mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-02-20 13:46:52 +01:00
Fix escaping
This commit is contained in:
Laurent Destailleur
parent
f57b4fd2fd
commit
0e4d3c19dd
|
|
@ -1147,7 +1147,7 @@ if ($step == 4 && $datatoimport)
|
|||
// List of existing import profils
|
||||
$sql = "SELECT rowid, label";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."import_model";
|
||||
$sql .= " WHERE type = '".$datatoimport."'";
|
||||
$sql .= " WHERE type = '".$db->escape($datatoimport)."'";
|
||||
$sql .= " ORDER BY rowid";
|
||||
$resql = $db->query($sql);
|
||||
if ($resql)
|
||||
|
|
|
|||
|
|
@ -374,7 +374,7 @@ foreach ($myTmpObjects as $myTmpObjectKey => $myTmpObjectArray) {
|
|||
$def = array();
|
||||
$sql = "SELECT nom";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
|
||||
$sql .= " WHERE type = '".$type."'";
|
||||
$sql .= " WHERE type = '".$db->escape($type)."'";
|
||||
$sql .= " AND entity = ".$conf->entity;
|
||||
$resql = $db->query($sql);
|
||||
if ($resql)
|
||||
|
|
|
|||
|
|
@ -427,11 +427,11 @@ class MultiCurrency extends CommonObject
|
|||
{
|
||||
global $db, $user;
|
||||
|
||||
$currency = new MultiCurrency($db);
|
||||
$currency = new MultiCurrency($this->db);
|
||||
$currency->code = $code;
|
||||
$currency->name = $code;
|
||||
|
||||
$sql = 'SELECT label FROM '.MAIN_DB_PREFIX.'c_currencies WHERE code_iso = \''.$db->escape($code).'\'';
|
||||
$sql = 'SELECT label FROM '.MAIN_DB_PREFIX."c_currencies WHERE code_iso = '".$this->db->escape($code)."'";
|
||||
|
||||
dol_syslog(__METHOD__, LOG_DEBUG);
|
||||
$resql = $db->query($sql);
|
||||
|
|
@ -486,15 +486,15 @@ class MultiCurrency extends CommonObject
|
|||
* Get id of currency from code
|
||||
*
|
||||
* @param DoliDB $db object db
|
||||
* @param string $code code value search
|
||||
* @param string $code code value search
|
||||
*
|
||||
* @return int 0 if not found, >0 if OK
|
||||
*/
|
||||
public static function getIdFromCode(&$db, $code)
|
||||
public static function getIdFromCode($db, $code)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'multicurrency WHERE code = \''.$db->escape($code).'\' AND entity = '.$conf->entity;
|
||||
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX."multicurrency WHERE code = '".$db->escape($code)."' AND entity = ".$conf->entity;
|
||||
|
||||
dol_syslog(__METHOD__, LOG_DEBUG);
|
||||
$resql = $db->query($sql);
|
||||
|
|
@ -512,7 +512,7 @@ class MultiCurrency extends CommonObject
|
|||
* @return array [0] => id currency
|
||||
* [1] => rate
|
||||
*/
|
||||
public static function getIdAndTxFromCode(&$db, $code, $date_document = '')
|
||||
public static function getIdAndTxFromCode($db, $code, $date_document = '')
|
||||
{
|
||||
global $conf;
|
||||
|
||||
|
|
|
|||
|
|
@ -378,7 +378,7 @@ print '</table>';
|
|||
$def = array();
|
||||
$sql = "SELECT nom";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
|
||||
$sql .= " WHERE type = '".$type."'";
|
||||
$sql .= " WHERE type = '".$db->escape($type)."'";
|
||||
$sql .= " AND entity = ".$conf->entity;
|
||||
$resql = $db->query($sql);
|
||||
if ($resql)
|
||||
|
|
|
|||
|
|
@ -184,7 +184,7 @@ if ($action == 'convert')
|
|||
$sql .= " AND tva_tx = '".$db->escape($oldvatrate)."'";
|
||||
if ($vat_src_code_old) $sql .= " AND default_vat_code = '".$db->escape($vat_src_code_old)."'";
|
||||
else " AND default_vat_code = IS NULL";
|
||||
$sql .= " AND s.fk_pays = '".$country_id."'";
|
||||
$sql .= " AND s.fk_pays = ".((int) $country_id);
|
||||
//print $sql;
|
||||
$resql = $db->query($sql);
|
||||
if ($resql)
|
||||
|
|
|
|||
|
|
@ -234,6 +234,7 @@ if (empty($reshook))
|
|||
$npr = preg_match('/\*/', $tva_tx_txt) ? 1 : 0;
|
||||
$localtax1 = 0; $localtax2 = 0; $localtax1_type = '0'; $localtax2_type = '0';
|
||||
// If value contains the unique code of vat line (new recommanded method), we use it to find npr and local taxes
|
||||
$reg = array();
|
||||
if (preg_match('/\((.*)\)/', $tva_tx_txt, $reg))
|
||||
{
|
||||
// We look into database using code (we can't use get_localtax() because it depends on buyer that is not known). Same in update price.
