session_unset();