X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fincludes%2Fdb%2Fitems_category_db.inc;h=014b75208c48f3505ec03a75d94aa6a46608a449;hb=869e336c7335d984c9ae87d0b810f5c1b3744798;hp=5c93e317e3fe8ecd04546fabaf6c7e6a0e814b9a;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/inventory/includes/db/items_category_db.inc b/inventory/includes/db/items_category_db.inc
index 5c93e317..014b7520 100644
--- a/inventory/includes/db/items_category_db.inc
+++ b/inventory/includes/db/items_category_db.inc
@@ -1,48 +1,56 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 function add_item_category($description)
 
 {
-	$sql = "INSERT INTO ".TB_PREF."stock_category (description) 
-		VALUES ('$description')";
-   
+	$sql = "INSERT INTO ".TB_PREF."stock_category (description)
+		VALUES (".db_escape($description).")";
+
 	db_query($sql,"an item category could not be added");
 }
 
 function update_item_category($ItemCategory, $description)
 
 {
-	$sql = "UPDATE ".TB_PREF."stock_category SET description = '$description' 
-        WHERE category_id = '$ItemCategory'";	
-	
-	db_query($sql,"an item category could not be updated");	
+	$sql = "UPDATE ".TB_PREF."stock_category SET description = ".db_escape($description)."
+        WHERE category_id = '$ItemCategory'";
+
+	db_query($sql,"an item category could not be updated");
 }
 
 function delete_item_category($ItemCategory)
 {
-	$sql="DELETE FROM ".TB_PREF."stock_category WHERE category_id='$ItemCategory'";	
-	
-	db_query($sql,"an item category could not be deleted");	
+	$sql="DELETE FROM ".TB_PREF."stock_category WHERE category_id='$ItemCategory'";
+
+	db_query($sql,"an item category could not be deleted");
 }
 
 function get_item_category($ItemCategory)
 {
-	$sql="SELECT * FROM ".TB_PREF."stock_category WHERE category_id='$ItemCategory'";	
-	
+	$sql="SELECT * FROM ".TB_PREF."stock_category WHERE category_id='$ItemCategory'";
+
 	$result = db_query($sql,"an item category could not be retrieved");
-	
-	return db_fetch($result);	
+
+	return db_fetch($result);
 }
 
 function get_category_name($id)
 {
 	$sql = "SELECT description FROM ".TB_PREF."stock_category WHERE category_id=$id";
-	
+
 	$result = db_query($sql, "could not get sales type");
-	
+
 	$row = db_fetch_row($result);
 	return $row[0];
 }
 
-
 ?>
\ No newline at end of file