Security sql statements update against sql injection attacks.

[fa-stable.git] / taxes / item_tax_types.php

diff --git a/taxes/item_tax_types.php b/taxes/item_tax_types.php
index 91f21c97405c52dba08bdf9f2e436e88e3a27c01..96742971e44d2ac84a0c66c8de886cc1199a42d5 100644 (file)
--- a/taxes/item_tax_types.php
+++ b/taxes/item_tax_types.php
@@ -72,7 +72,7 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 
 function can_delete($selected_id)
 {
-       $sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_master WHERE tax_type_id=$selected_id";
+       $sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_master WHERE tax_type_id=".db_escape($selected_id);
        $result = db_query($sql, "could not query stock master");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0)