- $sql = "UPDATE ".TB_PREF."budget_trans SET amount=$amount WHERE account='$account' AND
- dimension_id=$dimension AND dimension2_id=$dimension2 AND tran_date='$date'";
+ $sql = "UPDATE ".TB_PREF."budget_trans SET amount=".db_escape($amount)
+ ." WHERE account=".db_escape($account)
+ ." AND dimension_id=".db_escape($dimension)
+ ." AND dimension2_id=".db_escape($dimension2)
+ ." AND tran_date='$date'";