/*Insert to purchase order header record */
$sql = "INSERT INTO ".TB_PREF."purch_orders (supplier_id, Comments, ord_date, reference, requisition_no, into_stock_location, delivery_address) VALUES(";
- $sql .= "' ". $po_obj->supplier_id . "'," .
+ $sql .= db_escape($po_obj->supplier_id) . "," .
db_escape($po_obj->Comments) . ",'" .
date2sql($po_obj->orig_order_date) . "', '" .
$po_obj->reference . "', " .
/*Update the purchase order header with any changes */
$sql = "UPDATE ".TB_PREF."purch_orders SET Comments=" . db_escape($po_obj->Comments) . ",
- requisition_no= " db_escape(. $po_obj->requisition_no). ",
+ requisition_no= ". db_escape( $po_obj->requisition_no). ",
into_stock_location=" . db_escape($po_obj->Location). ",
ord_date='" . date2sql($po_obj->orig_order_date) . "',
delivery_address=" . db_escape($po_obj->delivery_address);