X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fmanage%2Fsales_areas.php;h=7b993667eeb5534632f6e083df4edf293463c181;hb=59233fde6a6ea38e17c1ce5b089cb0b798a98e2d;hp=7aed3e6e04f0203cbc0ee85feedd41f709b9e09f;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/sales/manage/sales_areas.php b/sales/manage/sales_areas.php
index 7aed3e6e..7b993667 100644
--- a/sales/manage/sales_areas.php
+++ b/sales/manage/sales_areas.php
@@ -33,12 +33,12 @@ if (isset($_POST['ADD_ITEM']) || isset($_POST['UPDATE_ITEM']))
 	{
     	if (isset($selected_id)) 
     	{
-    		$sql = "UPDATE ".TB_PREF."areas SET description='" . $_POST['description'] . "' WHERE area_code = '$selected_id'";
+    		$sql = "UPDATE ".TB_PREF."areas SET description=".db_escape($_POST['description'])." WHERE area_code = '$selected_id'";
     	} 
     	else 
     	{
     
-    		$sql = "INSERT INTO ".TB_PREF."areas (description) VALUES ('" . $_POST['description'] . "')";
+    		$sql = "INSERT INTO ".TB_PREF."areas (description) VALUES (".db_escape($_POST['description']) . ")";
     	}
     
     	db_query($sql,"The sales area could not be updated or added");