Security update merged from 2.1.

[fa-stable.git] / taxes / item_tax_types.php

diff --git a/taxes/item_tax_types.php b/taxes/item_tax_types.php
index 817ce4ecd48d30b0e01cb982dca5d718ea316ccb..e6c1b104ef8c2b1a6e1f15fc63405ad2f7d90651 100644 (file)
--- a/taxes/item_tax_types.php
+++ b/taxes/item_tax_types.php
@@ -72,7 +72,7 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 
 function can_delete($selected_id)
 {
-       $sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_master WHERE tax_type_id=$selected_id";
+       $sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_master WHERE tax_type_id=".db_escape($selected_id);
        $result = db_query($sql, "could not query stock master");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0)