Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Clean code

Browse Source
This commit is contained in:
Laurent Destailleur 2021-08-27 23:36:06 +02:00
parent 46d993c9a6
commit 2dd91bf312
66 changed files with 235 additions and 225 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/accountancy/admin/accountmodel.php
View File

@ -553,16 +553,16 @@ if ($id) {
$num = $db->num_rows($resql);
$i = 0;
$param = '&id='.$id;
$param = '&id='.urlencode($id);
if ($search_country_id > 0) {
$param .= '&search_country_id='.$search_country_id;
$param .= '&search_country_id='.urlencode($search_country_id);
}
$paramwithsearch = $param;
if ($sortorder) {
$paramwithsearch .= '&sortorder='.$sortorder;
$paramwithsearch .= '&sortorder='.urlencode($sortorder);
}
if ($sortfield) {
$paramwithsearch .= '&sortfield='.$sortfield;
$paramwithsearch .= '&sortfield='.urlencode($sortfield);
}
// There is several pages

2
htdocs/accountancy/admin/categories_list.php
View File

@ -580,7 +580,7 @@ if ($resql) {
$param = '&id='.$id;
if ($search_country_id > 0) {
$param .= '&search_country_id='.$search_country_id;
$param .= '&search_country_id='.urlencode($search_country_id);
}
$paramwithsearch = $param;
if ($sortorder) {

2
htdocs/accountancy/admin/journals_list.php
View File

@ -512,7 +512,7 @@ if ($id) {
$param = '&id='.$id;
if ($search_country_id > 0) {
$param .= '&search_country_id='.$search_country_id;
$param .= '&search_country_id='.urlencode($search_country_id);
}
$paramwithsearch = $param;
if ($sortorder) {

9
htdocs/accountancy/bookkeeping/balance.php
View File

@ -40,6 +40,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
$langs->loadLangs(array("accountancy", "compta"));
$action = GETPOST('action', 'aZ09');
$contextpage = GETPOST('contextpage', 'aZ09');
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
@ -120,19 +121,19 @@ if ($limit > 0 && $limit != $conf->liste_limit) {
$filter = array();
if (!empty($search_date_start)) {
$filter['t.doc_date>='] = $search_date_start;
$param .= '&date_startmonth='.GETPOST('date_startmonth', 'int').'&date_startday='.GETPOST('date_startday', 'int').'&date_startyear='.GETPOST('date_startyear', 'int');
$param .= '&date_startmonth='.GETPOST('date_startmonth', 'int').'&date_startday='.GETPOST('date_startday', 'int').'&date_startyear='.GETPOST('date_startyear', 'int');
}
if (!empty($search_date_end)) {
$filter['t.doc_date<='] = $search_date_end;
$param .= '&amp;date_endmonth='.GETPOST('date_endmonth', 'int').'&amp;date_endday='.GETPOST('date_endday', 'int').'&amp;date_endyear='.GETPOST('date_endyear', 'int');
$param .= '&date_endmonth='.GETPOST('date_endmonth', 'int').'&date_endday='.GETPOST('date_endday', 'int').'&date_endyear='.GETPOST('date_endyear', 'int');
}
if (!empty($search_accountancy_code_start)) {
$filter['t.numero_compte>='] = $search_accountancy_code_start;
$param .= '&amp;search_accountancy_code_start='.$search_accountancy_code_start;
$param .= '&search_accountancy_code_start='.urlencode($search_accountancy_code_start);
}
if (!empty($search_accountancy_code_end)) {
$filter['t.numero_compte<='] = $search_accountancy_code_end;
$param .= '&amp;search_accountancy_code_end='.$search_accountancy_code_end;
$param .= '&search_accountancy_code_end='.urlencode($search_accountancy_code_end);
}
if (!empty($search_ledger_code)) {
$filter['t.code_journal'] = $search_ledger_code;

2
htdocs/adherents/ldap.php
View File

@ -204,7 +204,7 @@ if ($result > 0) {
$result = show_ldap_content($records, 0, $records['count'], true);
}
} else {
print '<tr class="oddeven"><td colspan="2">'.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')</td></tr>';
print '<tr class="oddeven"><td colspan="2">'.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')</td></tr>';
}
}

2
htdocs/adherents/type_ldap.php
View File

@ -166,7 +166,7 @@ if ($result > 0) {
$result = show_ldap_content($records, 0, $records['count'], true);
}
} else {
print '<tr class="oddeven"><td colspan="2">'.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')</td></tr>';
print '<tr class="oddeven"><td colspan="2">'.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')</td></tr>';
}
$ldap->unbind();

8
htdocs/admin/modules.php
View File

@ -789,16 +789,16 @@ if ($mode == 'common' || $mode == 'commonkanban') {
if (!empty($objMod->config_page_url) && !$disableSetup) {
$backtourlparam = '';
if ($search_keyword != '') {
$backtourlparam .= ($backtourlparam ? '&' : '?').'search_keyword='.$search_keyword; // No urlencode here, done later
$backtourlparam .= ($backtourlparam ? '&' : '?').'search_keyword='.urlencode($search_keyword); // No urlencode here, done later
}
if ($search_nature > -1) {
$backtourlparam .= ($backtourlparam ? '&' : '?').'search_nature='.$search_nature; // No urlencode here, done later
$backtourlparam .= ($backtourlparam ? '&' : '?').'search_nature='.urlencode($search_nature); // No urlencode here, done later
}
if ($search_version > -1) {
$backtourlparam .= ($backtourlparam ? '&' : '?').'search_version='.$search_version; // No urlencode here, done later
$backtourlparam .= ($backtourlparam ? '&' : '?').'search_version='.urlencode($search_version); // No urlencode here, done later
}
if ($search_status > -1) {
$backtourlparam .= ($backtourlparam ? '&' : '?').'search_status='.$search_status; // No urlencode here, done later
$backtourlparam .= ($backtourlparam ? '&' : '?').'search_status='.urlencode($search_status); // No urlencode here, done later
}
$backtourl = $_SERVER["PHP_SELF"].$backtourlparam;

18
htdocs/comm/propal/class/propal.class.php
View File

@ -2284,8 +2284,8 @@ class Propal extends CommonObject
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'propal SET ref_client = '.(empty($ref_client) ? 'NULL' : '\''.$this->db->escape($ref_client).'\'');
$sql .= ' WHERE rowid = '.$this->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET ref_client = ".(empty($ref_client) ? 'NULL' : "'".$this->db->escape($ref_client)."'");
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__.' $this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2627,8 +2627,8 @@ class Propal extends CommonObject
$newprivatenote = dol_concatdesc($this->note_private, $note);
$sql = 'UPDATE '.MAIN_DB_PREFIX.'propal SET fk_statut = '.self::STATUS_BILLED.", ";
$sql .= " note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id;
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_SIGNED;
$sql .= " note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".((int) $user->id);
$sql .= ' WHERE rowid = '.((int) $this->id).' AND fk_statut = '.((int) self::STATUS_SIGNED);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -4087,7 +4087,7 @@ class PropaleLigne extends CommonObjectLine
$sql .= " ".price2num($this->localtax2_tx).",";
$sql .= " '".$this->db->escape($this->localtax1_type)."',";
$sql .= " '".$this->db->escape($this->localtax2_type)."',";
$sql .= " ".(price2num($this->subprice) !== '' ?price2num($this->subprice) : "null").",";
$sql .= " ".(price2num($this->subprice) !== '' ? price2num($this->subprice) : "null").",";
$sql .= " ".price2num($this->remise_percent).",";
$sql .= " ".(isset($this->info_bits) ? "'".$this->db->escape($this->info_bits)."'" : "null").",";
$sql .= " ".price2num($this->total_ht).",";
@ -4097,12 +4097,12 @@ class PropaleLigne extends CommonObjectLine
$sql .= " ".price2num($this->total_ttc).",";
$sql .= " ".(!empty($this->fk_fournprice) ? "'".$this->db->escape($this->fk_fournprice)."'" : "null").",";
$sql .= " ".(isset($this->pa_ht) ? "'".price2num($this->pa_ht)."'" : "null").",";
$sql .= ' '.$this->special_code.',';
$sql .= ' '.$this->rang.',';
$sql .= ' '.(!$this->fk_unit ? 'NULL' : $this->fk_unit).',';
$sql .= ' '.((int) $this->special_code).',';
$sql .= ' '.((int) $this->rang).',';
$sql .= ' '.(empty($this->fk_unit) ? 'NULL' : ((int) $this->fk_unit)).',';
$sql .= " ".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null").',';
$sql .= " ".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null");
$sql .= ", ".($this->fk_multicurrency > 0 ? $this->fk_multicurrency : 'null');
$sql .= ", ".($this->fk_multicurrency > 0 ? ((int) $this->fk_multicurrency) : 'null');
$sql .= ", '".$this->db->escape($this->multicurrency_code)."'";
$sql .= ", ".$this->multicurrency_subprice;
$sql .= ", ".$this->multicurrency_total_ht;

