X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=taxes%2Ftax_types.php;h=ca2f866f3ce06644fbda659225740dbbe8fe79e8;hb=510d6e1925c4d1621ae3efd85e117cc9bb4320f0;hp=af2a2e09f91dd85f097707cdec034aadba6385e2;hpb=2383d33373d6ddec06906658a0ed6398077c1147;p=fa-stable.git

diff --git a/taxes/tax_types.php b/taxes/tax_types.php
index af2a2e09..ca2f866f 100644
--- a/taxes/tax_types.php
+++ b/taxes/tax_types.php
@@ -9,8 +9,8 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 3;
-$path_to_root="..";
+$page_security = 'SA_TAXRATES';
+$path_to_root = "..";
 
 include($path_to_root . "/includes/session.inc");
 page(_("Tax Types"));
@@ -72,7 +72,7 @@ if ($Mode=='UPDATE_ITEM' && can_process())
 
 function can_delete($selected_id)
 {
-	$sql= "SELECT COUNT(*) FROM ".TB_PREF."tax_group_items	WHERE tax_type_id=$selected_id";
+	$sql= "SELECT COUNT(*) FROM ".TB_PREF."tax_group_items	WHERE tax_type_id=".db_escape($selected_id);
 	$result = db_query($sql, "could not query tax groups");
 	$myrow = db_fetch_row($result);
 	if ($myrow[0] > 0)