-
- $sql .= "VALUES ($type, $trans_no, '$bank_act', '$ref', '$sqlDate', '$bank_trans_type_id',
- $amount_bank, $person_type_id, '$person_id')";
-
+
+ $sql .= "VALUES ($type, $trans_no, '$bank_act', ".db_escape($ref).", '$sqlDate', '$bank_trans_type_id',
+ $amount_bank, $person_type_id, ". db_escape($person_id).")";
+