2
htdocs/comm/propal/list.php
View File

@ -581,7 +581,7 @@ if ($search_warehouse != '' && $search_warehouse > 0) {
$sql .= natural_search("p.fk_warehouse", $search_warehouse, 1);
}
if ($search_multicurrency_code != '') {
$sql .= ' AND p.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"';
$sql .= " AND p.multicurrency_code = '".$db->escape($search_multicurrency_code)."'";
}
if ($search_multicurrency_tx != '') {
$sql .= natural_search('p.multicurrency_tx', $search_multicurrency_tx, 1);

32
htdocs/commande/class/commande.class.php
View File

@ -698,7 +698,7 @@ class Commande extends CommonOrder
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
$sql .= ' SET fk_statut='.self::STATUS_VALIDATED.', facture=0';
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::set_reopen", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -757,9 +757,9 @@ class Commande extends CommonOrder
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET fk_statut = '.self::STATUS_CLOSED.',';
$sql .= ' fk_user_cloture = '.$user->id.',';
$sql .= ' fk_user_cloture = '.((int) $user->id).',';
$sql .= " date_cloture = '".$this->db->idate($now)."'";
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT;
if ($this->db->query($sql)) {
if (!$notrigger) {
@ -2026,7 +2026,7 @@ class Commande extends CommonOrder
$sql .= ' p.weight, p.weight_units, p.volume, p.volume_units';
$sql .= ' FROM '.MAIN_DB_PREFIX.'commandedet as l';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON (p.rowid = l.fk_product)';
$sql .= ' WHERE l.fk_commande = '.$this->id;
$sql .= ' WHERE l.fk_commande = '.((int) $this->id);
if ($only_product) {
$sql .= ' AND p.fk_product_type = 0';
}
@ -2180,7 +2180,7 @@ class Commande extends CommonOrder
$sql .= ' '.MAIN_DB_PREFIX.'commandedet as cd';
$sql .= ' WHERE';
$sql .= ' ed.fk_origin_line = cd.rowid';
$sql .= ' AND cd.fk_commande ='.$this->id;
$sql .= ' AND cd.fk_commande = '.((int) $this->id);
//print $sql;
dol_syslog(get_class($this)."::getNbOfShipments", LOG_DEBUG);
@ -2222,12 +2222,12 @@ class Commande extends CommonOrder
$sql .= ' ed.fk_expedition = e.rowid AND';
}
$sql .= ' ed.fk_origin_line = cd.rowid';
$sql .= ' AND cd.fk_commande ='.$this->id;
$sql .= ' AND cd.fk_commande = '.((int) $this->id);
if ($this->fk_product > 0) {
$sql .= ' AND cd.fk_product = '.$this->fk_product;
$sql .= ' AND cd.fk_product = '.((int) $this->fk_product);
}
if ($filtre_statut >= 0) {
$sql .= ' AND e.fk_statut >= '.$filtre_statut;
$sql .= ' AND e.fk_statut >= '.((int) $filtre_statut);
}
$sql .= ' GROUP BY cd.rowid, cd.fk_product';
//print $sql;
@ -2264,7 +2264,7 @@ class Commande extends CommonOrder
$sql = 'SELECT count(*)';
$sql .= ' FROM '.MAIN_DB_PREFIX.'expedition as e';
$sql .= ', '.MAIN_DB_PREFIX.'element_element as el';
$sql .= ' WHERE el.fk_source = '.$this->id;
$sql .= ' WHERE el.fk_source = '.((int) $this->id);
$sql .= " AND el.sourcetype = 'commande'";
$sql .= " AND el.fk_target = e.rowid";
$sql .= " AND el.targettype = 'shipping'";
@ -2421,7 +2421,7 @@ class Commande extends CommonOrder
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
$sql .= ' SET remise_percent = '.((float) $remise);
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT;
$sql .= ' WHERE rowid = '.((int) $this->id).' AND fk_statut = '.((int) self::STATUS_DRAFT);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2485,7 +2485,7 @@ class Commande extends CommonOrder
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
$sql .= ' SET remise_absolue = '.((float) $remise);
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT;
$sql .= ' WHERE rowid = '.((int) $this->id).' AND fk_statut = '.self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2874,7 +2874,7 @@ class Commande extends CommonOrder
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET';
$sql .= ' ref_client = '.(empty($ref_client) ? 'NULL' : "'".$this->db->escape($ref_client)."'");
$sql .= ' WHERE rowid = '.$this->id;
$sql .= ' WHERE rowid = '.((int) $this->id);
dol_syslog(__METHOD__.' this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2930,7 +2930,7 @@ class Commande extends CommonOrder
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET facture = 1';
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT;
dol_syslog(get_class($this)."::classifyBilled", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -2980,7 +2980,7 @@ class Commande extends CommonOrder
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET facture = 0';
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT;
dol_syslog(get_class($this)."::classifyUnBilled", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -4396,8 +4396,8 @@ class OrderLine extends CommonOrderLine
$sql .= " ".($this->price != '' ? "'".price2num($this->price)."'" : "null").",";
$sql .= " '".price2num($this->remise)."',";
$sql .= ' '.(!empty($this->fk_remise_except) ? $this->fk_remise_except : "null").',';
$sql .= ' '.$this->special_code.',';
$sql .= ' '.$this->rang.',';
$sql .= ' '.((int) $this->special_code).',';
$sql .= ' '.((int) $this->rang).',';
$sql .= ' '.(!empty($this->fk_fournprice) ? $this->fk_fournprice : "null").',';
$sql .= ' '.price2num($this->pa_ht).',';
$sql .= " '".$this->db->escape($this->info_bits)."',";

4
htdocs/commande/list.php
View File

@ -505,7 +505,7 @@ if ($search_status <> '') {
if ($search_status == 1 && empty($conf->expedition->enabled)) {
$sql .= ' AND c.fk_statut IN (1,2)'; // If module expedition disabled, we include order with status 'sending in process' into 'validated'
} else {
$sql .= ' AND c.fk_statut = '.$search_status; // brouillon, validee, en cours, annulee
$sql .= ' AND c.fk_statut = '.((int) $search_status); // brouillon, validee, en cours, annulee
}
}
if ($search_status == 4) {
@ -585,7 +585,7 @@ if ($search_warehouse != '' && $search_warehouse > 0) {
$sql .= natural_search('c.fk_warehouse', $search_warehouse, 1);
}
if ($search_multicurrency_code != '') {
$sql .= ' AND c.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"';
$sql .= " AND c.multicurrency_code = '".$db->escape($search_multicurrency_code)."'";
}
if ($search_multicurrency_tx != '') {
$sql .= natural_search('c.multicurrency_tx', $search_multicurrency_tx, 1);

2
htdocs/compta/bank/bankentries_list.php
View File

@ -929,7 +929,7 @@ if ($resql) {
if ($action != 'addline' && $action != 'reconcile') {
if (empty($conf->global->BANK_DISABLE_DIRECT_INPUT)) {
if (empty($conf->global->BANK_USE_OLD_VARIOUS_PAYMENT)) { // Default is to record miscellaneous direct entries using miscellaneous payments
$newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create&accountid='.$search_account.'&backtopage='.urlencode($_SERVER['PHP_SELF'].'?id='.urlencode($search_account)), '', $user->rights->banque->modifier);
$newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/bank/various_payment/card.php?action=create&accountid='.urlencode($search_account).'&backtopage='.urlencode($_SERVER['PHP_SELF'].'?id='.urlencode($search_account)), '', $user->rights->banque->modifier);
} else // If direct entries is not done using miscellaneous payments
{
$newcardbutton = dolGetButtonTitle($langs->trans('AddBankRecord'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?action=addline&page='.$page.$param, '', $user->rights->banque->modifier);

2
htdocs/compta/bank/class/paymentvarious.class.php
View File

@ -573,7 +573,7 @@ class PaymentVarious extends CommonObject
{
// phpcs:enable
$sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.((int) $id_bank);
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
if ($result) {
return 1;

