Moved all SQL statements from PHP files into relevant *_db.inc files.

[fa-stable.git] / taxes / item_tax_types.php

diff --git a/taxes/item_tax_types.php b/taxes/item_tax_types.php
index 295d359519f9e93d1f7d560162b1221ea6ec4fcb..f1414efcfe084145479ad4ac5c8ef2c80224bb7f 100644 (file)
--- a/taxes/item_tax_types.php
+++ b/taxes/item_tax_types.php
@@ -9,12 +9,12 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
+$page_security = 'SA_ITEMTAXTYPE';
 $path_to_root = "..";
-$page_security = 3;
 
 include($path_to_root . "/includes/session.inc");
 
-page(_("Item Tax Types")); 
+page(_($help_context = "Item Tax Types")); 
 
 include_once($path_to_root . "/taxes/db/item_tax_types_db.inc");
 include_once($path_to_root . "/taxes/db/tax_types_db.inc");
@@ -72,7 +72,7 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 
 function can_delete($selected_id)
 {
-       $sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_master WHERE tax_type_id=$selected_id";
+       $sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_master WHERE tax_type_id=".db_escape($selected_id);
        $result = db_query($sql, "could not query stock master");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0)