X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=taxes%2Fdb%2Ftax_groups_db.inc;h=5c217aa275bb0457c67a8285b57bf0ff4f509fca;hb=66a62190f99d83f958bb98195b5756b8b307e378;hp=df48e0a1793d3b6a370825df7c7f4aaa0535cb8a;hpb=0b253e5e0d23400838d3bfb4f27fb3fb2637b3ab;p=fa-stable.git diff --git a/taxes/db/tax_groups_db.inc b/taxes/db/tax_groups_db.inc index df48e0a1..5c217aa2 100644 --- a/taxes/db/tax_groups_db.inc +++ b/taxes/db/tax_groups_db.inc @@ -21,7 +21,7 @@ function add_tax_group($name, $tax_shipping, $taxes, $rates) if($tax_shipping) // only one tax group for shipping clear_shipping_tax_group(); - $sql = "INSERT INTO ".TB_PREF."tax_groups (name, tax_shipping) VALUES (".db_escape($name).", $tax_shipping)"; + $sql = "INSERT INTO ".TB_PREF."tax_groups (name, tax_shipping) VALUES (".db_escape($name).", ".db_escape($tax_shipping).")"; db_query($sql, "could not add tax group"); $id = db_insert_id(); @@ -38,7 +38,7 @@ function update_tax_group($id, $name, $tax_shipping, $taxes, $rates) if($tax_shipping) // only one tax group for shipping clear_shipping_tax_group(); - $sql = "UPDATE ".TB_PREF."tax_groups SET name=".db_escape($name).",tax_shipping=$tax_shipping WHERE id=$id"; + $sql = "UPDATE ".TB_PREF."tax_groups SET name=".db_escape($name).",tax_shipping=".db_escape($tax_shipping)." WHERE id=".db_escape($id); db_query($sql, "could not update tax group"); delete_tax_group_items($id); @@ -57,7 +57,7 @@ function get_all_tax_groups($all=false) function get_tax_group($type_id) { - $sql = "SELECT * FROM ".TB_PREF."tax_groups WHERE id=$type_id"; + $sql = "SELECT * FROM ".TB_PREF."tax_groups WHERE id=".db_escape($type_id); $result = db_query($sql, "could not get tax group"); @@ -68,7 +68,7 @@ function delete_tax_group($id) { begin_transaction(); - $sql = "DELETE FROM ".TB_PREF."tax_groups WHERE id=$id"; + $sql = "DELETE FROM ".TB_PREF."tax_groups WHERE id=".db_escape($id); db_query($sql, "could not delete tax group"); @@ -82,24 +82,24 @@ function add_tax_group_items($id, $items, $rates) for ($i=0; $i < count($items); $i++) { $sql = "INSERT INTO ".TB_PREF."tax_group_items (tax_group_id, tax_type_id, rate) - VALUES ($id, " . $items[$i] . ", " . $rates[$i] .")"; + VALUES (".db_escape($id).", ".db_escape($items[$i]).", " . $rates[$i] .")"; db_query($sql, "could not add item tax group item"); } } function delete_tax_group_items($id) { - $sql = "DELETE FROM ".TB_PREF."tax_group_items WHERE tax_group_id=$id"; + $sql = "DELETE FROM ".TB_PREF."tax_group_items WHERE tax_group_id=".db_escape($id); db_query($sql, "could not delete item tax group items"); } function get_tax_group_items($id) { - $sql = "SELECT ".TB_PREF."tax_group_items.*, ".TB_PREF."tax_types.name AS tax_type_name, + $sql = "SELECT ".TB_PREF."tax_group_items.*, ".TB_PREF."tax_types.name AS tax_type_name, ".TB_PREF."tax_types.rate, ".TB_PREF."tax_types.sales_gl_code, ".TB_PREF."tax_types.purchasing_gl_code FROM ".TB_PREF."tax_group_items, ".TB_PREF."tax_types - WHERE tax_group_id=$id + WHERE tax_group_id=".db_escape($id)." AND ".TB_PREF."tax_types.id=tax_type_id"; return db_query($sql, "could not get item tax type group items"); @@ -128,7 +128,7 @@ function get_tax_group_items_as_array($id) function get_shipping_tax_group_items() { - $sql = "SELECT ".TB_PREF."tax_group_items.*, ".TB_PREF."tax_types.name AS tax_type_name, + $sql = "SELECT ".TB_PREF."tax_group_items.*, ".TB_PREF."tax_types.name AS tax_type_name, ".TB_PREF."tax_types.rate, ".TB_PREF."tax_types.sales_gl_code, ".TB_PREF."tax_types.purchasing_gl_code FROM " .TB_PREF."tax_group_items, ".TB_PREF."tax_types, ".TB_PREF."tax_groups WHERE " .TB_PREF."tax_groups.tax_shipping=1