12
htdocs/compta/facture/card.php
View File

@ -708,7 +708,7 @@ if (empty($reshook)) {
// On verifie si la facture a des paiements
$sql = 'SELECT pf.amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf';
$sql .= ' WHERE pf.fk_facture = '.$object->id;
$sql .= ' WHERE pf.fk_facture = '.((int) $object->id);
$result = $db->query($sql);
if ($result) {
@ -873,7 +873,7 @@ if (empty($reshook)) {
$sql = 'SELECT SUM(pf.amount) as total_paiements';
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf, '.MAIN_DB_PREFIX.'paiement as p';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id';
$sql .= ' WHERE pf.fk_facture = '.$object->id;
$sql .= ' WHERE pf.fk_facture = '.((int) $object->id);
$sql .= ' AND pf.fk_paiement = p.rowid';
$sql .= ' AND p.entity IN ('.getEntity('invoice').')';
$resql = $db->query($sql);
@ -2596,10 +2596,10 @@ if (empty($reshook)) {
$errors = 0;
if (count($linkedCreditNotesList) > 0) {
// now, credit note must follow
$sql = 'UPDATE '.MAIN_DB_PREFIX.'facture ';
$sql .= ' SET situation_cycle_ref='.$newCycle;
$sql = 'UPDATE '.MAIN_DB_PREFIX.'facture';
$sql .= ' SET situation_cycle_ref = '.((int) $newCycle);
$sql .= ' , situation_final=0';
$sql .= ' , situation_counter='.$object->situation_counter;
$sql .= ' , situation_counter='.((int) $object->situation_counter);
$sql .= ' WHERE rowid IN ('.$db->sanitize(implode(',', $linkedCreditNotesList)).')';
$resql = $db->query($sql);
@ -4884,7 +4884,7 @@ if ($action == 'create') {
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON p.fk_bank = b.rowid';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid';
$sql .= ' WHERE pf.fk_facture = '.$object->id.' AND pf.fk_paiement = p.rowid';
$sql .= ' WHERE pf.fk_facture = '.((int) $object->id).' AND pf.fk_paiement = p.rowid';
$sql .= ' AND p.entity IN ('.getEntity('invoice').')';
$sql .= ' ORDER BY p.datep, p.tms';

2
htdocs/compta/facture/class/api_invoices.class.php
View File

@ -1138,7 +1138,7 @@ class Invoices extends DolibarrApi
$sql = 'SELECT SUM(pf.amount) as total_payments';
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf, '.MAIN_DB_PREFIX.'paiement as p';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id';
$sql .= ' WHERE pf.fk_facture = '.$this->invoice->id;
$sql .= ' WHERE pf.fk_facture = '.((int) $this->invoice->id);
$sql .= ' AND pf.fk_paiement = p.rowid';
$sql .= ' AND p.entity IN ('.getEntity('invoice').')';
$resql = $this->db->query($sql);

16
htdocs/compta/facture/class/facture-rec.class.php
View File

@ -665,7 +665,7 @@ class FactureRec extends CommonInvoice
$sql .= ' p.ref as product_ref, p.fk_product_type as fk_product_type, p.label as product_label, p.description as product_desc';
$sql .= ' FROM '.MAIN_DB_PREFIX.'facturedet_rec as l';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid';
$sql .= ' WHERE l.fk_facture = '.$this->id;
$sql .= ' WHERE l.fk_facture = '.((int) $this->id);
$sql .= ' ORDER BY l.rang';
dol_syslog('FactureRec::fetch_lines', LOG_DEBUG);
@ -1752,7 +1752,7 @@ class FactureRec extends CommonInvoice
if (!empty($unit)) {
$sql .= ', unit_frequency = \''.$this->db->escape($unit).'\'';
}
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setFrequencyAndUnit", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -1785,7 +1785,7 @@ class FactureRec extends CommonInvoice
if ($increment_nb_gen_done > 0) {
$sql .= ', nb_gen_done = nb_gen_done + 1';
}
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setNextDate", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -1819,7 +1819,7 @@ class FactureRec extends CommonInvoice
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET nb_gen_max = '.((int) $nb);
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -1846,7 +1846,7 @@ class FactureRec extends CommonInvoice
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET auto_validate = '.((int) $validate);
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -1873,7 +1873,7 @@ class FactureRec extends CommonInvoice
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET generate_pdf = '.((int) $validate);
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setGeneratePdf", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -1899,8 +1899,8 @@ class FactureRec extends CommonInvoice
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET modelpdf = "'.$model.'"';
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " SET modelpdf = '".$this->db->escape($model)."'";
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setModelPdf", LOG_DEBUG);
if ($this->db->query($sql)) {

45
htdocs/compta/facture/class/facture.class.php
View File

@ -1769,7 +1769,7 @@ class Facture extends CommonInvoice
$sql .= ' p.ref as product_ref, p.fk_product_type as fk_product_type, p.label as product_label, p.description as product_desc';
$sql .= ' FROM '.MAIN_DB_PREFIX.'facturedet as l';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid';
$sql .= ' WHERE l.fk_facture = '.$this->id;
$sql .= ' WHERE l.fk_facture = '.((int) $this->id);
$sql .= ' ORDER BY l.rang, l.rowid';
dol_syslog(get_class($this).'::fetch_lines', LOG_DEBUG);
@ -1876,8 +1876,8 @@ class Facture extends CommonInvoice
$this->tab_next_situation_invoice = array();
$sql = 'SELECT rowid, type, situation_cycle_ref, situation_counter FROM '.MAIN_DB_PREFIX.'facture';
$sql .= ' WHERE rowid <> '.$this->id;
$sql .= ' AND entity = '.$this->entity;
$sql .= " WHERE rowid <> ".((int) $this->id);
$sql .= ' AND entity = '.((int) $this->entity);
$sql .= ' AND situation_cycle_ref = '.(int) $this->situation_cycle_ref;
$sql .= ' ORDER BY situation_counter ASC';
@ -2152,7 +2152,7 @@ class Facture extends CommonInvoice
} else {
$sql .= ' SET ref_client = \''.$this->db->escape($ref_client).'\'';
}
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__.' this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2408,9 +2408,9 @@ class Facture extends CommonInvoice
if ($close_note) {
$sql .= ", close_note='".$this->db->escape($close_note)."'";
}
$sql .= ', fk_user_closing = '.$user->id;
$sql .= ', fk_user_closing = '.((int) $user->id);
$sql .= ", date_closing = '".$this->db->idate($now)."'";
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@ -2474,7 +2474,7 @@ class Facture extends CommonInvoice
$sql .= ' SET paye=0, fk_statut='.self::STATUS_VALIDATED.', close_code=null, close_note=null,';
$sql .= ' date_closing=null,';
$sql .= ' fk_user_closing=null';
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::set_unpaid", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2545,7 +2545,7 @@ class Facture extends CommonInvoice
if ($close_note) {
$sql .= ", close_note='".$this->db->escape($close_note)."'";
}
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@ -2553,7 +2553,7 @@ class Facture extends CommonInvoice
// as they have not been used since the invoice is abandoned.
$sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except';
$sql .= ' SET fk_facture = NULL';
$sql .= ' WHERE fk_facture = '.$this->id;
$sql .= ' WHERE fk_facture = '.((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@ -2693,7 +2693,7 @@ class Facture extends CommonInvoice
$sql .= ", datef='".$this->db->idate($this->date)."'";
$sql .= ", date_lim_reglement='".$this->db->idate($this->date_lim_reglement)."'";
}
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::validate", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -3755,7 +3755,7 @@ class Facture extends CommonInvoice
$sql = 'UPDATE '.MAIN_DB_PREFIX.'facture';
$sql .= ' SET remise_percent = '.((float) $remise);
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= ' AND fk_statut = '.self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
@ -3817,7 +3817,7 @@ class Facture extends CommonInvoice
$sql = 'UPDATE '.MAIN_DB_PREFIX.'facture';
$sql .= ' SET remise_absolue = '.((float) $remise);
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= ' AND fk_statut = '.self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
@ -4598,7 +4598,7 @@ class Facture extends CommonInvoice
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'facture';
$sql .= ' WHERE situation_cycle_ref = '.((int) $this->situation_cycle_ref);
$sql .= ' AND situation_counter < '.$this->situation_counter;
$sql .= ' AND situation_counter < '.((int) $this->situation_counter);
$sql .= ' AND entity = '.($this->entity > 0 ? $this->entity : $conf->entity);
$resql = $this->db->query($sql);
$res = array();
@ -4631,7 +4631,7 @@ class Facture extends CommonInvoice
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.((int) $this->id);
$sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.((int) $this->situation_final).' WHERE rowid = '.((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -4849,10 +4849,11 @@ class Facture extends CommonInvoice
public function setRetainedWarranty($value)
{
dol_syslog(get_class($this).'::setRetainedWarranty('.$value.')');
if ($this->statut >= 0) {
$fieldname = 'retained_warranty';
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET '.$fieldname.' = '.floatval($value);
$sql .= " SET ".$fieldname." = ".((float) $value);
$sql .= ' WHERE rowid='.((int) $this->id);
if ($this->db->query($sql)) {
@ -5385,9 +5386,9 @@ class FactureLigne extends CommonInvoiceLine
$sql .= ' '.(!empty($this->fk_remise_except) ? $this->fk_remise_except : "null").',';
$sql .= " ".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null").",";
$sql .= " ".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null").",";
$sql .= ' '.$this->fk_code_ventilation.',';
$sql .= ' '.$this->rang.',';
$sql .= ' '.$this->special_code.',';
$sql .= ' '.((int) $this->fk_code_ventilation).',';
$sql .= ' '.((int) $this->rang).',';
$sql .= ' '.((int) $this->special_code).',';
$sql .= ' '.(!empty($this->fk_fournprice) ? $this->fk_fournprice : "null").',';
$sql .= ' '.price2num($this->pa_ht).',';
$sql .= " '".$this->db->escape($this->info_bits)."',";
@ -5396,11 +5397,11 @@ class FactureLigne extends CommonInvoiceLine
$sql .= " ".price2num($this->total_ttc).",";
$sql .= " ".price2num($this->total_localtax1).",";
$sql .= " ".price2num($this->total_localtax2);
$sql .= ", ".$this->situation_percent;
$sql .= ", ".((float) $this->situation_percent);
$sql .= ", ".(!empty($this->fk_prev_id) ? $this->fk_prev_id : "null");
$sql .= ", ".(!$this->fk_unit ? 'NULL' : $this->fk_unit);
$sql .= ", ".$user->id;
$sql .= ", ".$user->id;
$sql .= ", ".((int) $user->id);
$sql .= ", ".((int) $user->id);
$sql .= ", ".(int) $this->fk_multicurrency;
$sql .= ", '".$this->db->escape($this->multicurrency_code)."'";
$sql .= ", ".price2num($this->multicurrency_subprice);
@ -5759,7 +5760,7 @@ class FactureLigne extends CommonInvoiceLine
return 0;
}
$sql = 'SELECT situation_percent FROM '.MAIN_DB_PREFIX.'facturedet WHERE rowid='.$this->fk_prev_id;
$sql = 'SELECT situation_percent FROM '.MAIN_DB_PREFIX.'facturedet WHERE rowid='.((int) $this->fk_prev_id);
$resql = $this->db->query($sql);
if ($resql && $resql->num_rows > 0) {
$res = $this->db->fetch_array($resql);

