X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=taxes%2Ftax_groups.php;h=ea61fd3444f0fb71ecd96d8a6952fb30d6579d74;hb=12aba8d6c76b53b221b3bcf9eeffe3ab40f3e767;hp=07cda24372a2bc9fe4ae5f496c19d406c18e4643;hpb=c28ffac7e8e0717ef545c4a14a6b66cbe56f8456;p=fa-stable.git

diff --git a/taxes/tax_groups.php b/taxes/tax_groups.php
index 07cda243..ea61fd34 100644
--- a/taxes/tax_groups.php
+++ b/taxes/tax_groups.php
@@ -99,7 +99,7 @@ function can_delete($selected_id)
 {
 	if ($selected_id == -1)
 		return false;
-	$sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE tax_group_id=$selected_id";
+	$sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE tax_group_id=".db_escape($selected_id);
 	$result = db_query($sql, "could not query customers");
 	$myrow = db_fetch_row($result);
 	if ($myrow[0] > 0) 
@@ -108,7 +108,7 @@ function can_delete($selected_id)
 		return false;
 	}
 
-	$sql = "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE tax_group_id=$selected_id";
+	$sql = "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE tax_group_id=".db_escape($selected_id);
 	$result = db_query($sql, "could not query suppliers");
 	$myrow = db_fetch_row($result);
 	if ($myrow[0] > 0)