From b221f83ec2bc2de7288cf741029560971fae7b7f Mon Sep 17 00:00:00 2001
From: skeeter <skeeter@alumni.egroupware.org>
Date: Tue, 26 Mar 2002 19:25:49 +0000
Subject: [PATCH] Added the db_addslashes() call to name2id().

---
 phpgwapi/inc/class.categories.inc.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/phpgwapi/inc/class.categories.inc.php b/phpgwapi/inc/class.categories.inc.php
index 1fb108d215..0ebedb22a1 100644
--- a/phpgwapi/inc/class.categories.inc.php
+++ b/phpgwapi/inc/class.categories.inc.php
@@ -553,8 +553,9 @@
 
 		function name2id($cat_name)
 		{
-			$this->db->query("SELECT cat_id FROM phpgw_categories WHERE cat_name='" . $cat_name . "' AND cat_appname='" . $this->app_name
-				. "' AND cat_owner=" . $this->account_id,__LINE__,__FILE__);
+			$this->db->query("SELECT cat_id FROM phpgw_categories WHERE cat_name='" . $this->db->db_addslashes($cat_name) . "' "
+				."AND cat_appname='" . $this->app_name . "' "
+				."AND cat_owner=" . $this->account_id,__LINE__,__FILE__);
 
 			if(!$this->db->num_rows())
 			{