X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=install%2Fsave.php;h=e6de3fe9297251518ee9e0a22e4a68f325365fbb;hb=5928cc0bb4164cfd1dfc77f279f6b12d7806294f;hp=0c786f26bd5cf2f9ea8abc953264dfa660629dea;hpb=65c68ebb3a09aa06418fb7f5e1712ca8012d756f;p=fa-stable.git

diff --git a/install/save.php b/install/save.php
index 0c786f26..e6de3fe9 100644
--- a/install/save.php
+++ b/install/save.php
@@ -348,9 +348,9 @@ else
 {
 	mysql_select_db($database_name, $db);
 }
-$sql = "UPDATE ".$table_prefix."users SET password = '" . md5($admin_password) . "', email = '$admin_email' WHERE user_id = 'admin'";
+$sql = "UPDATE ".$table_prefix."users SET password = '" . md5($admin_password) . "', email = ".db_escape($admin_email)." WHERE user_id = 'admin'";
 db_query($sql, "could not update admin account");
-$sql = "UPDATE ".$table_prefix."company SET coy_name = '$company_name' WHERE coy_code = 1";
+$sql = "UPDATE ".$table_prefix."company SET coy_name = ".db_escape($company_name)." WHERE coy_code = 1";
 db_query($sql, "could not update company name. Do it manually later in Setup");
 
 session_unset();