--- a/betweenpoint.move.php
+++ b/betweenpoint.move.php
@@ -78,11 +78,14 @@
       $result_outdatedroutes = pg_query($conn, "Select * FROM between_stops where points LIKE '%" . $_REQUEST['oldgeopo'] . ";%'");
       while ($outdatedroute = pg_fetch_assoc($result_outdatedroutes)) {
           $newpoints = str_replace($_REQUEST['oldgeopo'], $geoPo, $outdatedroute['points']);
-          $sql = "UPDATE  between_stops set points='$newpoints' where fromlocation = '{$outdatedroute['fromlocation']}' AND tolocation = '{$outdatedroute['tolocation']}' ";
+          $sql = "UPDATE  between_stops set points='$newpoints' where
+	  fromlocation = '".pg_escape_string($outdatedroute['fromlocation']).
+	  "' AND tolocation = '".pg_escape_string($outdatedroute['tolocation'])."' ";
           $result = pg_query($conn, $sql);
           if (!$result) {
               echo("Error in SQL query: " . pg_last_error() . "<br>\n");
           }
+	  echo "updated ".$outdatedroute['fromlocation']."->".$outdatedroute['tolocation']."<br>";
           $updatedroutes++;
       }
       echo "updated $updatedroutes routes<br>";