From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Thu, 11 Sep 2008 21:58:08 +0000 (+0000)
Subject: Added missed db_escape on person_id.
X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=0793f914ccd0b55ac814500cff6a0d0174155baa;p=textcart.git

Added missed db_escape on person_id.
---

diff --git a/gl/includes/db/gl_db_bank_trans.inc b/gl/includes/db/gl_db_bank_trans.inc
index 6aebe6f..200277f 100644
--- a/gl/includes/db/gl_db_bank_trans.inc
+++ b/gl/includes/db/gl_db_bank_trans.inc
@@ -29,7 +29,7 @@ function add_bank_trans($type, $trans_no, $bank_act, $ref, $date_, $bank_trans_t
 		trans_date, bank_trans_type_id, amount, person_type_id, person_id) ";
 
 	$sql .= "VALUES ($type, $trans_no, '$bank_act', ".db_escape($ref).", '$sqlDate', '$bank_trans_type_id',
-		$amount_bank, $person_type_id, '$person_id')";
+		$amount_bank, $person_type_id, ". db_escape($person_id).")";
 
 	if ($err_msg == "")
 		$err_msg = "The bank transaction could not be inserted";
diff --git a/gl/includes/db/gl_db_trans.inc b/gl/includes/db/gl_db_trans.inc
index ecd12fa..79b03d8 100644
--- a/gl/includes/db/gl_db_trans.inc
+++ b/gl/includes/db/gl_db_trans.inc
@@ -40,7 +40,7 @@ function add_gl_trans($type, $trans_id, $date_, $account, $dimension, $dimension
 		'$account', $dimension, $dimension2, ".db_escape($memo_).", $amount_in_home_currency";
 
 	if ($person_type_id != null)
-		$sql .= ", $person_type_id, '$person_id'";
+		$sql .= ", $person_type_id, ". db_escape($person_id);
 
 	$sql .= ") ";