- filesize, filetype, tran_date) VALUES (".$_POST['filterType'].",".$_POST['trans_no'].",".
- db_escape($_POST['description']).", '$filename', '$unique_name', '$filesize', '$filetype', '$date')";
+ filesize, filetype, tran_date) VALUES (".db_escape($_POST['filterType']).","
+ .db_escape($_POST['trans_no']).",".db_escape($_POST['description']).", "
+ .db_escape($filename).", ".db_escape($unique_name).", ".db_escape($filesize)
+ .", ".db_escape($filetype).", '$date')";