X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=taxes%2Fdb%2Ftax_groups_db.inc;h=10f0256a2e4654826d50815ff76aa8ee8eec4c6e;hb=4c16d92ae1e1032f23e029d7d2f901a65a4223bc;hp=10f0f5cfce9ecf124e6477fcf862ac4223cd79db;hpb=a5bdb4cb5a7b4ed58ac02192b5cf814f99f1a6b7;p=fa-stable.git

diff --git a/taxes/db/tax_groups_db.inc b/taxes/db/tax_groups_db.inc
index 10f0f5cf..10f0256a 100644
--- a/taxes/db/tax_groups_db.inc
+++ b/taxes/db/tax_groups_db.inc
@@ -12,7 +12,7 @@ function add_tax_group($name, $tax_shipping, $taxes, $rates)
 	if($tax_shipping) 	// only one tax group for shipping
 	  clear_shipping_tax_group();
 		
-	$sql = "INSERT INTO ".TB_PREF."tax_groups (name, tax_shipping) VALUES ('$name', $tax_shipping)";
+	$sql = "INSERT INTO ".TB_PREF."tax_groups (name, tax_shipping) VALUES (".db_escape($name).", $tax_shipping)";
 	db_query($sql, "could not add tax group");
 	
 	$id = db_insert_id();
@@ -29,7 +29,7 @@ function update_tax_group($id, $name, $tax_shipping, $taxes, $rates)
 	if($tax_shipping) 	// only one tax group for shipping
 	  clear_shipping_tax_group();
 	
-    $sql = "UPDATE ".TB_PREF."tax_groups SET name='$name',tax_shipping=$tax_shipping WHERE id=$id";
+    $sql = "UPDATE ".TB_PREF."tax_groups SET name=".db_escape($name).",tax_shipping=$tax_shipping WHERE id=$id";
 	db_query($sql, "could not update tax group");
 	
 	delete_tax_group_items($id);