From: Joe Hunt <joe.hunt.consulting@gmail.com>
Date: Fri, 20 Apr 2007 07:13:07 +0000 (+0000)
Subject: Fixed bug no 1703888  Apostrophes and other unescaped characters
X-Git-Tag: 2.3-final~1563
X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=b2e755b987d2ade92c03028ee5f4e0128de91e91;p=fa-stable.git

Fixed bug no 1703888  Apostrophes and other unescaped characters
---

diff --git a/gl/includes/db/gl_db_accounts.inc b/gl/includes/db/gl_db_accounts.inc
index e48823f3..3b5daa9f 100644
--- a/gl/includes/db/gl_db_accounts.inc
+++ b/gl/includes/db/gl_db_accounts.inc
@@ -3,6 +3,7 @@
 
 function add_gl_account($account_code, $account_name, $account_type, $account_code2, $tax_code)
 {
+	$account_name = db_escape($account_name);
 	$sql = "INSERT INTO ".TB_PREF."chart_master (account_code, account_code2, account_name, account_type,
 		tax_code) 
 		VALUES ('$account_code', '$account_code2', '$account_name', $account_type, $tax_code)";
@@ -12,6 +13,7 @@ function add_gl_account($account_code, $account_name, $account_type, $account_co
 
 function update_gl_account($account_code, $account_name, $account_type, $account_code2, $tax_code)
 {
+	$account_name = db_escape($account_name);
     $sql = "UPDATE ".TB_PREF."chart_master SET account_name='$account_name',
 		account_type=$account_type, account_code2='$account_code2',
 		tax_code=$tax_code WHERE account_code = $account_code";