- conversion_factor, supplier_description) VALUES ('$supplier_id', '$stock_id',
- $price, '$uom', 1, '$description')";
+ conversion_factor, supplier_description) VALUES (".db_escape($supplier_id)
+ .", ".db_escape($stock_id).", ".db_escape($price).", "
+ .db_escape($uom).", 1, ".db_escape($description).")";