|
||||
|
|
@ -241,9 +242,9 @@ if (empty($reshook))
|
|||
// Get record from code
|
||||
$sql = "SELECT t.rowid, t.code, t.recuperableonly, t.localtax1, t.localtax2, t.localtax1_type, t.localtax2_type";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c";
|
||||
$sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$mysoc->country_code."'";
|
||||
$sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$db->escape($mysoc->country_code)."'";
|
||||
$sql .= " AND t.taux = ".((float) $tva_tx)." AND t.active = 1";
|
||||
$sql .= " AND t.code ='".$vatratecode."'";
|
||||
$sql .= " AND t.code = '".$db->escape($vatratecode)."'";
|
||||
$resql = $db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -112,10 +112,10 @@ class FormProduct
|
|||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps on ps.fk_entrepot = e.rowid";
|
||||
if (!empty($fk_product))
|
||||
{
|
||||
$sql .= " AND ps.fk_product = '".$fk_product."'";
|
||||
$sql .= " AND ps.fk_product = ".((int) $fk_product);
|
||||
if (!empty($batch))
|
||||
{
|
||||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_batch as pb on pb.fk_product_stock = ps.rowid AND pb.batch = '".$batch."'";
|
||||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_batch as pb on pb.fk_product_stock = ps.rowid AND pb.batch = '".$this->db->escape($batch)."'";
|
||||
}
|
||||
}
|
||||
$sql .= " WHERE e.entity IN (".getEntity('stock').")";
|
||||
|
|
|
|||
|
|
@ -929,7 +929,7 @@ class Product extends CommonObject
|
|||
{
|
||||
if ($detail->batch == $valueforundefinedlot || $detail->batch == 'Undefined') {
|
||||
// We discard this line, we will create it later
|
||||
$sqlclean = "DELETE FROM ".MAIN_DB_PREFIX."product_batch WHERE batch in('Undefined', '".$valueforundefinedlot."') AND fk_product_stock = ".$ObjW->id;
|
||||
$sqlclean = "DELETE FROM ".MAIN_DB_PREFIX."product_batch WHERE batch in('Undefined', '".$this->db->escape($valueforundefinedlot)."') AND fk_product_stock = ".$ObjW->id;
|
||||
$result = $this->db->query($sqlclean);
|
||||
if (!$result) {
|
||||
dol_print_error($this->db);
|
||||
|
|
@ -1612,7 +1612,7 @@ class Product extends CommonObject
|
|||
// If price per customer
|
||||
require_once DOL_DOCUMENT_ROOT.'/product/class/productcustomerprice.class.php';
|
||||
|
||||
$prodcustprice = new Productcustomerprice($db);
|
||||
$prodcustprice = new Productcustomerprice($this->db);
|
||||
|
||||
$filter = array('t.fk_product' => $this->id, 't.fk_soc' => $thirdparty_buyer->id);
|
||||
|
||||
|
|
@ -1749,7 +1749,7 @@ class Product extends CommonObject
|
|||
if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) $sql .= ", pfp.packaging";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
|
||||
$sql .= " WHERE pfp.fk_product = ".$product_id;
|
||||
if ($fourn_ref != 'none') { $sql .= " AND pfp.ref_fourn = '".$fourn_ref."'";
|
||||
if ($fourn_ref != 'none') { $sql .= " AND pfp.ref_fourn = '".$this->db->escape($fourn_ref)."'";
|
||||
}
|
||||
if ($fk_soc > 0) { $sql .= " AND pfp.fk_soc = ".$fk_soc;
|
||||
}
|
||||
|
|
@ -1922,18 +1922,18 @@ class Product extends CommonObject
|
|||
// Ne pas mettre de quote sur les numeriques decimaux.