4
htdocs/compta/facture/list.php
View File

@ -680,7 +680,7 @@ if ($search_montant_ttc != '') {
$sql .= natural_search('f.total_ttc', $search_montant_ttc, 1);
}
if ($search_multicurrency_code != '') {
$sql .= ' AND f.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"';
$sql .= " AND f.multicurrency_code = '".$db->escape($search_multicurrency_code)."'";
}
if ($search_multicurrency_tx != '') {
$sql .= natural_search('f.multicurrency_tx', $search_multicurrency_tx, 1);
@ -803,7 +803,7 @@ if (!$sall) {
// Add HAVING from hooks
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook
$sql .= !empty($hookmanager->resPrint) ? (' HAVING 1=1 ' . $hookmanager->resPrint) : '';
$sql .= !empty($hookmanager->resPrint) ? (" HAVING 1=1 " . $hookmanager->resPrint) : "";
$sql .= ' ORDER BY ';
$listfield = explode(',', $sortfield);

8
htdocs/compta/paiement.php
View File

@ -529,14 +529,14 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
$sql .= ' f.datef as df, f.fk_soc as socid, f.date_lim_reglement as dlr';
$sql .= ' FROM '.MAIN_DB_PREFIX.'facture as f';
$sql .= ' WHERE f.entity IN ('.getEntity('facture').')';
$sql .= ' AND (f.fk_soc = '.$facture->socid;
$sql .= ' AND (f.fk_soc = '.((int) $facture->socid);
// Can pay invoices of all child of parent company
if (!empty($conf->global->FACTURE_PAYMENTS_ON_DIFFERENT_THIRDPARTIES_BILLS) && !empty($facture->thirdparty->parent)) {
$sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.$facture->thirdparty->parent.')';
$sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.((int) $facture->thirdparty->parent).')';
}
// Can pay invoices of all child of myself
if (!empty($conf->global->FACTURE_PAYMENTS_ON_SUBSIDIARY_COMPANIES)) {
$sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.$facture->thirdparty->id.')';
$sql .= ' OR f.fk_soc IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'societe WHERE parent = '.((int) $facture->thirdparty->id).')';
}
$sql .= ') AND f.paye = 0';
$sql .= ' AND f.fk_statut = 1'; // Statut=0 => not validated, Statut=2 => canceled
@ -875,7 +875,7 @@ if (!GETPOST('action', 'aZ09')) {
$sql .= ' AND f.fk_soc = '.((int) $socid);
}
$sql .= ' ORDER BY '.$sortfield.' '.$sortorder;
$sql .= $db->order($sortfield, $sortorder);
$sql .= $db->plimit($limit + 1, $offset);
$resql = $db->query($sql);

4
htdocs/compta/paiement/card.php
View File

@ -126,7 +126,7 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->facture
$sql .= ' WHERE pf.fk_facture = f.rowid';
$sql .= ' AND f.fk_soc = s.rowid';
$sql .= ' AND f.entity IN ('.getEntity('invoice').')';
$sql .= ' AND pf.fk_paiement = '.$object->id;
$sql .= ' AND pf.fk_paiement = '.((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$i = 0;
@ -342,7 +342,7 @@ $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf,'.MAIN_DB_PREFIX.'factur
$sql .= ' WHERE pf.fk_facture = f.rowid';
$sql .= ' AND f.fk_soc = s.rowid';
$sql .= ' AND f.entity IN ('.getEntity('invoice').')';
$sql .= ' AND pf.fk_paiement = '.$object->id;
$sql .= ' AND pf.fk_paiement = '.((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);

4
htdocs/compta/paiement/class/cpaiement.class.php
View File

@ -273,7 +273,7 @@ class Cpaiement
$sql .= ' active = '.(isset($this->active) ? $this->active : "null").',';
$sql .= ' accountancy_code = '.(isset($this->accountancy_code) ? "'".$this->db->escape($this->accountancy_code)."'" : "null").',';
$sql .= ' module = '.(isset($this->module) ? "'".$this->db->escape($this->module)."'" : "null");
$sql .= ' WHERE id='.$this->id;
$sql .= ' WHERE id = '.((int) $this->id);
$this->db->begin();
@ -334,7 +334,7 @@ class Cpaiement
if (!$error) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' WHERE id='.$this->id;
$sql .= ' WHERE id = '.((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {

10
htdocs/compta/paiement/class/paiement.class.php
View File

@ -533,12 +533,12 @@ class Paiement extends CommonObject
// Delete payment (into paiement_facture and paiement)
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiement_facture';
$sql .= ' WHERE fk_paiement = '.$this->id;
$sql .= ' WHERE fk_paiement = '.((int) $this->id);
dol_syslog($sql);
$result = $this->db->query($sql);
if ($result) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiement';
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog($sql);
$result = $this->db->query($sql);
if (!$result) {
@ -756,7 +756,7 @@ class Paiement extends CommonObject
{
// phpcs:enable
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.((int) $id_bank);
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this).'::update_fk_bank', LOG_DEBUG);
$result = $this->db->query($sql);
@ -956,7 +956,7 @@ class Paiement extends CommonObject
{
$sql = 'SELECT pf.fk_facture';
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf, '.MAIN_DB_PREFIX.'facture as f'; // We keep link on invoice to allow use of some filters on invoice
$sql .= ' WHERE pf.fk_facture = f.rowid AND pf.fk_paiement = '.$this->id;
$sql .= ' WHERE pf.fk_facture = f.rowid AND pf.fk_paiement = '.((int) $this->id);
if ($filter) {
$sql .= ' AND '.$filter;
}
@ -989,7 +989,7 @@ class Paiement extends CommonObject
{
$sql = 'SELECT pf.fk_facture, pf.amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf';
$sql .= ' WHERE pf.fk_paiement = '.$this->id;
$sql .= ' WHERE pf.fk_paiement = '.((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$i = 0;

2
htdocs/compta/payment_sc/card.php
View File

@ -170,7 +170,7 @@ $sql = 'SELECT f.rowid as scid, f.libelle as label, f.paye, f.amount as sc_amoun
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiementcharge as pf,'.MAIN_DB_PREFIX.'chargesociales as f, '.MAIN_DB_PREFIX.'c_chargesociales as pc';
$sql .= ' WHERE pf.fk_charge = f.rowid AND f.fk_type = pc.id';
$sql .= ' AND f.entity = '.$conf->entity;
$sql .= ' AND pf.rowid = '.$object->id;
$sql .= ' AND pf.rowid = '.((int) $object->id);
dol_syslog("compta/payment_sc/card.php", LOG_DEBUG);
$resql = $db->query($sql);

