Fixed bug no 1703888 Apostrophes and other unescaped characters

author Joe Hunt <joe.hunt.consulting@gmail.com>

Fri, 20 Apr 2007 07:13:07 +0000 (07:13 +0000)

committer Joe Hunt <joe.hunt.consulting@gmail.com>

Fri, 20 Apr 2007 07:13:07 +0000 (07:13 +0000)
author Joe Hunt <joe.hunt.consulting@gmail.com>
Fri, 20 Apr 2007 07:13:07 +0000 (07:13 +0000)
committer Joe Hunt <joe.hunt.consulting@gmail.com>
Fri, 20 Apr 2007 07:13:07 +0000 (07:13 +0000)
diff --git a/gl/includes/db/gl_db_accounts.inc b/gl/includes/db/gl_db_accounts.inc

index e48823f33e6ec80fad1f08958d925b9125aaea77..3b5daa9fac9cff06dc61a9615ae1ef0803e68f30 100644 (file)
--- a/gl/includes/db/gl_db_accounts.inc
+++ b/gl/includes/db/gl_db_accounts.inc
@@ -3,6 +3,7 @@
  
  function add_gl_account($account_code, $account_name, $account_type, $account_code2, $tax_code)
  {
+       $account_name = db_escape($account_name);
         $sql = "INSERT INTO ".TB_PREF."chart_master (account_code, account_code2, account_name, account_type,
                 tax_code) 
                 VALUES ('$account_code', '$account_code2', '$account_name', $account_type, $tax_code)";
@@ -12,6 +13,7 @@ function add_gl_account($account_code, $account_name, $account_type, $account_co
  
  function update_gl_account($account_code, $account_name, $account_type, $account_code2, $tax_code)
  {
+       $account_name = db_escape($account_name);
      $sql = "UPDATE ".TB_PREF."chart_master SET account_name='$account_name',
                 account_type=$account_type, account_code2='$account_code2',
                 tax_code=$tax_code WHERE account_code = $account_code";
author	Joe Hunt <joe.hunt.consulting@gmail.com>
	Fri, 20 Apr 2007 07:13:07 +0000 (07:13 +0000)
committer	Joe Hunt <joe.hunt.consulting@gmail.com>
	Fri, 20 Apr 2007 07:13:07 +0000 (07:13 +0000)