|
||||
// Ceci provoque des stockages avec arrondis en base au lieu des valeurs exactes.
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."product SET";
|
||||
$sql .= " price_base_type='".$newpricebase."',";
|
||||
$sql .= " price_base_type='".$this->db->escape($newpricebase)."',";
|
||||
$sql .= " price=".$price.",";
|
||||
$sql .= " price_ttc=".$price_ttc.",";
|
||||
$sql .= " price_min=".$price_min.",";
|
||||
$sql .= " price_min_ttc=".$price_min_ttc.",";
|
||||
$sql .= " localtax1_tx=".($localtax1 >= 0 ? $localtax1 : 'NULL').",";
|
||||
$sql .= " localtax2_tx=".($localtax2 >= 0 ? $localtax2 : 'NULL').",";
|
||||
$sql .= " localtax1_type=".($localtaxtype1 != '' ? "'".$localtaxtype1."'" : "'0'").",";
|
||||
$sql .= " localtax2_type=".($localtaxtype2 != '' ? "'".$localtaxtype2."'" : "'0'").",";
|
||||
$sql .= " localtax1_type=".($localtaxtype1 != '' ? "'".$this->db->escape($localtaxtype1)."'" : "'0'").",";
|
||||
$sql .= " localtax2_type=".($localtaxtype2 != '' ? "'".$this->db->escape($localtaxtype2)."'" : "'0'").",";
|
||||
$sql .= " default_vat_code=".($newdefaultvatcode ? "'".$this->db->escape($newdefaultvatcode)."'" : "null").",";
|
||||
$sql .= " tva_tx='".price2num($newvat)."',";
|
||||
$sql .= " recuperableonly='".$newnpr."'";
|
||||
$sql .= " recuperableonly='".$this->db->escape($newnpr)."'";
|
||||
$sql .= " WHERE rowid = ".$id;
|
||||
|
||||
dol_syslog(get_class($this)."::update_price", LOG_DEBUG);
|
||||
|
|
@ -2942,7 +2942,7 @@ class Product extends CommonObject
|
|||
global $db, $conf, $user, $hookmanager;
|
||||
|
||||
$sql = "SELECT COUNT(DISTINCT f.fk_soc) as nb_customers, COUNT(DISTINCT f.rowid) as nb,";
|
||||
$sql .= " COUNT(fd.rowid) as nb_rows, SUM(".$db->ifsql('f.type != 2', 'fd.qty', 'fd.qty * -1').") as qty";
|
||||
$sql .= " COUNT(fd.rowid) as nb_rows, SUM(".$this->db->ifsql('f.type != 2', 'fd.qty', 'fd.qty * -1').") as qty";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd";
|
||||
$sql .= ", ".MAIN_DB_PREFIX."facture as f";
|
||||
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
|
||||
|
|
@ -3672,8 +3672,8 @@ class Product extends CommonObject
|
|||
// phpcs:enable
|
||||
$sql = "SELECT fk_product_pere, qty, incdec";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."product_association";
|
||||
$sql .= " WHERE fk_product_pere = '".$fk_parent."'";
|
||||
$sql .= " AND fk_product_fils = '".$fk_child."'";
|
||||
$sql .= " WHERE fk_product_pere = ".((int) $fk_parent);
|
||||
$sql .= " AND fk_product_fils = ".((int) $fk_child);
|
||||
|
||||
$result = $this->db->query($sql);
|
||||
if ($result) {
|
||||
|
|
@ -5371,17 +5371,17 @@ class Product extends CommonObject
|
|||
global $conf, $db;
|
||||
|
||||
$sql = "SELECT rowid, level, fk_level, var_percent, var_min_percent FROM ".MAIN_DB_PREFIX."product_pricerules";
|
||||
$query = $db->query($sql);
|
||||
$query = $this->db->query($sql);
|
||||
|
||||
$rules = array();
|
||||
|
||||
while ($result = $db->fetch_object($query)) {
|
||||
while ($result = $this->db->fetch_object($query)) {
|
||||
$rules[$result->level] = $result;
|
||||
}
|
||||
|
||||
//Because prices can be based on other level's prices, we temporarily store them
|
||||
$prices = array(
|
||||
1 => $baseprice
|
||||
1 => $baseprice
|
||||
);
|
||||
|
||||
