Additional fixes to upgrade scripts.

[fa-stable.git] / taxes / tax_groups.php

diff --git a/taxes/tax_groups.php b/taxes/tax_groups.php
index 8e879cd4e97a504a2dd7b4ce95a97604dcaec972..ea61fd3444f0fb71ecd96d8a6952fb30d6579d74 100644 (file)
--- a/taxes/tax_groups.php
+++ b/taxes/tax_groups.php
@@ -99,7 +99,7 @@ function can_delete($selected_id)
 {
        if ($selected_id == -1)
                return false;
-       $sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE tax_group_id=$selected_id";
+       $sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE tax_group_id=".db_escape($selected_id);
        $result = db_query($sql, "could not query customers");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0) 
@@ -108,7 +108,7 @@ function can_delete($selected_id)
                return false;
        }
 
-       $sql = "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE tax_group_id=$selected_id";
+       $sql = "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE tax_group_id=".db_escape($selected_id);
        $result = db_query($sql, "could not query suppliers");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0) 
@@ -176,9 +176,9 @@ while ($myrow = db_fetch($result))
 
 inactive_control_row($th);
 end_table(1);
-end_form(); // was missing
+
 //-----------------------------------------------------------------------------------
-start_form(); // was missing
+
 start_table($table_style2);
 
 if ($selected_id != -1) 
@@ -200,6 +200,7 @@ if ($selected_id != -1)
                $_POST['rate' . $i]  = percent_format($tax_item["rate"]);
                $i ++;
        }
+       while($i<5) unset($_POST['tax_type_id'.$i++]);
        }
 
        hidden('selected_id', $selected_id);