- $sql = "UPDATE ".TB_PREF."payment_terms SET terms='" . $_POST['terms'] . "',
- day_in_following_month=" . $_POST['DayNumber'] . ",
+ $sql = "UPDATE ".TB_PREF."payment_terms SET terms=" . db_escape($_POST['terms']) . ",
+ day_in_following_month=" . db_escape($_POST['DayNumber']) . ",