2
htdocs/compta/payment_vat/card.php
View File

@ -227,7 +227,7 @@ $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_vat as pf,'.MAIN_DB_PREFIX.'tva as f';
$sql .= ' WHERE pf.fk_tva = f.rowid';
//$sql .= ' AND f.fk_type = pc.id';
$sql .= ' AND f.entity = '.$conf->entity;
$sql .= ' AND pf.rowid = '.$object->id;
$sql .= ' AND pf.rowid = '.((int) $object->id);
dol_syslog("compta/payment_vat/card.php", LOG_DEBUG);
$resql = $db->query($sql);

2
htdocs/compta/sociales/class/cchargesociales.class.php
View File

@ -329,7 +329,7 @@ class Cchargesociales
if (!$error) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' WHERE id='.$this->id;
$sql .= ' WHERE id = '.((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {

2
htdocs/compta/sociales/class/chargesociales.class.php
View File

@ -642,7 +642,7 @@ class ChargeSociales extends CommonObject
$sql = 'SELECT sum(amount) as amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.$table;
$sql .= ' WHERE '.$field.' = '.$this->id;
$sql .= " WHERE ".$field." = ".((int) $this->id);
dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG);
$resql = $this->db->query($sql);

4
htdocs/compta/sociales/list.php
View File

@ -209,10 +209,10 @@ if (!empty($search_users)) {
$sql .= ' AND cs.fk_user IN('.implode(', ', $search_users).')';
}
if (!empty($search_type) && $search_type > 0) {
$sql .= ' AND cs.fk_mode_reglement='.$search_type;
$sql .= ' AND cs.fk_mode_reglement='.((int) $search_type);
}
if (!empty($search_account) && $search_account > 0) {
$sql .= ' AND cs.fk_account='.$search_account;
$sql .= ' AND cs.fk_account='.((int) $search_account);
}
if ($search_amount) {
$sql .= natural_search("cs.amount", $search_amount, 1);

2
htdocs/compta/tva/class/tva.class.php
View File

@ -768,7 +768,7 @@ class Tva extends CommonObject
$sql = 'SELECT sum(amount) as amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.$table;
$sql .= ' WHERE '.$field.' = '.$this->id;
$sql .= ' WHERE '.$field.' = '.((int) $this->id);
dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/contact/ldap.php
View File

@ -178,7 +178,7 @@ if ($result > 0) {
$result = show_ldap_content($records, 0, $records['count'], true);
}
} else {
print '<tr class="oddeven"><td colspan="2">'.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')</td></tr>';
print '<tr class="oddeven"><td colspan="2">'.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')</td></tr>';
}
$ldap->unbind();

2
htdocs/core/ajax/ajaxdirpreview.php
View File

@ -328,7 +328,7 @@ if ($type == 'directory') {
if ($section) {
$param .= '&section='.$section;
if (isset($search_doc_ref) && $search_doc_ref != '') {
$param .= '&search_doc_ref='.$search_doc_ref;
$param .= '&search_doc_ref='.urlencode($search_doc_ref);
}
$textifempty = $langs->trans('NoFileFound');

36
htdocs/core/class/commoninvoice.class.php
View File

@ -132,7 +132,7 @@ abstract class CommonInvoice extends CommonObject
$sql = 'SELECT sum(amount) as amount, sum(multicurrency_amount) as multicurrency_amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.$table;
$sql .= ' WHERE '.$field.' = '.$this->id;
$sql .= ' WHERE '.$field.' = '.((int) $this->id);
dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -227,7 +227,7 @@ abstract class CommonInvoice extends CommonObject
$sql = 'SELECT rowid';
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' WHERE fk_facture_source = '.$this->id;
$sql .= ' WHERE fk_facture_source = '.((int) $this->id);
$sql .= ' AND type = 2';
$resql = $this->db->query($sql);
if ($resql) {
@ -254,7 +254,7 @@ abstract class CommonInvoice extends CommonObject
{
$sql = 'SELECT rowid';
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' WHERE fk_facture_source = '.$this->id;
$sql .= ' WHERE fk_facture_source = '.((int) $this->id);
$sql .= ' AND type < 2';
if ($option == 'validated') {
$sql .= ' AND fk_statut = 1';
@ -308,7 +308,7 @@ abstract class CommonInvoice extends CommonObject
$sql = 'SELECT p.ref, pf.amount, pf.multicurrency_amount, p.fk_paiement, p.datep, p.num_paiement as num, t.code'.$field3;
$sql .= ' FROM '.MAIN_DB_PREFIX.$table.' as pf, '.MAIN_DB_PREFIX.$table2.' as p, '.MAIN_DB_PREFIX.'c_paiement as t';
$sql .= ' WHERE pf.'.$field.' = '.$this->id;
$sql .= ' WHERE pf.'.$field.' = '.((int) $this->id);
//$sql.= ' WHERE pf.'.$field.' = 1';
$sql .= ' AND pf.'.$field2.' = p.rowid';
$sql .= ' AND p.fk_paiement = t.id';
@ -338,12 +338,12 @@ abstract class CommonInvoice extends CommonObject
if ($this->element == 'facture' || $this->element == 'invoice') {
$sql = 'SELECT rc.amount_ttc as amount, rc.multicurrency_amount_ttc as multicurrency_amount, rc.datec as date, f.ref as ref, rc.description as type';
$sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture as f';
$sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.$this->id;
$sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.((int) $this->id);
$sql .= ' AND (f.type = 2 OR f.type = 0 OR f.type = 3)'; // Find discount coming from credit note or excess received or deposits (payments from deposits are always null except if FACTURE_DEPOSITS_ARE_JUST_PAYMENTS is set)
} elseif ($this->element == 'facture_fourn' || $this->element == 'invoice_supplier') {
$sql = 'SELECT rc.amount_ttc as amount, rc.multicurrency_amount_ttc as multicurrency_amount, rc.datec as date, f.ref as ref, rc.description as type';
$sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture_fourn as f';
$sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.$this->id;
$sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.((int) $this->id);
$sql .= ' AND (f.type = 2 OR f.type = 0 OR f.type = 3)'; // Find discount coming from credit note or excess received or deposits (payments from deposits are always null except if FACTURE_DEPOSITS_ARE_JUST_PAYMENTS is set)
}
@ -700,9 +700,9 @@ abstract class CommonInvoice extends CommonObject
$sql = 'SELECT count(*)';
$sql .= ' FROM '.MAIN_DB_PREFIX.'prelevement_facture_demande';
if ($type == 'bank-transfer') {
$sql .= ' WHERE fk_facture_fourn = '.$this->id;
$sql .= ' WHERE fk_facture_fourn = '.((int) $this->id);
} else {
$sql .= ' WHERE fk_facture = '.$this->id;
$sql .= ' WHERE fk_facture = '.((int) $this->id);
}
$sql .= ' AND ext_payment_id IS NULL'; // To exclude record done for some online payments
$sql .= ' AND traite = 0';
@ -735,16 +735,16 @@ abstract class CommonInvoice extends CommonObject
$sql .= 'fk_facture, ';
}
$sql .= ' amount, date_demande, fk_user_demande, code_banque, code_guichet, number, cle_rib, sourcetype, entity)';
$sql .= ' VALUES ('.$this->id;
$sql .= ",'".price2num($amount)."'";
$sql .= ",'".$this->db->idate($now)."'";
$sql .= ",".$fuser->id;
$sql .= ",'".$this->db->escape($bac->code_banque)."'";
$sql .= ",'".$this->db->escape($bac->code_guichet)."'";
$sql .= ",'".$this->db->escape($bac->number)."'";
$sql .= ",'".$this->db->escape($bac->cle_rib)."'";
$sql .= ",'".$this->db->escape($sourcetype)."'";
$sql .= ",".$conf->entity;
$sql .= ' VALUES ('.((int) $this->id);
$sql .= ", ".((float) price2num($amount));
$sql .= ", '".$this->db->idate($now)."'";
$sql .= ", ".((int) $fuser->id);
$sql .= ", '".$this->db->escape($bac->code_banque)."'";
$sql .= ", '".$this->db->escape($bac->code_guichet)."'";
$sql .= ", '".$this->db->escape($bac->number)."'";
$sql .= ", '".$this->db->escape($bac->cle_rib)."'";
$sql .= ", '".$this->db->escape($sourcetype)."'";
$sql .= ", ".((int) $conf->entity);
$sql .= ")";
dol_syslog(get_class($this)."::demande_prelevement", LOG_DEBUG);

