- VALUES ($amount, '$date', $trans_type_from, $trans_no_from, $trans_no_to, $trans_type_to)";
+ VALUES (".db_escape($amount).", '$date', "
+ .db_escape($trans_type_from).", ".db_escape($trans_no_from).", "
+ .db_escape($trans_no_to).", ".db_escape($trans_type_to).")";