- $sql = "INSERT INTO ".TB_PREF."debtors_master (name, address, tax_id, email, dimension_id, dimension2_id,
- curr_code, credit_status, payment_terms, discount, pymt_discount,credit_limit,
- sales_type) VALUES ('" . $_POST['CustName'] ."', '" . $_POST['address'] . "', '" . $_POST['tax_id'] . "',
- '" . $_POST['email'] . "', " . $_POST['dimension_id'] . ", " . $_POST['dimension2_id'] . ", '" . $_POST['curr_code'] . "',
- " . $_POST['credit_status'] . ", '" . $_POST['payment_terms'] . "', " . input_num('discount')/100 . ",
- " . input_num('pymt_discount')/100 . ", " . input_num('credit_limit') . ", '" . $_POST['sales_type'] . "')";
+ $sql = "INSERT INTO ".TB_PREF."debtors_master (name, debtor_ref, address, tax_id, email, dimension_id, dimension2_id,
+ curr_code, credit_status, payment_terms, discount, pymt_discount,credit_limit,
+ sales_type, notes) VALUES (".db_escape($_POST['CustName']) .", " .db_escape($_POST['cust_ref']) .", "
+ .db_escape($_POST['address']) . ", " . db_escape($_POST['tax_id']) . ","
+ .db_escape($_POST['email']) . ", ".db_escape($_POST['dimension_id']) . ", "
+ .db_escape($_POST['dimension2_id']) . ", ".db_escape($_POST['curr_code']) . ",
+ " . db_escape($_POST['credit_status']) . ", ".db_escape($_POST['payment_terms']) . ", " . input_num('discount')/100 . ",
+ " . input_num('pymt_discount')/100 . ", " . input_num('credit_limit')
+ .", ".db_escape($_POST['sales_type']).", ".db_escape($_POST['notes']) . ")";