X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fincludes%2Fdb%2Fitems_units_db.inc;h=486db56219e16311b0847684520ae1e092f470be;hb=9044444ee1933dc684c6aab26ac718e65ce8c370;hp=b5c98d9118f7afd5f39d2fcc0f9754618e16a9ed;hpb=0b253e5e0d23400838d3bfb4f27fb3fb2637b3ab;p=fa-stable.git

diff --git a/inventory/includes/db/items_units_db.inc b/inventory/includes/db/items_units_db.inc
index b5c98d91..486db562 100644
--- a/inventory/includes/db/items_units_db.inc
+++ b/inventory/includes/db/items_units_db.inc
@@ -15,26 +15,26 @@ function write_item_unit($selected, $abbr, $description, $decimals)
 		$sql = "UPDATE ".TB_PREF."item_units SET
 	 	abbr = ".db_escape($abbr).",
 	 	name = ".db_escape($description).",
-	 	decimals = $decimals
-        	WHERE 	 abbr = '$selected'";
+	 	decimals = ".db_escape($decimals)."
+        	WHERE abbr = ".db_escape($selected);
     else
 		$sql = "INSERT INTO ".TB_PREF."item_units
 			(abbr, name, decimals) VALUES( ".db_escape($abbr).",
-	  		".db_escape($description).", $decimals)";
+	  		".db_escape($description).", ".db_escape($decimals).")";
 
 	db_query($sql,"an item unit could not be updated");
 }
 
 function delete_item_unit($unit)
 {
-	$sql="DELETE FROM ".TB_PREF."item_units WHERE abbr='$unit'";
+	$sql="DELETE FROM ".TB_PREF."item_units WHERE abbr=".db_escape($unit);
 
 	db_query($sql,"an unit of measure could not be deleted");
 }
 
 function get_item_unit($unit)
 {
-	$sql="SELECT * FROM ".TB_PREF."item_units WHERE abbr='$unit'";
+	$sql="SELECT * FROM ".TB_PREF."item_units WHERE abbr=".db_escape($unit);
 
 	$result = db_query($sql,"an unit of measure could not be retrieved");
 
@@ -43,16 +43,16 @@ function get_item_unit($unit)
 
 function get_unit_descr($unit)
 {
-	$sql = "SELECT description FROM ".TB_PREF."item_units WHERE abbr='$unit'";
+	$sql = "SELECT name FROM ".TB_PREF."item_units WHERE abbr=".db_escape($unit);
 
-	$result = db_query($sql, "could not unit description");
+	$result = db_query($sql, "could not retrieve unit description");
 
 	$row = db_fetch_row($result);
-	return $row[0];
+	return is_array($row) ? $row[0] : false;
 }
 
 function item_unit_used($unit) {
-	$sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_master WHERE units='$unit'";
+	$sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_master WHERE units=".db_escape($unit);
 	$result = db_query($sql, "could not query stock master");
 	$myrow = db_fetch_row($result);
 	return ($myrow[0] > 0);
@@ -64,15 +64,14 @@ function get_all_item_units($all=false) {
 	$sql .= " ORDER BY name";
     return  db_query($sql, "could not get stock categories");
 }
-// 2008-06-15. Added Joe Hunt to get a measure of unit by given stock_id
+// 2008-06-15. Added to get a measure of unit by given stock_id
 function get_unit_dec($stock_id)
 {
 	$sql = "SELECT decimals FROM ".TB_PREF."item_units,	".TB_PREF."stock_master
-		WHERE abbr=units AND stock_id='$stock_id' LIMIT 1";
+		WHERE abbr=units AND stock_id=".db_escape($stock_id)." LIMIT 1";
 	$result = db_query($sql, "could not get unit decimals");
 
 	$row = db_fetch_row($result);
-	return $row[0];
+	return is_array($row) ? $row[0] : false;
 }
 
-?>
\ No newline at end of file