projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security sql statements update against sql injection attacks.
[fa-stable.git] / taxes / tax_calc.inc
diff --git a/taxes/tax_calc.inc b/taxes/tax_calc.inc
index 1209d62133eca1f355f073e7f2a464b95b999aaa..7107cdca7a75c8f6732e533231faeda6c84cc92e 100644 (file)
--- a/taxes/tax_calc.inc
+++ b/taxes/tax_calc.inc
@@ -210,7 +210,7 @@ function get_tax_for_items($items, $prices, $shipping_cost, $tax_group, $tax_inc
 function is_tax_account($account_code)
 {
        $sql= "SELECT id FROM ".TB_PREF."tax_types WHERE 
-               sales_gl_code='$account_code' OR purchasing_gl_code='$account_code'";
+               sales_gl_code=".db_escape($account_code)." OR purchasing_gl_code=".db_escape($account_code);
        $result = db_query($sql, "checking account is tax account");
        if (db_num_rows($result) > 0) {
                $acct = db_fetch($result);
FrontAccounting stable branch