--- a/betweenpoint.submit.php
+++ b/betweenpoint.submit.php
@@ -6,8 +6,8 @@
 }
 print_r($_REQUEST);
 $reverse=$_REQUEST["reverse"];
-$from=$_REQUEST["from"];
-$to=$_REQUEST["to"];
+$from=pg_escape_string($_REQUEST["from"]);
+$to=pg_escape_string($_REQUEST["to"]);
 $routes=$_REQUEST["routes"] ;
 $points=$_REQUEST["between_points"];
    $sql = "INSERT INTO between_stops (fromLocation, toLocation, points, routes) VALUES('$from','$to','$points','$routes')";