for ($i = 1; $i <= $conf->global->PRODUIT_MULTIPRICES_LIMIT; $i++) {
|
||||
|
|
|
|||
|
|
@ -232,7 +232,7 @@ class Propalmergepdfproduct extends CommonObject
|
|||
$sql .= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t";
|
||||
$sql .= " WHERE t.fk_product = ".$product_id;
|
||||
if ($conf->global->MAIN_MULTILANGS && !empty($lang)) {
|
||||
$sql .= " AND t.lang = '".$lang."'";
|
||||
$sql .= " AND t.lang = '".$this->db->escape($lang)."'";
|
||||
}
|
||||
|
||||
dol_syslog(__METHOD__, LOG_DEBUG);
|
||||
|
|
@ -398,7 +398,7 @@ class Propalmergepdfproduct extends CommonObject
|
|||
$sql .= " WHERE fk_product=".$product_id;
|
||||
|
||||
if ($conf->global->MAIN_MULTILANGS && !empty($lang_id)) {
|
||||
$sql .= " AND lang='".$lang_id."'";
|
||||
$sql .= " AND lang='".$this->db->escape($lang_id)."'";
|
||||
}
|
||||
|
||||
dol_syslog(__METHOD__, LOG_DEBUG);
|
||||
|
|
|
|||
|
|
@ -327,7 +327,7 @@ if ((!empty($conf->product->enabled) || !empty($conf->service->enabled)) && ($us
|
|||
$sql = "SELECT label";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."product_lang";
|
||||
$sql .= " WHERE fk_product=".$objp->rowid;
|
||||
$sql .= " AND lang='".$langs->getDefaultLang()."'";
|
||||
$sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'";
|
||||
|
||||
$resultd = $db->query($sql);
|
||||
if ($resultd)
|
||||
|
|
|
|||
|
|
@ -353,7 +353,7 @@ if (is_array($extrafields->attributes[$object->table_element]['label']) && count
|
|||
if (!empty($searchCategoryProductList) || !empty($catid)) $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX."categorie_product as cp ON p.rowid = cp.fk_product"; // We'll need this table joined to the select in order to filter by categ
|
||||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON p.rowid = pfp.fk_product";
|
||||
// multilang
|
||||
if (!empty($conf->global->MAIN_MULTILANGS)) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lang as pl ON pl.fk_product = p.rowid AND pl.lang = '".$langs->getDefaultLang()."'";
|
||||
if (!empty($conf->global->MAIN_MULTILANGS)) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lang as pl ON pl.fk_product = p.rowid AND pl.lang = '".$db->escape($langs->getDefaultLang())."'";
|
||||
|
||||
if (!empty($conf->variants->enabled) && (!empty($conf->global->PRODUIT_ATTRIBUTES_HIDECHILD) && !$show_childproducts)) {
|
||||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_attribute_combination pac ON pac.fk_product_child = p.rowid";
|
||||
|
|
|
|||
|
|
@ -203,7 +203,7 @@ if ($mode && $mode != '-1') {
|
|||
$sql = "SELECT label";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."product_lang";
|
||||
$sql .= " WHERE fk_product=".$prodid;
|
||||
$sql .= " AND lang='".$langs->getDefaultLang()."'";
|
||||
$sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'";
|
||||
$sql .= " LIMIT 1";
|
||||
|
||||
$resultp = $db->query($sql);
|
||||
|
|
|
|||
|
|
@ -127,9 +127,9 @@ if (empty($reshook))
|
|||
// Get record from code
|
||||
$sql = "SELECT t.rowid, t.code, t.recuperableonly, t.localtax1, t.localtax2, t.localtax1_type, t.localtax2_type";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c";
|
||||
$sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$mysoc->country_code."'";
|
||||
$sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$db->escape($mysoc->country_code)."'";
