$sales_account, $inventory_account, $cogs_account, $adjustment_account,
$assembly_account, $dimension_id, $dimension2_id)
{
- $sql = "UPDATE ".TB_PREF."stock_master SET long_description='$long_description',
- description='$description',
+ $sql = "UPDATE ".TB_PREF."stock_master SET long_description=".db_escape($long_description).",
+ description=".db_escape($description).",
category_id='$category_id',
sales_account='$sales_account',
inventory_account='$inventory_account',
$sql = "INSERT INTO ".TB_PREF."stock_master (stock_id, description, long_description, category_id,
tax_type_id, units, mb_flag, sales_account, inventory_account, cogs_account,
adjustment_account, assembly_account, dimension_id, dimension2_id)
- VALUES ('$stock_id', '$description', '$long_description',
+ VALUES (".db_escape($stock_id).", ".db_escape($description).", ".db_escape($long_description).",
'$category_id', $tax_type_id, '$units', '$mb_flag',
'$sales_account', '$inventory_account', '$cogs_account',
'$adjustment_account', '$assembly_account', $dimension_id, $dimension2_id)";