X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=taxes%2Fdb%2Ftax_types_db.inc;h=97a623290a272e0360390e4fe4895c666c65e8eb;hb=c4eae7a18f0eb824e6eda7be2ba6fa820e9e58c9;hp=029cad160e6e6c6c41c5c444a7d121ce0e2ff316;hpb=c9190b6913691b997ba27e0804e329ee7a3d6f53;p=fa-stable.git

diff --git a/taxes/db/tax_types_db.inc b/taxes/db/tax_types_db.inc
index 029cad16..97a62329 100644
--- a/taxes/db/tax_types_db.inc
+++ b/taxes/db/tax_types_db.inc
@@ -1,18 +1,28 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 function add_tax_type($name, $sales_gl_code, $purchasing_gl_code, $rate)
 {
 	$sql = "INSERT INTO ".TB_PREF."tax_types (name, sales_gl_code, purchasing_gl_code, rate)
-		VALUES ('$name', '$sales_gl_code', '$purchasing_gl_code', $rate)";
+		VALUES (".db_escape($name).", ".db_escape($sales_gl_code)
+		.", ".db_escape($purchasing_gl_code).", $rate)";
 
 	db_query($sql, "could not add tax type");
 }
 
 function update_tax_type($type_id, $name, $sales_gl_code, $purchasing_gl_code, $rate)
 {
-	$sql = "UPDATE ".TB_PREF."tax_types SET name='$name',
-		sales_gl_code='$sales_gl_code',
-		purchasing_gl_code='$purchasing_gl_code',
+	$sql = "UPDATE ".TB_PREF."tax_types SET name=".db_escape($name).",
+		sales_gl_code=".db_escape($sales_gl_code).",
+		purchasing_gl_code=".db_escape($purchasing_gl_code).",
 		rate=$rate
 		WHERE id=$type_id";