- $sql .= "VALUES ($supp_trans_type, $supp_trans_no, '$stock_id', '$description', '$gl_code', $unit_price, $unit_tax, $quantity,
- $grn_item_id, $po_detail_item_id, '$memo_')";
+ $sql .= "VALUES ($supp_trans_type, $supp_trans_no, ".db_escape($stock_id).
+ ", ".db_escape($description).", ".db_escape($gl_code).", $unit_price, $unit_tax, $quantity,
+ $grn_item_id, $po_detail_item_id, ".db_escape($memo_).")";