X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=taxes%2Fdb%2Fitem_tax_types_db.inc;h=24a5eedd86e5fcb0cbd80a86186597e8ad85e62d;hb=b9656a694227d0d22242fffbb343691b0db82030;hp=486bfc781122acaf4ecbb06dd39d85946f26b9ad;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/taxes/db/item_tax_types_db.inc b/taxes/db/item_tax_types_db.inc
index 486bfc78..24a5eedd 100644
--- a/taxes/db/item_tax_types_db.inc
+++ b/taxes/db/item_tax_types_db.inc
@@ -5,7 +5,7 @@ function add_item_tax_type($name, $exempt, $exempt_from)
 	begin_transaction();
 	
 	$sql = "INSERT INTO ".TB_PREF."item_tax_types (name, exempt) 
-		VALUES ('$name',$exempt)";
+		VALUES (".db_escape($name).",$exempt)";
 		
 	db_query($sql, "could not add item tax type");	
 	
@@ -21,7 +21,8 @@ function update_item_tax_type($id, $name, $exempt, $exempt_from)
 {
 	begin_transaction();
 	
-	$sql = "UPDATE ".TB_PREF."item_tax_types SET name='$name',	exempt=$exempt WHERE id=$id";
+	$sql = "UPDATE ".TB_PREF."item_tax_types SET name=".db_escape($name).
+	",	exempt=$exempt WHERE id=$id";
 	
 	db_query($sql, "could not update item tax type");