- $sql = "INSERT INTO ".TB_PREF."bank_accounts (account_code, account_type, bank_account_name, bank_name, bank_account_number, bank_address, bank_curr_code)
- VALUES ('$account_code', $account_type, '$bank_account_name', '$bank_name', '$bank_account_number',
- '$bank_address', '$bank_curr_code')";
-
+ $sql = "INSERT INTO ".TB_PREF."bank_accounts (account_code, account_type, bank_account_name, bank_name, bank_account_number, bank_address, bank_curr_code)
+ VALUES (".db_escape($account_code).", $account_type, ".db_escape($bank_account_name).", ".db_escape($bank_name).", ".db_escape($bank_account_number).",
+ ".db_escape($bank_address).", '$bank_curr_code')";
+