Security update merged from 2.1.

[fa-stable.git] / manufacturing / includes / db / work_centres_db.inc

diff --git a/manufacturing/includes/db/work_centres_db.inc b/manufacturing/includes/db/work_centres_db.inc
index e1b8a023a63b112ef8b85a85dba71253f83cf3f2..18adc74fdaceba36c7d3d5f195a11f05ab3bd00b 100644 (file)
--- a/manufacturing/includes/db/work_centres_db.inc
+++ b/manufacturing/includes/db/work_centres_db.inc
@@ -20,7 +20,7 @@ function add_work_centre($name, $description)
 function update_work_centre($type_id, $name, $description)
 {
        $sql = "UPDATE ".TB_PREF."workcentres SET name=".db_escape($name).", description=".db_escape($description)."
-               WHERE id=$type_id";
+               WHERE id=".db_escape($type_id);
 
        db_query($sql, "could not update work centre");
 }
@@ -35,7 +35,7 @@ function get_all_work_centres($all=false)
 
 function get_work_centre($type_id)
 {
-       $sql = "SELECT * FROM ".TB_PREF."workcentres WHERE id=$type_id";
+       $sql = "SELECT * FROM ".TB_PREF."workcentres WHERE id=".db_escape($type_id);
 
        $result = db_query($sql, "could not get work centre");
 
@@ -44,7 +44,7 @@ function get_work_centre($type_id)
 
 function delete_work_centre($type_id)
 {
-       $sql="DELETE FROM ".TB_PREF."workcentres WHERE id=$type_id";
+       $sql="DELETE FROM ".TB_PREF."workcentres WHERE id=".db_escape($type_id);
 
        db_query($sql, "could not delete work centre");
 }