X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=taxes%2Fdb%2Ftax_types_db.inc;h=5cd18ebb1b55815d9340d29acdbdc1f7c9ac01f1;hb=b9656a694227d0d22242fffbb343691b0db82030;hp=029cad160e6e6c6c41c5c444a7d121ce0e2ff316;hpb=c9190b6913691b997ba27e0804e329ee7a3d6f53;p=fa-stable.git

diff --git a/taxes/db/tax_types_db.inc b/taxes/db/tax_types_db.inc
index 029cad16..5cd18ebb 100644
--- a/taxes/db/tax_types_db.inc
+++ b/taxes/db/tax_types_db.inc
@@ -3,16 +3,17 @@
 function add_tax_type($name, $sales_gl_code, $purchasing_gl_code, $rate)
 {
 	$sql = "INSERT INTO ".TB_PREF."tax_types (name, sales_gl_code, purchasing_gl_code, rate)
-		VALUES ('$name', '$sales_gl_code', '$purchasing_gl_code', $rate)";
+		VALUES (".db_escape($name).", ".db_escape($sales_gl_code)
+		.", ".db_escape($purchasing_gl_code).", $rate)";
 
 	db_query($sql, "could not add tax type");
 }
 
 function update_tax_type($type_id, $name, $sales_gl_code, $purchasing_gl_code, $rate)
 {
-	$sql = "UPDATE ".TB_PREF."tax_types SET name='$name',
-		sales_gl_code='$sales_gl_code',
-		purchasing_gl_code='$purchasing_gl_code',
+	$sql = "UPDATE ".TB_PREF."tax_types SET name=".db_escape($name).",
+		sales_gl_code=".db_escape($sales_gl_code).",
+		purchasing_gl_code=".db_escape($purchasing_gl_code).",
 		rate=$rate
 		WHERE id=$type_id";