X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fincludes%2Fdb%2Fbranches_db.inc;h=97d6fa2040b120cd9ceefd816cd5b7f031cdb9fc;hb=e29ab37ef51f39c200c3772e07eeceef0ce39214;hp=72a965655746546c949e93bc489b75c9d73c5fbd;hpb=d567a10b7925c8bb97c734e213d6651a979af29d;p=fa-stable.git

diff --git a/sales/includes/db/branches_db.inc b/sales/includes/db/branches_db.inc
index 72a96565..97d6fa20 100644
--- a/sales/includes/db/branches_db.inc
+++ b/sales/includes/db/branches_db.inc
@@ -14,7 +14,7 @@ function get_branch($branch_id)
 	$sql = "SELECT ".TB_PREF."cust_branch.*,".TB_PREF."salesman.salesman_name 
 		FROM ".TB_PREF."cust_branch, ".TB_PREF."salesman 
 		WHERE ".TB_PREF."cust_branch.salesman=".TB_PREF."salesman.salesman_code 
-		AND branch_code=$branch_id";
+		AND branch_code=".db_escape($branch_id);
 	
 	$result = db_query($sql, "Cannot retreive a customer branch");
 	
@@ -24,7 +24,7 @@ function get_branch($branch_id)
 function get_branch_accounts($branch_id)
 {
 	$sql = "SELECT receivables_account,sales_account, sales_discount_account, payment_discount_account 
-		FROM ".TB_PREF."cust_branch WHERE branch_code=$branch_id";
+		FROM ".TB_PREF."cust_branch WHERE branch_code=".db_escape($branch_id);
 	
 	$result = db_query($sql, "Cannot retreive a customer branch");
 	
@@ -34,7 +34,7 @@ function get_branch_accounts($branch_id)
 function get_branch_name($branch_id)
 {
 	$sql = "SELECT br_name FROM ".TB_PREF."cust_branch 
-		WHERE branch_code = '$branch_id'";
+		WHERE branch_code = ".db_escape($branch_id);
 
 	$result = db_query($sql,"could not retreive name for branch" . $branch_id);
 
@@ -45,7 +45,7 @@ function get_branch_name($branch_id)
 function get_cust_branches_from_group($group_no)
 {
 	$sql = "SELECT branch_code, debtor_no FROM ".TB_PREF."cust_branch 
-		WHERE group_no = '$group_no'";
+		WHERE group_no = ".db_escape($group_no);
 
 	return db_query($sql,"could not retreive branches for group " . $group_no);
 }