$query = sprintf("INSERT INTO job (title, location, description, priority, comment, section) " .
" VALUES ('%s', '%s', '%s', %d, '%s', '%s')",
- $prow['title'],
- $prow['location'],
- $prow['description'],
+ addslashes($prow['title']),
+ addslashes($prow['location']),
+ addslashes($prow['description']),
$prow['priority'],
- $prow['comment'],
- $prow['section']);
+ addslashes($prow['comment']),
+ addslashes($prow['section']));
$sth = pg_exec($dbh, $query) or die ("Cannot add this job.");