X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=manufacturing%2Fincludes%2Fdb%2Fwork_centres_db.inc;h=c01ad50f410e4987fe7c6705bcb55ed02897ef8b;hb=ab2c3a8ffecec2997c29b5a907d5b632c1b64af2;hp=a1cffa01da17fa0f6bbe951c5a1de8507cc85ee8;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/manufacturing/includes/db/work_centres_db.inc b/manufacturing/includes/db/work_centres_db.inc
index a1cffa01..c01ad50f 100644
--- a/manufacturing/includes/db/work_centres_db.inc
+++ b/manufacturing/includes/db/work_centres_db.inc
@@ -1,42 +1,51 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 function add_work_centre($name, $description)
 {
-	$sql = "INSERT INTO ".TB_PREF."workcentres (name, description) 
-		VALUES ('$name','$description')";
-		
-	db_query($sql, "could not add work centre");		
+	$sql = "INSERT INTO ".TB_PREF."workcentres (name, description)
+		VALUES (".db_escape($name).",".db_escape($description).")";
+
+	db_query($sql, "could not add work centre");
 }
 
 function update_work_centre($type_id, $name, $description)
 {
-	$sql = "UPDATE ".TB_PREF."workcentres SET name='$name', description='$description'
+	$sql = "UPDATE ".TB_PREF."workcentres SET name=".db_escape($name).", description=".db_escape($description)."
 		WHERE id=$type_id";
-	
-	db_query($sql, "could not update work centre");			
+
+	db_query($sql, "could not update work centre");
 }
 
 function get_all_work_centres()
 {
 	$sql = "SELECT * FROM ".TB_PREF."workcentres";
-	
+
 	return db_query($sql, "could not get all work centres");
-} 
+}
 
 function get_work_centre($type_id)
 {
 	$sql = "SELECT * FROM ".TB_PREF."workcentres WHERE id=$type_id";
-	
+
 	$result = db_query($sql, "could not get work centre");
-	
+
 	return db_fetch($result);
 }
 
 function delete_work_centre($type_id)
 {
 	$sql="DELETE FROM ".TB_PREF."workcentres WHERE id=$type_id";
-		
-	db_query($sql, "could not delete work centre");	
+
+	db_query($sql, "could not delete work centre");
 }
 
 ?>
\ No newline at end of file