- $sql = "UPDATE ".TB_PREF."shippers SET shipper_name='" . $_POST['shipper_name'] . "' ,
- contact ='" . $_POST['contact'] . "' ,
- phone ='" . $_POST['phone'] . "' ,
- address ='" . $_POST['address'] . "'
+ $sql = "UPDATE ".TB_PREF."shippers SET shipper_name=" . db_escape($_POST['shipper_name']). " ,
+ contact =" . db_escape($_POST['contact']). " ,
+ phone =" . db_escape($_POST['phone']). " ,
+ address =" . db_escape($_POST['address']). "