if($tax_shipping) // only one tax group for shipping
clear_shipping_tax_group();
- $sql = "INSERT INTO ".TB_PREF."tax_groups (name, tax_shipping) VALUES (".db_escape($name).", $tax_shipping)";
+ $sql = "INSERT INTO ".TB_PREF."tax_groups (name, tax_shipping) VALUES (".db_escape($name).", ".db_escape($tax_shipping).")";
db_query($sql, "could not add tax group");
$id = db_insert_id();
if($tax_shipping) // only one tax group for shipping
clear_shipping_tax_group();
- $sql = "UPDATE ".TB_PREF."tax_groups SET name=".db_escape($name).",tax_shipping=$tax_shipping WHERE id=$id";
+ $sql = "UPDATE ".TB_PREF."tax_groups SET name=".db_escape($name).",tax_shipping=".db_escape($tax_shipping)." WHERE id=".db_escape($id);
db_query($sql, "could not update tax group");
delete_tax_group_items($id);
function get_tax_group($type_id)
{
- $sql = "SELECT * FROM ".TB_PREF."tax_groups WHERE id=$type_id";
+ $sql = "SELECT * FROM ".TB_PREF."tax_groups WHERE id=".db_escape($type_id);
$result = db_query($sql, "could not get tax group");
{
begin_transaction();
- $sql = "DELETE FROM ".TB_PREF."tax_groups WHERE id=$id";
+ $sql = "DELETE FROM ".TB_PREF."tax_groups WHERE id=".db_escape($id);
db_query($sql, "could not delete tax group");
for ($i=0; $i < count($items); $i++)
{
$sql = "INSERT INTO ".TB_PREF."tax_group_items (tax_group_id, tax_type_id, rate)
- VALUES ($id, " . $items[$i] . ", " . $rates[$i] .")";
+ VALUES (".db_escape($id).", ".db_escape($items[$i]).", " . $rates[$i] .")";
db_query($sql, "could not add item tax group item");
}
}
function delete_tax_group_items($id)
{
- $sql = "DELETE FROM ".TB_PREF."tax_group_items WHERE tax_group_id=$id";
+ $sql = "DELETE FROM ".TB_PREF."tax_group_items WHERE tax_group_id=".db_escape($id);
db_query($sql, "could not delete item tax group items");
}
function get_tax_group_items($id)
{
- $sql = "SELECT ".TB_PREF."tax_group_items.*, ".TB_PREF."tax_types.name AS tax_type_name,
+ $sql = "SELECT ".TB_PREF."tax_group_items.*, ".TB_PREF."tax_types.name AS tax_type_name, ".TB_PREF."tax_types.rate,
".TB_PREF."tax_types.sales_gl_code, ".TB_PREF."tax_types.purchasing_gl_code
FROM ".TB_PREF."tax_group_items, ".TB_PREF."tax_types
- WHERE tax_group_id=$id
+ WHERE tax_group_id=".db_escape($id)."
AND ".TB_PREF."tax_types.id=tax_type_id";
return db_query($sql, "could not get item tax type group items");
function get_shipping_tax_group_items()
{
- $sql = "SELECT ".TB_PREF."tax_group_items.*, ".TB_PREF."tax_types.name AS tax_type_name,
+ $sql = "SELECT ".TB_PREF."tax_group_items.*, ".TB_PREF."tax_types.name AS tax_type_name, ".TB_PREF."tax_types.rate,
".TB_PREF."tax_types.sales_gl_code, ".TB_PREF."tax_types.purchasing_gl_code
FROM " .TB_PREF."tax_group_items, ".TB_PREF."tax_types, ".TB_PREF."tax_groups
WHERE " .TB_PREF."tax_groups.tax_shipping=1