Added missed db_escape on person_id.

diff --git a/gl/includes/db/gl_db_bank_trans.inc b/gl/includes/db/gl_db_bank_trans.inc
index 6aebe6f4a2dab753be9f0342eee334224039cd24..200277fb60b2280cb44c17a18429c7e5a6cb83db 100644 (file)
--- a/gl/includes/db/gl_db_bank_trans.inc
+++ b/gl/includes/db/gl_db_bank_trans.inc
@@ -29,7 +29,7 @@ function add_bank_trans($type, $trans_no, $bank_act, $ref, $date_, $bank_trans_t
                trans_date, bank_trans_type_id, amount, person_type_id, person_id) ";
 
        $sql .= "VALUES ($type, $trans_no, '$bank_act', ".db_escape($ref).", '$sqlDate', '$bank_trans_type_id',
-               $amount_bank, $person_type_id, '$person_id')";
+               $amount_bank, $person_type_id, ". db_escape($person_id).")";
 
        if ($err_msg == "")
                $err_msg = "The bank transaction could not be inserted";

diff --git a/gl/includes/db/gl_db_trans.inc b/gl/includes/db/gl_db_trans.inc
index ecd12faea5ca85fb1c21ea84f4fa16a5332b15d8..79b03d80651e57b3a56385564c8f660d48a54735 100644 (file)
--- a/gl/includes/db/gl_db_trans.inc
+++ b/gl/includes/db/gl_db_trans.inc
@@ -40,7 +40,7 @@ function add_gl_trans($type, $trans_id, $date_, $account, $dimension, $dimension
                '$account', $dimension, $dimension2, ".db_escape($memo_).", $amount_in_home_currency";
 
        if ($person_type_id != null)
-               $sql .= ", $person_type_id, '$person_id'";
+               $sql .= ", $person_type_id, ". db_escape($person_id);
 
        $sql .= ") ";