- $po_obj->reference . "', '" .
- $po_obj->requisition_no . "', '" .
- $po_obj->Location . "', '" .
- $po_obj->delivery_address . "')";
+ $po_obj->reference . "', " .
+ db_escape($po_obj->requisition_no) . ", " .
+ db_escape($po_obj->Location) . ", " .
+ db_escape($po_obj->delivery_address) . ")";