{
$sql = "INSERT INTO ".TB_PREF."stock_category (description)
- VALUES (".db_quote($description).")";
+ VALUES (".db_escape($description).")";
db_query($sql,"an item category could not be added");
}
function update_item_category($ItemCategory, $description)
{
- $sql = "UPDATE ".TB_PREF."stock_category SET description = ".db_quote($description)."
+ $sql = "UPDATE ".TB_PREF."stock_category SET description = ".db_escape($description)."
WHERE category_id = '$ItemCategory'";
db_query($sql,"an item category could not be updated");