diff --git a/admin/database.php b/admin/database.php
index 1d9fb2f2b9a..8cd0ad50975 100644
--- a/admin/database.php
+++ b/admin/database.php
@@ -548,7 +548,7 @@ function get_max_order($gid)
$anslangs = GetAdditionalLanguagesFromSurveyID($surveyid);
$baselang = GetBaseLanguageFromSurveyID($surveyid);
// Add new Answer for Base Language Question
- $query = "INSERT INTO ".db_table_name('answers')." (qid, code, answer, sortorder, default_value,language) VALUES ('{$_POST['qid']}', {$connect->qstr($_POST['insertcode'])}, {$connect->qstr($_POST['insertanswer'])}, '{$newsortorder}', 'N','$baselang')";
+ $query = "INSERT INTO ".db_table_name('answers')." (qid, code, answer, sortorder, default_value,language) VALUES ('{$_POST['qid']}', ".$connect->qstr($_POST['insertcode']).", ".$connect->qstr($_POST['insertanswer']).", '{$newsortorder}', 'N','$baselang')";
if (!$result = $connect->Execute($query))
{
$databaseoutput .= "\n";
@@ -556,7 +556,7 @@ function get_max_order($gid)
foreach ($anslangs as $anslang)
{
if(!isset($_POST['default'])) $_POST['default'] = "";
- $query = "INSERT INTO ".db_table_name('answers')." (qid, code, answer, sortorder, default_value,language) VALUES ('{$_POST['qid']}', {$connect->qstr($_POST['insertcode'])}, {$connect->qstr($_POST['insertanswer'])}, '{$newsortorder}', 'N','$anslang')";
+ $query = "INSERT INTO ".db_table_name('answers')." (qid, code, answer, sortorder, default_value,language) VALUES ('{$_POST['qid']}', ".$connect->qstr($_POST['insertcode']).",".$connect->qstr($_POST['insertanswer']).", '{$newsortorder}', 'N','$anslang')";
if (!$result = $connect->Execute($query))
{
$databaseoutput .= "\n";
@@ -574,8 +574,8 @@ function get_max_order($gid)
{
$langid=substr($sortorderid,0,strpos($sortorderid,'_'));
$orderid=substr($sortorderid,strpos($sortorderid,'_')+1,20);
- $query = "UPDATE ".db_table_name('answers')." SET code=".$connect->qstr($_POST['code_'.$codeids[$count]]).",
- answer={$connect->qstr($_POST['answer_'.$sortorderid])} WHERE qid='$qid' and sortorder=$orderid and language='$langid'";
+ $query = "UPDATE ".db_table_name('answers')." SET code=".$connect->qstr($_POST['code_'.$codeids[$count]]).
+ ", answer=".$connect->qstr($_POST['answer_'.$sortorderid])." WHERE qid='$qid' and sortorder=$orderid and language='$langid'";
if (!$result = $connect->Execute($query))
{
$databaseoutput .= "\n";
diff --git a/common.php b/common.php
index 81b213aa9ec..7ba62f374eb 100644
--- a/common.php
+++ b/common.php
@@ -3119,7 +3119,7 @@ function FixLanguageConsistency($sid, $availlangs)
$gresult = db_execute_assoc($query) or die($connect->ErrorMsg());
if ($gresult->RecordCount() < 1)
{
- $query = "INSERT INTO ".db_table_name('groups')." (gid,sid,group_name,group_order,description,language) VALUES('{$group['gid']}','{$group['sid']}',{$connect->qstr($group['group_name'])},'{$group['group_order']}',{$connect->qstr($group['description'])},'{$lang}')";
+ $query = "INSERT INTO ".db_table_name('groups')." (gid,sid,group_name,group_order,description,language) VALUES('{$group['gid']}','{$group['sid']}',".$connect->qstr($group['group_name']).",'{$group['group_order']}',".$connect->qstr($group['description']).",'{$lang}')";
$connect->Execute($query) or die($connect->ErrorMsg());
}
}
@@ -3141,7 +3141,7 @@ function FixLanguageConsistency($sid, $availlangs)
$gresult = db_execute_assoc($query) or die($connect->ErrorMsg());
if ($gresult->RecordCount() < 1)
{
- $query = "INSERT INTO ".db_table_name('questions')." (qid,sid,gid,type,title,question,preg,help,other,mandatory,lid,question_order,language) VALUES('{$question['qid']}','{$question['sid']}','{$question['gid']}','{$question['type']}',{$connect->qstr($question['title'])},{$connect->qstr($question['question'])},{$connect->qstr($question['preg'])},{$connect->qstr($question['help'])},'{$question['other']}','{$question['mandatory']}','{$question['lid']}','{$question['question_order']}','{$lang}')";
+ $query = "INSERT INTO ".db_table_name('questions')." (qid,sid,gid,type,title,question,preg,help,other,mandatory,lid,question_order,language) VALUES('{$question['qid']}','{$question['sid']}','{$question['gid']}','{$question['type']}',".$connect->qstr($question['title']).",".$connect->qstr($question['question']).",".$connect->qstr($question['preg']).",".$connect->qstr($question['help']).",'{$question['other']}','{$question['mandatory']}','{$question['lid']}','{$question['question_order']}','{$lang}')";
$connect->Execute($query) or die(print "$query\n: ".$connect->ErrorMsg());
}
}
@@ -3167,7 +3167,7 @@ function FixLanguageConsistency($sid, $availlangs)
$gresult = db_execute_assoc($query) or die($connect->ErrorMsg());
if ($gresult->RecordCount() < 1)
{
- $query = "INSERT INTO ".db_table_name('answers')." (qid,code,answer,default_value,sortorder,language) VALUES('{$answer['qid']}',{$connect->qstr($answer['code'])},{$connect->qstr($answer['answer'])},{$connect->qstr($answer['default_value'])},'{$answer['sortorder']}','{$lang}')";
+ $query = "INSERT INTO ".db_table_name('answers')." (qid,code,answer,default_value,sortorder,language) VALUES('{$answer['qid']}',".$connect->qstr($answer['code']).",".$connect->qstr($answer['answer']).",".$connect->qstr($answer['default_value']).",'{$answer['sortorder']}','{$lang}')";
$connect->Execute($query) or die($connect->ErrorMsg());
}
}