38
htdocs/core/class/commonobject.class.php
View File

@ -2228,7 +2228,7 @@ abstract class CommonObject
} else {
$sql .= ' SET fk_projet = NULL';
}
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
}
dol_syslog(get_class($this)."::setProject", LOG_DEBUG);
@ -2884,7 +2884,7 @@ abstract class CommonObject
// Count number of lines to reorder (according to choice $renum)
$nl = 0;
$sql = 'SELECT count(rowid) FROM '.MAIN_DB_PREFIX.$this->table_element_line;
$sql .= ' WHERE '.$this->fk_element.'='.$this->id;
$sql .= ' WHERE '.$this->fk_element.'='.((int) $this->id);
if (!$renum) {
$sql .= ' AND rang = 0';
}
@ -2906,11 +2906,11 @@ abstract class CommonObject
// We first search all lines that are parent lines (for multilevel details lines)
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line;
$sql .= ' WHERE '.$this->fk_element.' = '.$this->id;
$sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id);
if ($fk_parent_line) {
$sql .= ' AND fk_parent_line IS NULL';
}
$sql .= ' ORDER BY rang ASC, rowid '.$rowidorder;
$sql .= " ORDER BY rang ASC, rowid ".$rowidorder;
dol_syslog(get_class($this)."::line_order search all parent lines", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2954,11 +2954,11 @@ abstract class CommonObject
$rows = array();
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line;
$sql .= ' WHERE '.$this->fk_element.' = '.$this->id;
$sql .= ' AND fk_parent_line = '.$id;
$sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql .= ' AND fk_parent_line = '.((int) $id);
$sql .= ' ORDER BY rang ASC';
dol_syslog(get_class($this)."::getChildrenOfLine search children lines for line ".$id."", LOG_DEBUG);
dol_syslog(get_class($this)."::getChildrenOfLine search children lines for line ".$id, LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {
if ($this->db->num_rows($resql) > 0) {
@ -3075,8 +3075,8 @@ abstract class CommonObject
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang);
$sql .= ' WHERE '.$this->fk_element.' = '.$this->id;
$sql .= ' AND rang = '.($rang - 1);
$sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql .= ' AND rang = '.((int) ($rang - 1));
if ($this->db->query($sql)) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang - 1));
$sql .= ' WHERE rowid = '.((int) $rowid);
@ -3106,7 +3106,7 @@ abstract class CommonObject
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang);
$sql .= ' WHERE '.$this->fk_element.' = '.$this->id;
$sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql .= ' AND rang = '.((int) ($rang + 1));
if ($this->db->query($sql)) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang + 1));
@ -3148,7 +3148,7 @@ abstract class CommonObject
public function getIdOfLine($rang)
{
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line;
$sql .= ' WHERE '.$this->fk_element.' = '.$this->id;
$sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql .= ' AND rang = '.((int) $rang);
$resql = $this->db->query($sql);
if ($resql) {
@ -3175,8 +3175,8 @@ abstract class CommonObject
// Search the last rang with fk_parent_line
if ($fk_parent_line) {
$sql = 'SELECT max('.$positionfield.') FROM '.MAIN_DB_PREFIX.$this->table_element_line;
$sql .= ' WHERE '.$this->fk_element.' = '.$this->id;
$sql .= ' AND fk_parent_line = '.$fk_parent_line;
$sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql .= ' AND fk_parent_line = '.((int) $fk_parent_line);
dol_syslog(get_class($this)."::line_max", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -3393,7 +3393,7 @@ abstract class CommonObject
}
$sql .= ', multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc';
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line;
$sql .= ' WHERE '.$this->fk_element.' = '.$this->id;
$sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id);
if ($exclspec) {
$product_field = 'product_type';
if ($this->table_element_line == 'contratdet') {
@ -3561,7 +3561,7 @@ abstract class CommonObject
$sql .= ", multicurrency_total_ht = ".price2num($this->multicurrency_total_ht, 'MT', 1);
$sql .= ", multicurrency_total_tva = ".price2num($this->multicurrency_total_tva, 'MT', 1);
$sql .= ", multicurrency_total_ttc = ".price2num($this->multicurrency_total_ttc, 'MT', 1);
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update_price", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -5318,7 +5318,7 @@ abstract class CommonObject
}
if ($update_main_doc_field && !empty($this->table_element)) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element." SET last_main_doc = '".$this->db->escape($ecmfile->filepath.'/'.$ecmfile->filename)."'";
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
@ -8827,7 +8827,7 @@ abstract class CommonObject
$sql = 'SELECT '.$objectline->getFieldList('l');
$sql .= ' FROM '.MAIN_DB_PREFIX.$objectline->table_element.' as l';
$sql .= ' WHERE l.fk_'.$this->element.' = '.$this->id;
$sql .= ' WHERE l.fk_'.$this->element.' = '.((int) $this->id);
if ($morewhere) {
$sql .= $morewhere;
}
@ -8973,7 +8973,7 @@ abstract class CommonObject
if ($forcechilddeletion) { // Force also delete of childtables that should lock deletion in standard case when option force is off
foreach ($this->childtables as $table) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.$this->id;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();
@ -9022,7 +9022,7 @@ abstract class CommonObject
}
} else {
// Delete record in child table
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.$this->id;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {

2
htdocs/core/class/coreobject.class.php
View File

@ -183,7 +183,7 @@ class CoreObject extends CommonObject
$this->{$className} = array();
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$childTable.' WHERE '.$this->fk_element.' = '.$this->id;
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$childTable.' WHERE '.$this->fk_element.' = '.((int) $this->id);
$res = $this->db->query($sql);
if ($res) {

5
htdocs/core/lib/functions.lib.php
View File

@ -5274,8 +5274,9 @@ function price($amount, $form = 0, $outlangs = '', $trunc = 1, $rounding = -1, $
* Put 2 if you know that number is a user input (so we know we don't have to fix decimal separator).
* @return string Amount with universal numeric format (Example: '99.99999').
* If conversion fails to return a numeric, it returns:
* text unchanged or partial if ($rounding = ''): price2num('W9ç', '', 0) => '9ç', price2num('W9ç', '', 1) => 'W9ç', price2num('W9ç', '', 2) => '9ç'
* '0' if ($rounding is defined): price2num('W9ç', 'MT', 0) => '9', price2num('W9ç', 'MT', 1) => '0', price2num('W9ç', 'MT', 2) => '9'
* - text unchanged or partial if ($rounding = ''): price2num('W9ç', '', 0) => '9ç', price2num('W9ç', '', 1) => 'W9ç', price2num('W9ç', '', 2) => '9ç'
* - '0' if ($rounding is defined): price2num('W9ç', 'MT', 0) => '9', price2num('W9ç', 'MT', 1) => '0', price2num('W9ç', 'MT', 2) => '9'
* Note: The best way to guarantee a numeric value is to add a cast (float) before the price2num().
* If amount is null or '', it returns '' if $rounding = '' or '0' if $rounding is defined.
*
* @see price() Opposite function of price2num

2
htdocs/core/lib/ticket.lib.php
View File

@ -959,7 +959,7 @@ function getTicketActionCommEcmList($object)
$sql = 'SELECT ecm.rowid as id, ecm.src_object_type, ecm.src_object_id, ecm.filepath, ecm.filename';
$sql .= ' FROM '.MAIN_DB_PREFIX.'ecm_files ecm';
$sql .= ' WHERE ecm.filepath = \'agenda/'.$object->id.'\'';
//$sql.= ' ecm.src_object_type = \''.$object->element.'\' AND ecm.src_object_id = '.$object->id; // Actually upload file doesn't add type
//$sql.= ' ecm.src_object_type = \''.$object->element.'\' AND ecm.src_object_id = '.((int) $object->id); // Actually upload file doesn't add type
$sql .= ' ORDER BY ecm.position ASC';
$resql = $db->query($sql);

2
htdocs/don/class/don.class.php
View File

@ -1116,7 +1116,7 @@ class Don extends CommonObject
return -1;
}
$sql = 'SELECT SUM(amount) as sum_amount FROM '.MAIN_DB_PREFIX.'payment_donation WHERE fk_donation = '.$this->id;
$sql = 'SELECT SUM(amount) as sum_amount FROM '.MAIN_DB_PREFIX.'payment_donation WHERE fk_donation = '.((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
dol_print_error($this->db);

4
htdocs/emailcollector/class/emailcollector.class.php
View File

@ -675,7 +675,7 @@ class EmailCollector extends CommonObject
$sql = 'SELECT rowid, type, rulevalue, status';
$sql .= ' FROM '.MAIN_DB_PREFIX.'emailcollector_emailcollectorfilter';
$sql .= ' WHERE fk_emailcollector = '.$this->id;
$sql .= ' WHERE fk_emailcollector = '.((int) $this->id);
//$sql.= ' ORDER BY position';
$resql = $this->db->query($sql);
@ -707,7 +707,7 @@ class EmailCollector extends CommonObject
$sql = 'SELECT rowid, type, actionparam, status';
$sql .= ' FROM '.MAIN_DB_PREFIX.'emailcollector_emailcollectoraction';
$sql .= ' WHERE fk_emailcollector = '.$this->id;
$sql .= ' WHERE fk_emailcollector = '.((int) $this->id);
$sql .= ' ORDER BY position';
$resql = $this->db->query($sql);

