function can_delete($selected_id)
{
$sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master
- WHERE credit_status=$selected_id";
+ WHERE credit_status=".db_escape($selected_id);
$result = db_query($sql, "could not query customers");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)