Fixed double db_escape in add/update.

diff --git a/dimensions/includes/dimensions_db.inc b/dimensions/includes/dimensions_db.inc
index 5e02751618953d333df76f73ec50b2984daabe96..8d7b0c105bdfee3c2f7ec59485304c13ddf6cf75 100644 (file)
--- a/dimensions/includes/dimensions_db.inc
+++ b/dimensions/includes/dimensions_db.inc
@@ -15,9 +15,12 @@ function add_dimension($reference, $name, $type_, $date_, $due_date, $memo_)
 
        begin_transaction();
 
+       $date = date2sql($date_);
+       $duedate = date2sql($due_date);
+
        $sql = "INSERT INTO ".TB_PREF."dimensions (reference, name, type_, date_, due_date)
                VALUES (".db_escape($reference).", ".db_escape($name).", ".db_escape($type_)
-               .", ".db_escape($date_).", ".db_escape($due_date).")";
+               .", '$date_', '$due_date')";
        db_query($sql, "could not add dimension");
 
        $id = db_insert_id();
@@ -35,10 +38,13 @@ function update_dimension($id, $name, $type_, $date_, $due_date, $memo_)
 {
        begin_transaction();
 
+       $date = date2sql($date_);
+       $duedate = date2sql($due_date);
+
        $sql = "UPDATE ".TB_PREF."dimensions SET name=".db_escape($name).",
                type_ = ".db_escape($type_).",
-               date_=".db_escape($date_).",
-               due_date=".db_escape($due_date)."
+               date_='$date_',
+               due_date='$due_date'
                WHERE id = ".db_escape($id);
 
        db_query($sql, "could not update dimension");