- $sql = "INSERT INTO ".TB_PREF."tax_types (name, sales_gl_code, purchasing_gl_code, rate, `out`)
- VALUES ('$name', '$sales_gl_code', '$purchasing_gl_code', $rate, $out)";
-
- db_query($sql, "could not add tax type");
+ $sql = "INSERT INTO ".TB_PREF."tax_types (name, sales_gl_code, purchasing_gl_code, rate)
+ VALUES (".db_escape($name).", ".db_escape($sales_gl_code)
+ .", ".db_escape($purchasing_gl_code).", $rate)";
+
+ db_query($sql, "could not add tax type");