- $sql .= "'" . $po_obj->supplier_id . "', '" .
- db_escape($po_obj->Comments) . "','" .
- date2sql($po_obj->orig_order_date) . "', '" .
- $po_obj->reference . "', '" .
- $po_obj->requisition_no . "', '" .
- $po_obj->Location . "', '" .
- $po_obj->delivery_address . "')";
-
+ $sql .= db_escape($po_obj->supplier_id) . "," .
+ db_escape($po_obj->Comments) . ",'" .
+ date2sql($po_obj->orig_order_date) . "', '" .
+ $po_obj->reference . "', " .
+ db_escape($po_obj->requisition_no) . ", " .
+ db_escape($po_obj->Location) . ", " .
+ db_escape($po_obj->delivery_address) . ")";
+