projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Security sql statements update against sql injection attacks.
[fa-stable.git]
/
taxes
/
tax_calc.inc
diff --git
a/taxes/tax_calc.inc
b/taxes/tax_calc.inc
index 1209d62133eca1f355f073e7f2a464b95b999aaa..7107cdca7a75c8f6732e533231faeda6c84cc92e 100644
(file)
--- a/
taxes/tax_calc.inc
+++ b/
taxes/tax_calc.inc
@@
-210,7
+210,7
@@
function get_tax_for_items($items, $prices, $shipping_cost, $tax_group, $tax_inc
function is_tax_account($account_code)
{
$sql= "SELECT id FROM ".TB_PREF."tax_types WHERE
function is_tax_account($account_code)
{
$sql= "SELECT id FROM ".TB_PREF."tax_types WHERE
- sales_gl_code=
'$account_code' OR purchasing_gl_code='$account_code'"
;
+ sales_gl_code=
".db_escape($account_code)." OR purchasing_gl_code=".db_escape($account_code)
;
$result = db_query($sql, "checking account is tax account");
if (db_num_rows($result) > 0) {
$acct = db_fetch($result);
$result = db_query($sql, "checking account is tax account");
if (db_num_rows($result) > 0) {
$acct = db_fetch($result);