|
||||
$sql .= " AND t.taux = ".((float) $tva_tx)." AND t.active = 1";
|
||||
$sql .= " AND t.code ='".$vatratecode."'";
|
||||
$sql .= " AND t.code ='".$db->escape($vatratecode)."'";
|
||||
$resql = $db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
|
|
@ -243,9 +243,9 @@ if (empty($reshook))
|
|||
// Get record from code
|
||||
$sql = "SELECT t.rowid, t.code, t.recuperableonly, t.localtax1, t.localtax2, t.localtax1_type, t.localtax2_type";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c";
|
||||
$sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$mysoc->country_code."'";
|
||||
$sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$db->escape($mysoc->country_code)."'";
|
||||
$sql .= " AND t.taux = ".((float) $tva_tx)." AND t.active = 1";
|
||||
$sql .= " AND t.code ='".$vatratecode."'";
|
||||
$sql .= " AND t.code ='".$db->escape($vatratecode)."'";
|
||||
$resql = $db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
|
|
@ -296,9 +296,9 @@ if (empty($reshook))
|
|||
// Get record from code
|
||||
$sql = "SELECT t.rowid, t.code, t.recuperableonly, t.localtax1, t.localtax2, t.localtax1_type, t.localtax2_type";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c";
|
||||
$sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$mysoc->country_code."'";
|
||||
$sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$db->escape($mysoc->country_code)."'";
|
||||
$sql .= " AND t.taux = ".$tva_tx." AND t.active = 1";
|
||||
$sql .= " AND t.code ='".$vatratecode."'";
|
||||
$sql .= " AND t.code ='".$db->escape($vatratecode)."'";
|
||||
$resql = $db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
|
|
@ -436,7 +436,7 @@ if (empty($reshook))
|
|||
// Ajout / mise à jour
|
||||
if ($rowid > 0) {
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."product_price_by_qty SET";
|
||||
$sql .= " price='".$price."',";
|
||||
$sql .= " price='".$db->escape($price)."',";
|
||||
$sql .= " unitprice=".$unitPrice.",";
|
||||
$sql .= " quantity=".$quantity.",";
|
||||
$sql .= " remise_percent=".$remise_percent.",";
|
||||
|
|
@ -525,9 +525,9 @@ if (empty($reshook))
|
|||
// Get record from code
|
||||
$sql = "SELECT t.rowid, t.code, t.recuperableonly, t.localtax1, t.localtax2, t.localtax1_type, t.localtax2_type";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c";
|
||||
$sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$mysoc->country_code."'";
|
||||
$sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$db->escape($mysoc->country_code)."'";
|
||||
$sql .= " AND t.taux = ".$tva_tx." AND t.active = 1";
|
||||
$sql .= " AND t.code ='".$vatratecode."'";
|
||||
$sql .= " AND t.code ='".$db->escape($vatratecode)."'";
|
||||
$resql = $db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
|
|
@ -625,9 +625,9 @@ if (empty($reshook))
|
|||
// Get record from code
|
||||
$sql = "SELECT t.rowid, t.code, t.recuperableonly, t.localtax1, t.localtax2, t.localtax1_type, t.localtax2_type";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c";
|
||||
$sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$mysoc->country_code."'";
|
||||
$sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$db->escape($mysoc->country_code)."'";
|
||||
$sql .= " AND t.taux = ".$tva_tx." AND t.active = 1";
|
||||
