{
$date = date2sql($date_);
$sql = "INSERT INTO ".TB_PREF."comments (type, id, date_, memo_)
- VALUES ($type, $type_no, '$date', ".db_quote($memo_).")";
+ VALUES ($type, $type_no, '$date', ".db_escape($memo_).")";
db_query($sql, "could not add comments transaction entry");
}
else
{
$date = date2sql($date_);
- $sql = "UPDATE ".TB_PREF."comments SET memo_=".db_quote($memo_)." WHERE type=$type AND id=$id AND date_='$date'";
+ $sql = "UPDATE ".TB_PREF."comments SET memo_=".db_escape($memo_)." WHERE type=$type AND id=$id AND date_='$date'";
db_query($sql, "could not update comments");
}
}
$sql = "INSERT INTO ".TB_PREF."stock_moves (stock_id, trans_no, type, loc_code,
tran_date, person_id, reference, qty, standard_cost, visible, price,
discount_percent) VALUES ('$stock_id', $trans_no, $type,
- ".db_quote($location).", '$date', '$person_id', ".db_quote($reference).", $quantity, $std_cost,
+ ".db_escape($location).", '$date', '$person_id', ".db_escape($reference).", $quantity, $std_cost,
$show_or_hide, $price, $discount_percent)";
if ($error_msg == "")
function add_reference($type, $id, $reference)
{
$sql = "INSERT INTO ".TB_PREF."refs (type, id, reference)
- VALUES ($type, $id, " . db_quote(trim($reference)) . ")";
+ VALUES ($type, $id, " . db_escape(trim($reference)) . ")";
db_query($sql, "could not add reference entry");
}
function save_next_reference($type, $reference)
{
- $sql = "UPDATE ".TB_PREF."sys_types SET next_reference=" . db_quote(trim($reference)) . " WHERE type_id = $type";
+ $sql = "UPDATE ".TB_PREF."sys_types SET next_reference=" . db_escape(trim($reference)) . " WHERE type_id = $type";
db_query($sql, "The next transaction ref for $type could not be updated");
}
{
$sql = "INSERT INTO ".TB_PREF."stock_category (description)
- VALUES (".db_quote($description).")";
+ VALUES (".db_escape($description).")";
db_query($sql,"an item category could not be added");
}
function update_item_category($ItemCategory, $description)
{
- $sql = "UPDATE ".TB_PREF."stock_category SET description = ".db_quote($description)."
+ $sql = "UPDATE ".TB_PREF."stock_category SET description = ".db_escape($description)."
WHERE category_id = '$ItemCategory'";
db_query($sql,"an item category could not be updated");
$sales_account, $inventory_account, $cogs_account, $adjustment_account,
$assembly_account, $dimension_id, $dimension2_id)
{
- $sql = "UPDATE ".TB_PREF."stock_master SET long_description=".db_quote($long_description).",
- description=".db_quote($description).",
+ $sql = "UPDATE ".TB_PREF."stock_master SET long_description=".db_escape($long_description).",
+ description=".db_escape($description).",
category_id='$category_id',
sales_account='$sales_account',
inventory_account='$inventory_account',
$sql = "INSERT INTO ".TB_PREF."stock_master (stock_id, description, long_description, category_id,
tax_type_id, units, mb_flag, sales_account, inventory_account, cogs_account,
adjustment_account, assembly_account, dimension_id, dimension2_id)
- VALUES (".db_quote($stock_id).", ".db_quote($description).", ".db_quote($long_description).",
+ VALUES (".db_escape($stock_id).", ".db_escape($description).", ".db_escape($long_description).",
'$category_id', $tax_type_id, '$units', '$mb_flag',
'$sales_account', '$inventory_account', '$cogs_account',
'$adjustment_account', '$assembly_account', $dimension_id, $dimension2_id)";
function add_item_location($loc_code, $location_name, $delivery_address, $phone, $fax, $email, $contact)
{
$sql = "INSERT INTO ".TB_PREF."locations (loc_code, location_name, delivery_address, phone, fax, email, contact)
- VALUES (".db_quote($loc_code).", ".db_quote($location_name).", ".db_quote($delivery_address).", ".db_quote($phone).", ".db_quote($fax).", ".db_quote($email).", ".db_quote($contact).")";
+ VALUES (".db_escape($loc_code).", ".db_escape($location_name).", ".db_escape($delivery_address).", ".db_escape($phone).", ".db_escape($fax).", ".db_escape($email).", ".db_escape($contact).")";
db_query($sql,"a location could not be added");
function update_item_location($loc_code, $location_name, $delivery_address, $phone, $fax, $email, $contact)
{
- $sql = "UPDATE ".TB_PREF."locations SET location_name=".db_quote($location_name).",
- delivery_address=".db_quote($delivery_address).",
- phone=".db_quote($phone).", fax=".db_quote($fax).",
- email=".db_quote($email).", contact=".db_quote($contact)."
