projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security sql statements update against sql injection attacks.
[fa-stable.git] / taxes / tax_types.php
diff --git a/taxes/tax_types.php b/taxes/tax_types.php
index 20369be770dfdd5bc06a8bae6d672822393a5c98..e7aa9240114516f8099f01ce0e63cdac5d215993 100644 (file)
--- a/taxes/tax_types.php
+++ b/taxes/tax_types.php
@@ -72,7 +72,7 @@ if ($Mode=='UPDATE_ITEM' && can_process())
 
 function can_delete($selected_id)
 {
-       $sql= "SELECT COUNT(*) FROM ".TB_PREF."tax_group_items  WHERE tax_type_id=$selected_id";
+       $sql= "SELECT COUNT(*) FROM ".TB_PREF."tax_group_items  WHERE tax_type_id=".db_escape($selected_id);
        $result = db_query($sql, "could not query tax groups");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0)
FrontAccounting stable branch