$sql .= " AND t.code ='".$vatratecode."'";
|
||||
$sql .= " AND t.code ='".$db->escape($vatratecode)."'";
|
||||
$resql = $db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -335,7 +335,7 @@ if ($resql)
|
|||
$sql = "SELECT label";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."product_lang";
|
||||
$sql .= " WHERE fk_product=".$objp->rowid;
|
||||
$sql .= " AND lang='".$langs->getDefaultLang()."'";
|
||||
$sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'";
|
||||
$sql .= " LIMIT 1";
|
||||
|
||||
$result = $db->query($sql);
|
||||
|
|
|
|||
|
|
@ -432,7 +432,7 @@ if ($action == 'create')
|
|||
if (!empty($user->rights->stock->mouvement->lire)) {
|
||||
$sql = "SELECT max(m.datem) as datem";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."stock_mouvement as m";
|
||||
$sql .= " WHERE m.fk_entrepot = '".$object->id."'";
|
||||
$sql .= " WHERE m.fk_entrepot = ".((int) $object->id);
|
||||
$resqlbis = $db->query($sql);
|
||||
if ($resqlbis) {
|
||||
$obj = $db->fetch_object($resqlbis);
|
||||
|
|
@ -555,7 +555,7 @@ if ($action == 'create')
|
|||
$sql = "SELECT label";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."product_lang";
|
||||
$sql .= " WHERE fk_product=".$objp->rowid;
|
||||
$sql .= " AND lang='".$langs->getDefaultLang()."'";
|
||||
$sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'";
|
||||
$sql .= " LIMIT 1";
|
||||
|
||||
$result = $db->query($sql);
|
||||
|
|
|
|||
|
|
@ -418,7 +418,7 @@ class MouvementStock extends CommonObject
|
|||
$sql .= " fk_entrepot, value, type_mouvement, fk_user_author, label, inventorycode, price, fk_origin, origintype, fk_projet";
|
||||
$sql .= ")";
|
||||
$sql .= " VALUES ('".$this->db->idate($now)."', ".$this->product_id.", ";
|
||||
$sql .= " ".($batch ? "'".$batch."'" : "null").", ";
|
||||
$sql .= " ".($batch ? "'".$this->db->escape($batch)."'" : "null").", ";
|
||||
$sql .= " ".($eatby ? "'".$this->db->idate($eatby)."'" : "null").", ";
|
||||
$sql .= " ".($sellby ? "'".$this->db->idate($sellby)."'" : "null").", ";
|
||||
$sql .= " ".$this->entrepot_id.", ".$this->qty.", ".((int) $this->type).",";
|
||||
|
|
|
|||
|
|
@ -457,7 +457,7 @@ $sql .= " AND e.entity IN (".getEntity('stock').")";
|
|||
if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) $sql .= " AND p.fk_product_type = 0";
|
||||
if ($id > 0) $sql .= " AND e.rowid ='".$id."'";
|
||||
$sql .= dolSqlDateFilter('m.datem', 0, $month, $year);
|
||||
if ($idproduct > 0) $sql .= " AND p.rowid = '".$idproduct."'";
|
||||
if ($idproduct > 0) $sql .= " AND p.rowid = ".((int) $idproduct);
|
||||
if (!empty($search_ref)) $sql .= natural_search('m.rowid', $search_ref, 1);
|
||||
if (!empty($search_movement)) $sql .= natural_search('m.label', $search_movement);
|
||||
if (!empty($search_inventorycode)) $sql .= natural_search('m.inventorycode', $search_inventorycode);
|
||||
|
|
|
|||
|
|
@ -483,7 +483,7 @@ $sql .= " AND e.entity IN (".getEntity('stock').")";
|
|||
if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) $sql .= " AND p.fk_product_type = 0";
|
||||
if ($id > 0) $sql .= " AND e.rowid ='".$id."'";
|
||||
$sql .= dolSqlDateFilter('m.datem', 0, $month, $year);
|
||||
if ($idproduct > 0) $sql .= " AND p.rowid = '".$idproduct."'";
|
||||
if ($idproduct > 0) $sql .= " AND p.rowid = ".((int) $idproduct);
