X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fincludes%2Fdb%2Fitems_locations_db.inc;h=809e928c028f1021aed34bd9e2bcbee28c6c0f15;hb=3ff9ed87cb909f19c8fe3e7dfda5df79d0c01a6c;hp=aeaee0df9a59e46cbf2acf77176b4638568d2e11;hpb=46d3debec422c5ad5ee99c4acfe42bfa60308afb;p=fa-stable.git

diff --git a/inventory/includes/db/items_locations_db.inc b/inventory/includes/db/items_locations_db.inc
index aeaee0df..809e928c 100644
--- a/inventory/includes/db/items_locations_db.inc
+++ b/inventory/includes/db/items_locations_db.inc
@@ -1,9 +1,19 @@
 <?php
-
-function add_item_location($loc_code, $location_name, $delivery_address, $phone, $fax, $email, $contact)
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
+function add_item_location($loc_code, $location_name, $delivery_address, $phone, $phone2, $fax, $email, $contact)
 {
-	$sql = "INSERT INTO ".TB_PREF."locations (loc_code, location_name, delivery_address, phone, fax, email, contact)
-		VALUES (".db_quote($loc_code).", ".db_quote($location_name).", ".db_quote($delivery_address).", ".db_quote($phone).", ".db_quote($fax).", ".db_quote($email).", ".db_quote($contact).")";
+	$sql = "INSERT INTO ".TB_PREF."locations (loc_code, location_name, delivery_address, phone, phone2, fax, email, contact)
+		VALUES (".db_escape($loc_code).", ".db_escape($location_name).", ".db_escape($delivery_address).", "
+			.db_escape($phone).", ".db_escape($phone2).", ".db_escape($fax).", ".db_escape($email).", ".db_escape($contact).")";
 
 	db_query($sql,"a location could not be added");
 
@@ -16,13 +26,13 @@ function add_item_location($loc_code, $location_name, $delivery_address, $phone,
 
 //------------------------------------------------------------------------------------
 
-function update_item_location($loc_code, $location_name, $delivery_address, $phone, $fax, $email, $contact)
+function update_item_location($loc_code, $location_name, $delivery_address, $phone, $phone2, $fax, $email, $contact)
 
 {
-    $sql = "UPDATE ".TB_PREF."locations SET location_name=".db_quote($location_name).",
-    	delivery_address=".db_quote($delivery_address).",
-    	phone=".db_quote($phone).", fax=".db_quote($fax).",
-    	email=".db_quote($email).", contact=".db_quote($contact)."
+    $sql = "UPDATE ".TB_PREF."locations SET location_name=".db_escape($location_name).",
+    	delivery_address=".db_escape($delivery_address).",
+    	phone=".db_escape($phone).", phone2=".db_escape($phone2).", fax=".db_escape($fax).",
+    	email=".db_escape($email).", contact=".db_escape($contact)."
     	WHERE loc_code = '$loc_code'";
 
 	db_query($sql,"a location could not be updated");