Moving 2.0 development version to main trunk.

[fa-stable.git] / inventory / includes / db / items_category_db.inc

diff --git a/inventory/includes/db/items_category_db.inc b/inventory/includes/db/items_category_db.inc
index 5c93e317e3fe8ecd04546fabaf6c7e6a0e814b9a..8883b5f2fdd13299904b37864e4d9d4bc084d1c5 100644 (file)
--- a/inventory/includes/db/items_category_db.inc
+++ b/inventory/includes/db/items_category_db.inc
@@ -3,43 +3,43 @@
 function add_item_category($description)
 
 {
-       $sql = "INSERT INTO ".TB_PREF."stock_category (description) 
-               VALUES ('$description')";
-   
+       $sql = "INSERT INTO ".TB_PREF."stock_category (description)
+               VALUES (".db_escape($description).")";
+
        db_query($sql,"an item category could not be added");
 }
 
 function update_item_category($ItemCategory, $description)
 
 {
-       $sql = "UPDATE ".TB_PREF."stock_category SET description = '$description' 
-        WHERE category_id = '$ItemCategory'";  
-       
-       db_query($sql,"an item category could not be updated"); 
+       $sql = "UPDATE ".TB_PREF."stock_category SET description = ".db_escape($description)."
+        WHERE category_id = '$ItemCategory'";
+
+       db_query($sql,"an item category could not be updated");
 }
 
 function delete_item_category($ItemCategory)
 {
-       $sql="DELETE FROM ".TB_PREF."stock_category WHERE category_id='$ItemCategory'"; 
-       
-       db_query($sql,"an item category could not be deleted"); 
+       $sql="DELETE FROM ".TB_PREF."stock_category WHERE category_id='$ItemCategory'";
+
+       db_query($sql,"an item category could not be deleted");
 }
 
 function get_item_category($ItemCategory)
 {
-       $sql="SELECT * FROM ".TB_PREF."stock_category WHERE category_id='$ItemCategory'";       
-       
+       $sql="SELECT * FROM ".TB_PREF."stock_category WHERE category_id='$ItemCategory'";
+
        $result = db_query($sql,"an item category could not be retrieved");
-       
-       return db_fetch($result);       
+
+       return db_fetch($result);
 }
 
 function get_category_name($id)
 {
        $sql = "SELECT description FROM ".TB_PREF."stock_category WHERE category_id=$id";
-       
+
        $result = db_query($sql, "could not get sales type");
-       
+
        $row = db_fetch_row($result);
        return $row[0];
 }