6
htdocs/expedition/class/expedition.class.php
View File

@ -2162,7 +2162,7 @@ class Expedition extends CommonObject
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'expedition SET fk_statut='.self::STATUS_CLOSED;
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0';
$sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0';
$resql = $this->db->query($sql);
if ($resql) {
@ -2307,7 +2307,7 @@ class Expedition extends CommonObject
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'expedition SET fk_statut=2, billed=1'; // TODO Update only billed
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0';
$sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0';
$resql = $this->db->query($sql);
if ($resql) {
@ -2356,7 +2356,7 @@ class Expedition extends CommonObject
$oldbilled = $this->billed;
$sql = 'UPDATE '.MAIN_DB_PREFIX.'expedition SET fk_statut=1';
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0';
$sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0';
$resql = $this->db->query($sql);
if ($resql) {

22
htdocs/expensereport/class/expensereport.class.php
View File

@ -1031,7 +1031,7 @@ class ExpenseReport extends CommonObject
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as de';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_type_fees as ctf ON de.fk_c_type_fees = ctf.id';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'projet as p ON de.fk_projet = p.rowid';
$sql .= ' WHERE de.'.$this->fk_element.' = '.$this->id;
$sql .= ' WHERE de.'.$this->fk_element.' = '.((int) $this->id);
if (!empty($conf->global->EXPENSEREPORT_LINES_SORTED_BY_ROWID)) {
$sql .= ' ORDER BY de.rang ASC, de.rowid ASC';
} else {
@ -1340,7 +1340,7 @@ class ExpenseReport extends CommonObject
// Sélection de la date de début de la NDF
$sql = 'SELECT date_debut';
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
@ -1351,7 +1351,7 @@ class ExpenseReport extends CommonObject
if ($this->status != self::STATUS_VALIDATED) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= " SET fk_statut = ".self::STATUS_VALIDATED;
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::set_save_from_refuse", LOG_DEBUG);
@ -1386,7 +1386,7 @@ class ExpenseReport extends CommonObject
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_APPROVED.", fk_user_approve = ".((int) $fuser->id).",";
$sql .= " date_approve='".$this->db->idate($this->date_approve)."'";
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
if ($this->db->query($sql)) {
if (!$notrigger) {
// Call trigger
@ -1438,7 +1438,7 @@ class ExpenseReport extends CommonObject
$sql .= " date_refuse='".$this->db->idate($now)."',";
$sql .= " detail_refuse='".$this->db->escape($details)."',";
$sql .= " fk_user_approve = NULL";
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
if ($this->db->query($sql)) {
$this->fk_statut = 99; // deprecated
$this->status = 99;
@ -1507,7 +1507,7 @@ class ExpenseReport extends CommonObject
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= " SET paid = 0, fk_statut = ".self::STATUS_APPROVED;
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::set_unpaid", LOG_DEBUG);
@ -1561,7 +1561,7 @@ class ExpenseReport extends CommonObject
$sql .= " SET fk_statut = ".self::STATUS_CANCELED.", fk_user_cancel = ".((int) $fuser->id);
$sql .= ", date_cancel='".$this->db->idate($this->date_cancel)."'";
$sql .= " ,detail_cancel='".$this->db->escape($detail)."'";
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::set_cancel", LOG_DEBUG);
@ -2525,7 +2525,7 @@ class ExpenseReport extends CommonObject
$sql = 'SELECT sum(amount) as amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.$table;
$sql .= ' WHERE '.$field.' = '.$this->id;
$sql .= ' WHERE '.$field.' = '.((int) $this->id);
dol_syslog(get_class($this)."::getSumPayments", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2759,15 +2759,15 @@ class ExpenseReportLine
$sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'expensereport e ON (d.fk_expensereport = e.rowid)';
$sql .= ' WHERE e.fk_user_author = '.((int) $fk_user);
if (!empty($this->id)) {
$sql .= ' AND d.rowid <> '.$this->id;
$sql .= ' AND d.rowid <> '.((int) $this->id);
}
$sql .= ' AND d.fk_c_type_fees = '.((int) $rule->fk_c_type_fees);
if ($mode == 'day' || $mode == 'EX_DAY') {
$sql .= " AND d.date = '".dol_print_date($this->date, '%Y-%m-%d')."'";
} elseif ($mode == 'mon' || $mode == 'EX_MON') {
$sql .= ' AND DATE_FORMAT(d.date, \'%Y-%m\') = \''.dol_print_date($this->date, '%Y-%m').'\''; // @todo DATE_FORMAT is forbidden
$sql .= " AND DATE_FORMAT(d.date, '%Y-%m') = '".dol_print_date($this->date, '%Y-%m')."'"; // @todo DATE_FORMAT is forbidden
} elseif ($mode == 'year' || $mode == 'EX_YEA') {
$sql .= ' AND DATE_FORMAT(d.date, \'%Y\') = \''.dol_print_date($this->date, '%Y').'\''; // @todo DATE_FORMAT is forbidden
$sql .= " AND DATE_FORMAT(d.date, '%Y') = '".dol_print_date($this->date, '%Y')."'"; // @todo DATE_FORMAT is forbidden
}
dol_syslog('ExpenseReportLine::getExpAmount');

2
htdocs/fichinter/card.php
View File

@ -1279,7 +1279,7 @@ if ($action == 'create') {
$sql = 'SELECT ft.rowid, ft.description, ft.fk_fichinter, ft.duree, ft.rang,';
$sql .= ' ft.date as date_intervention';
$sql .= ' FROM '.MAIN_DB_PREFIX.'fichinterdet as ft';
$sql .= ' WHERE ft.fk_fichinter = '.$object->id;
$sql .= ' WHERE ft.fk_fichinter = '.((int) $object->id);
if (!empty($conf->global->FICHINTER_HIDE_EMPTY_DURATION)) {
$sql .= ' AND ft.duree <> 0';
}

8
htdocs/fichinter/class/fichinterrec.class.php
View File

@ -356,7 +356,7 @@ class FichinterRec extends Fichinter
$sql .= ' p.label as product_label, p.description as product_desc';
$sql .= ' FROM '.MAIN_DB_PREFIX.'fichinterdet_rec as l';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid';
$sql .= ' WHERE l.fk_fichinter = '.$this->id;
$sql .= ' WHERE l.fk_fichinter = '.((int) $this->id);
dol_syslog('FichInter-rec::fetch_lines', LOG_DEBUG);
$result = $this->db->query($sql);
@ -718,7 +718,7 @@ class FichinterRec extends Fichinter
if (!empty($unit)) {
$sql .= ', unit_frequency = "'.$this->db->escape($unit).'"';
}
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setFrequencyAndUnit", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -751,7 +751,7 @@ class FichinterRec extends Fichinter
if ($increment_nb_gen_done > 0) {
$sql .= ', nb_gen_done = nb_gen_done + 1';
}
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setNextDate", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -844,7 +844,7 @@ class FichinterRec extends Fichinter
$sql .= ' , statut = 1';
}
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG);
if ($this->db->query($sql)) {

6
htdocs/fourn/card.php
View File

@ -519,7 +519,7 @@ if ($object->id > 0) {
$sql .= ' FROM '.MAIN_DB_PREFIX.'product_fournisseur_price as pfp';
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = pfp.fk_product";
$sql .= ' WHERE p.entity IN ('.getEntity('product').')';
$sql .= ' AND pfp.fk_soc = '.$object->id;
$sql .= ' AND pfp.fk_soc = '.((int) $object->id);
$sql .= $db->order('pfp.tms', 'desc');
$sql .= $db->plimit($MAXLIST);
@ -658,7 +658,7 @@ if ($object->id > 0) {
$sql2 .= ', '.MAIN_DB_PREFIX.'commande_fournisseur as c';
$sql2 .= ' WHERE c.fk_soc = s.rowid';
$sql2 .= " AND c.entity IN (".getEntity('commande_fournisseur').")";
$sql2 .= ' AND s.rowid = '.$object->id;
$sql2 .= ' AND s.rowid = '.((int) $object->id);
// Show orders we can bill
if (empty($conf->global->SUPPLIER_ORDER_TO_INVOICE_STATUS)) {
$sql2 .= " AND c.fk_statut IN (".$db->sanitize(CommandeFournisseur::STATUS_RECEIVED_COMPLETELY).")"; // Must match filter in htdocs/fourn/commande/list.php
@ -758,7 +758,7 @@ if ($object->id > 0) {
$sql .= ' SUM(pf.amount) as am';
$sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn as f';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf ON f.rowid=pf.fk_facturefourn';
$sql .= ' WHERE f.fk_soc = '.$object->id;
$sql .= ' WHERE f.fk_soc = '.((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('facture_fourn').")";
$sql .= ' GROUP BY f.rowid,f.libelle,f.ref,f.ref_supplier,f.fk_statut,f.datef,f.total_ht,f.total_tva,f.total_ttc,f.paye';
$sql .= ' ORDER BY f.datef DESC';

