Security update merged from 2.1.

[fa-stable.git] / taxes / tax_groups.php

diff --git a/taxes/tax_groups.php b/taxes/tax_groups.php
index 07cda24372a2bc9fe4ae5f496c19d406c18e4643..ea61fd3444f0fb71ecd96d8a6952fb30d6579d74 100644 (file)
--- a/taxes/tax_groups.php
+++ b/taxes/tax_groups.php
@@ -99,7 +99,7 @@ function can_delete($selected_id)
 {
        if ($selected_id == -1)
                return false;
-       $sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE tax_group_id=$selected_id";
+       $sql = "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE tax_group_id=".db_escape($selected_id);
        $result = db_query($sql, "could not query customers");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0) 
@@ -108,7 +108,7 @@ function can_delete($selected_id)
                return false;
        }
 
-       $sql = "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE tax_group_id=$selected_id";
+       $sql = "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE tax_group_id=".db_escape($selected_id);
        $result = db_query($sql, "could not query suppliers");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0)