X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fincludes%2Fdb%2Fsales_points_db.inc;h=b5abaef7f7f631bb1775bdaa5f9e42bf6b6b3679;hb=efa2530a7c385a329c3fc76f4560b28ba97c3efe;hp=35d220dd7bb0c4f8c27de9499c776dcf25d41014;hpb=0b253e5e0d23400838d3bfb4f27fb3fb2637b3ab;p=fa-stable.git

diff --git a/sales/includes/db/sales_points_db.inc b/sales/includes/db/sales_points_db.inc
index 35d220dd..b5abaef7 100644
--- a/sales/includes/db/sales_points_db.inc
+++ b/sales/includes/db/sales_points_db.inc
@@ -25,7 +25,7 @@ function update_sales_point($id, $name, $location, $account, $cash, $credit)
 				.",pos_account=".db_escape($account)
 				.",cash_sale =$cash"
 				.",credit_sale =$credit"
-		 		." WHERE id = $id";
+		 		." WHERE id = ".db_escape($id);
 	
 	db_query($sql, "could not update sales type");			
 }
@@ -47,7 +47,7 @@ function get_sales_point($id)
 		.TB_PREF."sales_pos as pos
 		LEFT JOIN ".TB_PREF."locations as loc on pos.pos_location=loc.loc_code
 		LEFT JOIN ".TB_PREF."bank_accounts as acc on pos.pos_account=acc.id
-		WHERE pos.id='$id'";
+		WHERE pos.id=".db_escape($id);
 	
 	$result = db_query($sql, "could not get POS definition");
 	
@@ -56,7 +56,7 @@ function get_sales_point($id)
 
 function get_sales_point_name($id)
 {
-	$sql = "SELECT pos_name FROM ".TB_PREF."sales_pos WHERE id=$id";
+	$sql = "SELECT pos_name FROM ".TB_PREF."sales_pos WHERE id=".db_escape($id);
 	
 	$result = db_query($sql, "could not get POS name");
 	
@@ -66,8 +66,7 @@ function get_sales_point_name($id)
 
 function delete_sales_point($id)
 {
-	$sql="DELETE FROM ".TB_PREF."sales_pos WHERE id=$id";
+	$sql="DELETE FROM ".TB_PREF."sales_pos WHERE id=".db_escape($id);
 	db_query($sql,"The point of sale record could not be deleted");
 }
 
-?>
\ No newline at end of file