|
||||
if (!empty($search_ref)) $sql .= natural_search('m.rowid', $search_ref, 1);
|
||||
if (!empty($search_movement)) $sql .= natural_search('m.label', $search_movement);
|
||||
if (!empty($search_inventorycode)) $sql .= natural_search('m.inventorycode', $search_inventorycode);
|
||||
|
|
@ -624,7 +624,7 @@ if ($resql)
|
|||
// Last movement
|
||||
$sql = "SELECT MAX(m.datem) as datem";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."stock_mouvement as m";
|
||||
$sql .= " WHERE m.fk_entrepot = '".$object->id."'";
|
||||
$sql .= " WHERE m.fk_entrepot = ".((int) $object->id);
|
||||
$resqlbis = $db->query($sql);
|
||||
if ($resqlbis)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -710,7 +710,7 @@ if ($id > 0 || $ref)
|
|||
{
|
||||
$sql = "SELECT max(m.datem) as datem";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."stock_mouvement as m";
|
||||
$sql .= " WHERE m.fk_product = '".$object->id."'";
|
||||
$sql .= " WHERE m.fk_product = ".((int) $object->id);
|
||||
$resqlbis = $db->query($sql);
|
||||
if ($resqlbis) {
|
||||
$obj = $db->fetch_object($resqlbis);
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@ if ($date && $dateIsValid) { // Avoid heavy sql if mandatory date is not defined
|
|||
$sql .= " WHERE w.entity IN (".getEntity('stock').")";
|
||||
$sql .= " AND w.rowid = ps.fk_entrepot";
|
||||
if (! empty($conf->global->ENTREPOT_EXTRA_STATUS) && count($warehouseStatus)) {
|
||||
$sql .= " AND w.statut IN (".$this->db->sanitize($this->db->escape(implode(',', $warehouseStatus))).")";
|
||||
$sql .= " AND w.statut IN (".$db->sanitize($db->escape(implode(',', $warehouseStatus))).")";
|
||||
}
|
||||
if ($productid > 0) {
|
||||
$sql .= " AND ps.fk_product = ".$productid;
|
||||
|
|
@ -175,7 +175,7 @@ if ($date && $dateIsValid) {
|
|||
$sql .= " WHERE w.entity IN (".getEntity('stock').")";
|
||||
$sql .= " AND w.rowid = sm.fk_entrepot";
|
||||
if (! empty($conf->global->ENTREPOT_EXTRA_STATUS) && count($warehouseStatus)) {
|
||||
$sql .= " AND w.statut IN (".$this->db->sanitize($this->db->escape(implode(',', $warehouseStatus))).")";
|
||||
$sql .= " AND w.statut IN (".$db->sanitize($db->escape(implode(',', $warehouseStatus))).")";
|
||||
}
|
||||
if ($mode == 'future') {
|
||||
$sql .= " AND sm.datem <= '".$db->idate($dateendofday)."'";
|
||||
|
|
|
|||
|
|
@ -152,7 +152,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
|
|||
$db=$this->savdb;
|
||||
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
|
||||
$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT.'/holiday', 'files', 1, '\.php', null, 'fullname');
|
||||
$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT.'/product', 'files', 1, '\.php', null, 'fullname');
|
||||
//$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname');
|
||||
|
||||
foreach ($filesarray as $key => $file)
|
||||
|
|
@ -186,7 +186,9 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
|
|||
'TraceableDB.php',
|
||||
'expeditionbatch.class.php',
|
||||
'expensereport_ik.class.php',
|
||||
'expensereport_rule.class.php'
|
||||
'expensereport_rule.class.php',
|
||||
'multicurrency.class.php',
|
||||
'productbatch.class.php'
|
||||
))) {
|
||||
// Must must not found $db->
|
||||
$ok=true;
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user