Inconsistent escaping of problem characters for SQL (' & etc.)
While setting up my chart of accounts I notice the ampersand exists in the default account "Furniture & Fixtures", however adding a new account with the ampersand results in it being stored in the database and returned as "&" the HTML escape code (which actually isn't processed by the
browser for some reason (this is true for GLAccounts.php)).
For AccountSections.php the same problem occurs, actually it's a bit worse as the escape code will be escaped multiple times AND will generate an error (tested with single quote AKA I renamed "Financed By" with "Owner's Equity")
I understand the importance of escaping some characters for the sake of SQL but those operations should be invisible on output from SQL, right?
|