Sealing against XSS atacks: purchasing,sales,install,admin,taxes

[fa-stable.git] / taxes / db / item_tax_types_db.inc

diff --git a/taxes/db/item_tax_types_db.inc b/taxes/db/item_tax_types_db.inc
index 486bfc781122acaf4ecbb06dd39d85946f26b9ad..24a5eedd86e5fcb0cbd80a86186597e8ad85e62d 100644 (file)
--- a/taxes/db/item_tax_types_db.inc
+++ b/taxes/db/item_tax_types_db.inc
@@ -5,7 +5,7 @@ function add_item_tax_type($name, $exempt, $exempt_from)
        begin_transaction();
        
        $sql = "INSERT INTO ".TB_PREF."item_tax_types (name, exempt) 
-               VALUES ('$name',$exempt)";
+               VALUES (".db_escape($name).",$exempt)";
                
        db_query($sql, "could not add item tax type");  
        
@@ -21,7 +21,8 @@ function update_item_tax_type($id, $name, $exempt, $exempt_from)
 {
        begin_transaction();
        
-       $sql = "UPDATE ".TB_PREF."item_tax_types SET name='$name',      exempt=$exempt WHERE id=$id";
+       $sql = "UPDATE ".TB_PREF."item_tax_types SET name=".db_escape($name).
+       ",      exempt=$exempt WHERE id=$id";
        
        db_query($sql, "could not update item tax type");