+ $sql = "UPDATE ".TB_PREF."locations SET location_name=".db_escape($location_name).",
+ delivery_address=".db_escape($delivery_address).",
+ phone=".db_escape($phone).", fax=".db_escape($fax).",
+ email=".db_escape($email).", contact=".db_escape($contact)."
WHERE loc_code = '$loc_code'";
db_query($sql,"a location could not be updated");
{
if($selected!='')
$sql = "UPDATE ".TB_PREF."item_units SET
- abbr = ".db_quote($abbr).",
- name = ".db_quote($description).",
+ abbr = ".db_escape($abbr).",
+ name = ".db_escape($description).",
decimals = $decimals
WHERE abbr = '$selected'";
else
$sql = "INSERT INTO ".TB_PREF."item_units
- (abbr, name, decimals) VALUES( ".db_quote($abbr).",
- ".db_quote($description).", $decimals)";
+ (abbr, name, decimals) VALUES( ".db_escape($abbr).",
+ ".db_escape($description).", $decimals)";
db_query($sql,"an item unit could not be updated");
}
function add_movement_type($name)
{
$sql = "INSERT INTO ".TB_PREF."movement_types (name)
- VALUES (".db_quote($name).")";
+ VALUES (".db_escape($name).")";
db_query($sql, "could not add item movement type");
}
function update_movement_type($type_id, $name)
{
- $sql = "UPDATE ".TB_PREF."movement_types SET name=".db_quote($name)."
+ $sql = "UPDATE ".TB_PREF."movement_types SET name=".db_escape($name)."
WHERE id=$type_id";
db_query($sql, "could not update item movement type");
function add_work_centre($name, $description)
{
$sql = "INSERT INTO ".TB_PREF."workcentres (name, description)
- VALUES (".db_quote($name).",".db_quote($description).")";
+ VALUES (".db_escape($name).",".db_escape($description).")";
db_query($sql, "could not add work centre");
}
function update_work_centre($type_id, $name, $description)
{
- $sql = "UPDATE ".TB_PREF."workcentres SET name=".db_quote($name).", description=".db_quote($description)."
+ $sql = "UPDATE ".TB_PREF."workcentres SET name=".db_escape($name).", description=".db_escape($description)."
WHERE id=$type_id";
db_query($sql, "could not update work centre");
// insert the actual issue
$sql = "INSERT INTO ".TB_PREF."wo_issues (workorder_id, reference, issue_date, loc_code, workcentre_id)
- VALUES ($woid, ".db_quote($ref).", '" .
- date2sql($date_) . "', ".db_quote($location).", $workcentre)";
+ VALUES ($woid, ".db_escape($ref).", '" .
+ date2sql($date_) . "', ".db_escape($location).", $workcentre)";
db_query($sql,"The work order issue could not be added");
$number = db_insert_id();
$date = date2sql($date_);
$sql = "INSERT INTO ".TB_PREF."wo_manufacture (workorder_id, reference, quantity, date_)
- VALUES ($woid, ".db_quote($ref).", $quantity, '$date')";
+ VALUES ($woid, ".db_escape($ref).", $quantity, '$date')";
db_query($sql,"A work order manufacture could not be added");
$sql = "INSERT INTO ".TB_PREF."workorders (wo_ref, loc_code, units_reqd, stock_id,
type, date_, required_by)
- VALUES (".db_quote($wo_ref).", ".db_quote($loc_code).", $units_reqd, '$stock_id',
+ VALUES (".db_escape($wo_ref).", ".db_escape($loc_code).", $units_reqd, '$stock_id',
$type, '$date', '$required')";
db_query($sql, "could not add work order");
$date = date2sql($date_);
$required = date2sql($required_by);
- $sql = "UPDATE ".TB_PREF."workorders SET loc_code=".db_quote($loc_code).",
+ $sql = "UPDATE ".TB_PREF."workorders SET loc_code=".db_escape($loc_code).",
units_reqd=$units_reqd, stock_id='$stock_id',
required_by='$required',
date_='$date'
$sql = "INSERT INTO ".TB_PREF."workorders (wo_ref, loc_code, units_reqd, units_issued, stock_id,
type, additional_costs, date_, released_date, required_by, released, closed)
- VALUES (".db_quote($wo_ref).", ".db_quote($loc_code).", $units_reqd, $units_reqd, '$stock_id',
+ VALUES (".db_escape($wo_ref).", ".db_escape($loc_code).", $units_reqd, $units_reqd, '$stock_id',
$type, $additional_costs, '$date', '$date', '$date', 1, 1)";
db_query($sql, "could not add work order");
projects / fa-stable.git / commitdiff