X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=taxes%2Ftax_groups.php;h=ea61fd3444f0fb71ecd96d8a6952fb30d6579d74;hb=36ec54507b7841b2352734b81e45b95e371ecdab;hp=8e879cd4e97a504a2dd7b4ce95a97604dcaec972;hpb=92e40b08ac3ed20929bc73b59bf6e7e9ff85fcdb;p=fa-stable.git

diff --git a/taxes/tax_groups.php b/taxes/tax_groups.php
index 8e879cd4..ea61fd34 100644
--- a/taxes/tax_groups.php
+++ b/taxes/tax_groups.php
@@ -99,7 +99,7 @@ function can_delete($selected_id)
 {
 	if ($selected_id == -1)
 		return false;
-	$sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE tax_group_id=$selected_id";
+	$sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE tax_group_id=".db_escape($selected_id);
 	$result = db_query($sql, "could not query customers");
 	$myrow = db_fetch_row($result);
 	if ($myrow[0] > 0) 
@@ -108,7 +108,7 @@ function can_delete($selected_id)
 		return false;
 	}
 
-	$sql = "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE tax_group_id=$selected_id";
+	$sql = "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE tax_group_id=".db_escape($selected_id);
 	$result = db_query($sql, "could not query suppliers");
 	$myrow = db_fetch_row($result);
 	if ($myrow[0] > 0) 
@@ -176,9 +176,9 @@ while ($myrow = db_fetch($result))
 
 inactive_control_row($th);
 end_table(1);
-end_form(); // was missing
+
 //-----------------------------------------------------------------------------------
-start_form(); // was missing
+
 start_table($table_style2);
 
 if ($selected_id != -1) 
@@ -200,6 +200,7 @@ if ($selected_id != -1)
     		$_POST['rate' . $i]  = percent_format($tax_item["rate"]);
     		$i ++;
     	}
+    	while($i<5) unset($_POST['tax_type_id'.$i++]);
 	}
 
 	hidden('selected_id', $selected_id);