X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=taxes%2Fdb%2Fitem_tax_types_db.inc;h=7e034e4b746242bd4f3abd47bf770726128d877a;hb=a5a1f885ee288c74ea2674a9eaaa402ac3c05363;hp=24a5eedd86e5fcb0cbd80a86186597e8ad85e62d;hpb=c09be0dad6b05131e240349a375af7a4b7bf3444;p=fa-stable.git

diff --git a/taxes/db/item_tax_types_db.inc b/taxes/db/item_tax_types_db.inc
index 24a5eedd..7e034e4b 100644
--- a/taxes/db/item_tax_types_db.inc
+++ b/taxes/db/item_tax_types_db.inc
@@ -1,11 +1,20 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 function add_item_tax_type($name, $exempt, $exempt_from)
 {
 	begin_transaction();
 	
 	$sql = "INSERT INTO ".TB_PREF."item_tax_types (name, exempt) 
-		VALUES (".db_escape($name).",$exempt)";
+		VALUES (".db_escape($name).",".db_escape($exempt).")";
 		
 	db_query($sql, "could not add item tax type");	
 	
@@ -22,7 +31,7 @@ function update_item_tax_type($id, $name, $exempt, $exempt_from)
 	begin_transaction();
 	
 	$sql = "UPDATE ".TB_PREF."item_tax_types SET name=".db_escape($name).
-	",	exempt=$exempt WHERE id=$id";
+	",	exempt=".db_escape($exempt)." WHERE id=".db_escape($id);
 	
 	db_query($sql, "could not update item tax type");	
 	
@@ -42,7 +51,7 @@ function get_all_item_tax_types()
 
 function get_item_tax_type($id)
 {
-	$sql = "SELECT * FROM ".TB_PREF."item_tax_types WHERE id=$id";
+	$sql = "SELECT * FROM ".TB_PREF."item_tax_types WHERE id=".db_escape($id);
 	
 	$result = db_query($sql, "could not get item tax type");
 	
@@ -51,7 +60,8 @@ function get_item_tax_type($id)
 
 function get_item_tax_type_for_item($stock_id)
 {
-	$sql = "SELECT ".TB_PREF."item_tax_types.* FROM ".TB_PREF."item_tax_types,".TB_PREF."stock_master WHERE ".TB_PREF."stock_master.stock_id='$stock_id'
+	$sql = "SELECT ".TB_PREF."item_tax_types.* FROM ".TB_PREF."item_tax_types,".TB_PREF."stock_master WHERE 
+		".TB_PREF."stock_master.stock_id=".db_escape($stock_id)."
 		AND ".TB_PREF."item_tax_types.id=".TB_PREF."stock_master.tax_type_id";
 	
 	$result = db_query($sql, "could not get item tax type");
@@ -63,7 +73,7 @@ function delete_item_tax_type($id)
 {
 	begin_transaction();
 		
-	$sql = "DELETE FROM ".TB_PREF."item_tax_types WHERE id=$id";
+	$sql = "DELETE FROM ".TB_PREF."item_tax_types WHERE id=".db_escape($id);
 		
 	db_query($sql, "could not delete item tax type");
 	// also delete all exemptions
@@ -77,21 +87,21 @@ function add_item_tax_type_exemptions($id, $exemptions)
 	for ($i = 0; $i < count($exemptions); $i++) 
 	{
 		$sql = "INSERT INTO ".TB_PREF."item_tax_type_exemptions (item_tax_type_id, tax_type_id)
-			VALUES ($id,  " . $exemptions[$i] . ")";
+			VALUES (".db_escape($id).",  ".db_escape($exemptions[$i]).")";
 		db_query($sql, "could not add item tax type exemptions");					
 	}		
 }
 
 function delete_item_tax_type_exemptions($id)
 {
-	$sql = "DELETE FROM ".TB_PREF."item_tax_type_exemptions WHERE item_tax_type_id=$id";
+	$sql = "DELETE FROM ".TB_PREF."item_tax_type_exemptions WHERE item_tax_type_id=".db_escape($id);
 	
 	db_query($sql, "could not delete item tax type exemptions");					
 }
 
 function get_item_tax_type_exemptions($id)
 {
-	$sql = "SELECT * FROM ".TB_PREF."item_tax_type_exemptions WHERE item_tax_type_id=$id";
+	$sql = "SELECT * FROM ".TB_PREF."item_tax_type_exemptions WHERE item_tax_type_id=".db_escape($id);
 	
 	return db_query($sql, "could not get item tax type exemptions");
 }