X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fincludes%2Fdb%2Fitems_trans_db.inc;h=7292814d35c38d95e0f52befcb6dbd8227d9ce05;hb=c7677cfbba820ec8d7a6f224d51fe64d4850a2a3;hp=0bcdb82b80e6e12f7fb26108745cd2fa8e5f9c5a;hpb=80dd97a37f674cc3691fa04af4c29607067566b2;p=fa-stable.git

diff --git a/inventory/includes/db/items_trans_db.inc b/inventory/includes/db/items_trans_db.inc
index 0bcdb82b..7292814d 100644
--- a/inventory/includes/db/items_trans_db.inc
+++ b/inventory/includes/db/items_trans_db.inc
@@ -25,11 +25,11 @@ function stock_cost_update($stock_id, $material_cost, $labour_cost, $overhead_co
 	
 	begin_transaction();
 	
-	$sql = "UPDATE ".TB_PREF."stock_master SET material_cost=$material_cost, 
-		labour_cost=$labour_cost, 
-		overhead_cost=$overhead_cost, 
-		last_cost=$last_cost 
-		WHERE stock_id='$stock_id'";
+	$sql = "UPDATE ".TB_PREF."stock_master SET material_cost=".db_escape($material_cost).", 
+		labour_cost=".db_escape($labour_cost).", 
+		overhead_cost=".db_escape($overhead_cost).", 
+		last_cost=".db_escape($last_cost)." 
+		WHERE stock_id=".db_escape($stock_id);
 	db_query($sql,"The cost details for the inventory item could not be updated");
 
 	$qoh = get_qoh_on_date($_POST['stock_id']);