Moving 2.0 development version to main trunk.

[fa-stable.git] / inventory / includes / db / items_db.inc

diff --git a/inventory/includes/db/items_db.inc b/inventory/includes/db/items_db.inc
index a46455841b7a889baaa0cb114030d8c1986ce746..f9f60a47b37e9d7617203712767edc908d7230c1 100644 (file)
--- a/inventory/includes/db/items_db.inc
+++ b/inventory/includes/db/items_db.inc
@@ -4,8 +4,8 @@ function update_item($stock_id, $description, $long_description, $category_id, $
        $sales_account, $inventory_account, $cogs_account, $adjustment_account,
        $assembly_account, $dimension_id, $dimension2_id)
 {
-       $sql = "UPDATE ".TB_PREF."stock_master SET long_description='$long_description',
-               description='$description',
+       $sql = "UPDATE ".TB_PREF."stock_master SET long_description=".db_escape($long_description).",
+               description=".db_escape($description).",
                category_id='$category_id',
                sales_account='$sales_account',
                inventory_account='$inventory_account',
@@ -27,7 +27,7 @@ function add_item($stock_id, $description, $long_description, $category_id, $tax
        $sql = "INSERT INTO ".TB_PREF."stock_master (stock_id, description, long_description, category_id,
                tax_type_id, units, mb_flag, sales_account, inventory_account, cogs_account,
                adjustment_account, assembly_account, dimension_id, dimension2_id)
-               VALUES ('$stock_id', '$description', '$long_description',
+               VALUES (".db_escape($stock_id).", ".db_escape($description).", ".db_escape($long_description).",
                '$category_id', $tax_type_id, '$units', '$mb_flag',
                '$sales_account', '$inventory_account', '$cogs_account',
                '$adjustment_account', '$assembly_account', $dimension_id, $dimension2_id)";