projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security sql statements update against sql injection attacks.
[fa-stable.git] / taxes / tax_groups.php
diff --git a/taxes/tax_groups.php b/taxes/tax_groups.php
index bc947284d616ebdb72e0c165f9699a1ab50395aa..cf4177c6b697883a16732ae97d47a961f50bcf61 100644 (file)
--- a/taxes/tax_groups.php
+++ b/taxes/tax_groups.php
@@ -96,7 +96,7 @@ function can_delete($selected_id)
 {
        if ($selected_id == -1)
                return false;
-       $sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE tax_group_id=$selected_id";
+       $sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE tax_group_id=".db_escape($selected_id);
        $result = db_query($sql, "could not query customers");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0) 
@@ -105,7 +105,7 @@ function can_delete($selected_id)
                return false;
        }
 
-       $sql = "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE tax_group_id=$selected_id";
+       $sql = "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE tax_group_id=".db_escape($selected_id);
        $result = db_query($sql, "could not query suppliers");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0) 
FrontAccounting stable branch