- $sql = "UPDATE ".TB_PREF."stock_category SET description = '$description'
- WHERE category_id = '$ItemCategory'";
-
- db_query($sql,"an item category could not be updated");
+ $sql = "UPDATE ".TB_PREF."stock_category SET description = ".db_escape($description)."
+ WHERE category_id = '$ItemCategory'";
+
+ db_query($sql,"an item category could not be updated");