8
htdocs/fourn/class/fournisseur.commande.class.php
View File

@ -930,7 +930,7 @@ class CommandeFournisseur extends CommonOrder
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur SET billed = 1';
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT;
if ($this->db->query($sql)) {
if (!$error) {
@ -3399,12 +3399,12 @@ class CommandeFournisseur extends CommonOrder
$sql .= ' cfd.fk_reception = e.rowid AND';
}
$sql .= ' cfd.fk_commandefourndet = cd.rowid';
$sql .= ' AND cd.fk_commande ='.$this->id;
$sql .= ' AND cd.fk_commande ='.((int) $this->id);
if ($this->fk_product > 0) {
$sql .= ' AND cd.fk_product = '.$this->fk_product;
$sql .= ' AND cd.fk_product = '.((int) $this->fk_product);
}
if ($filtre_statut >= 0) {
$sql .= ' AND e.fk_statut >= '.$filtre_statut;
$sql .= ' AND e.fk_statut >= '.((int) $filtre_statut);
}
$sql .= ' GROUP BY cd.rowid, cd.fk_product';

8
htdocs/fourn/class/fournisseur.facture.class.php
View File

@ -818,7 +818,7 @@ class FactureFournisseur extends CommonInvoice
$sql .= ', f.fk_code_ventilation, f.fk_multicurrency, f.multicurrency_code, f.multicurrency_subprice, f.multicurrency_total_ht, f.multicurrency_total_tva, f.multicurrency_total_ttc';
$sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn_det as f';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON f.fk_product = p.rowid';
$sql .= ' WHERE fk_facture_fourn='.$this->id;
$sql .= ' WHERE fk_facture_fourn='.((int) $this->id);
$sql .= ' ORDER BY f.rang, f.rowid';
dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG);
@ -1491,7 +1491,7 @@ class FactureFournisseur extends CommonInvoice
if ($close_note) {
$sql .= ", close_note='".$this->db->escape($close_note)."'";
}
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@ -1499,7 +1499,7 @@ class FactureFournisseur extends CommonInvoice
// as they have not been used since the invoice is abandoned.
$sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except';
$sql .= ' SET fk_invoice_supplier = NULL';
$sql .= ' WHERE fk_invoice_supplier = '.$this->id;
$sql .= ' WHERE fk_invoice_supplier = '.((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@ -3317,7 +3317,7 @@ class SupplierInvoiceLine extends CommonObjectLine
if (!$error) {
// Supprime ligne
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facture_fourn_det ';
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {

10
htdocs/fourn/class/paiementfourn.class.php
View File

@ -398,11 +398,11 @@ class PaiementFourn extends Paiement
// Efface la ligne de paiement (dans paiement_facture et paiement)
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn';
$sql .= ' WHERE fk_paiementfourn = '.$this->id;
$sql .= ' WHERE fk_paiementfourn = '.((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiementfourn';
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
if (!$result) {
$this->error = $this->db->error();
@ -484,16 +484,16 @@ class PaiementFourn extends Paiement
/**
* Return list of supplier invoices the payment point to
*
* @param string $filter SQL filter
* @param string $filter SQL filter. Warning: This value must not come from a user input.
* @return array Array of supplier invoice id
*/
public function getBillsArray($filter = '')
{
$sql = 'SELECT fk_facturefourn';
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf, '.MAIN_DB_PREFIX.'facture_fourn as f';
$sql .= ' WHERE pf.fk_facturefourn = f.rowid AND fk_paiementfourn = '.$this->id;
$sql .= ' WHERE pf.fk_facturefourn = f.rowid AND fk_paiementfourn = '.((int) $this->id);
if ($filter) {
$sql .= ' AND '.$filter;
$sql .= " AND ".$filter;
}
dol_syslog(get_class($this).'::getBillsArray', LOG_DEBUG);

4
htdocs/fourn/commande/card.php
View File

@ -337,14 +337,14 @@ if (empty($reshook)) {
// Currently the "Re-open" also remove the billed flag because there is no button "Set unpaid" yet.
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur';
$sql .= ' SET billed = 0';
$sql .= ' WHERE rowid = '.$object->id;
$sql .= ' WHERE rowid = '.((int) $object->id);
$resql = $db->query($sql);
if ($newstatus == 0) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur';
$sql .= ' SET fk_user_approve = null, fk_user_approve2 = null, date_approve = null, date_approve2 = null';
$sql .= ' WHERE rowid = '.$object->id;
$sql .= ' WHERE rowid = '.((int) $object->id);
$resql = $db->query($sql);
}

4
htdocs/fourn/facture/card.php
View File

@ -578,7 +578,7 @@ if (empty($reshook)) {
$sql = 'SELECT SUM(pf.amount) as total_paiements';
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf, '.MAIN_DB_PREFIX.'paiementfourn as p';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id AND c.entity IN ('.getEntity('c_paiement').')';
$sql .= ' WHERE pf.fk_facturefourn = '.$object->id;
$sql .= ' WHERE pf.fk_facturefourn = '.((int) $object->id);
$sql .= ' AND pf.fk_paiementfourn = p.rowid';
$sql .= ' AND p.entity IN ('.getEntity('invoice').')';
@ -3018,7 +3018,7 @@ if ($action == 'create') {
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf ON pf.fk_paiementfourn = p.rowid';
$sql .= ' WHERE pf.fk_facturefourn = '.$object->id;
$sql .= ' WHERE pf.fk_facturefourn = '.((int) $object->id);
$sql .= ' ORDER BY p.datep, p.tms';
$result = $db->query($sql);

2
htdocs/fourn/facture/list.php
View File

@ -549,7 +549,7 @@ if ($search_montant_ttc != '') {
$sql .= natural_search('f.total_ttc', $search_montant_ttc, 1);
}
if ($search_multicurrency_code != '') {
$sql .= ' AND f.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"';
$sql .= " AND f.multicurrency_code = '".$db->escape($search_multicurrency_code)."'";
}
if ($search_multicurrency_tx != '') {
$sql .= natural_search('f.multicurrency_tx', $search_multicurrency_tx, 1);

2
htdocs/fourn/paiement/card.php
View File

@ -259,7 +259,7 @@ if ($result > 0) {
$sql .= ' pf.amount, s.nom as name, s.rowid as socid';
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf,'.MAIN_DB_PREFIX.'facture_fourn as f,'.MAIN_DB_PREFIX.'societe as s';
$sql .= ' WHERE pf.fk_facturefourn = f.rowid AND f.fk_soc = s.rowid';
$sql .= ' AND pf.fk_paiementfourn = '.$object->id;
$sql .= ' AND pf.fk_paiementfourn = '.((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);

2
htdocs/loan/class/loan.class.php
View File

@ -651,7 +651,7 @@ class Loan extends CommonObject
$sql = 'SELECT sum(amount_capital) as amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.$table;
$sql .= ' WHERE '.$field.' = '.$this->id;
$sql .= ' WHERE '.$field.' = '.((int) $this->id);
dol_syslog(get_class($this)."::getSumPayment", LOG_DEBUG);
$resql = $this->db->query($sql);

7
htdocs/modulebuilder/template/myobject_list.php
View File

@ -345,6 +345,13 @@ $sql .= $hookmanager->resPrint;
$sql = preg_replace('/,\s*$/', '', $sql);
*/
// Add HAVING from hooks
/*
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook
$sql .= !empty($hookmanager->resPrint) ? (" HAVING 1=1 " . $hookmanager->resPrint) : "";
*/
// Count total nb of records
$nbtotalofrecords = '';
if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) {

4
htdocs/mrp/class/mo.class.php
View File

@ -502,7 +502,7 @@ class Mo extends CommonObject
if ($lineid > 0) {
$sql .= ' AND t.fk_mrp_production = '.((int) $lineid);
} else {
$sql .= 'AND t.fk_mo = '.$this->id;
$sql .= 'AND t.fk_mo = '.((int) $this->id);
}
$resql = $this->db->query($sql);
@ -627,7 +627,7 @@ class Mo extends CommonObject
if (!$error) {
// TODO Check that production has not started. If yes, we stop here.
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'mrp_production WHERE fk_mo = '.$this->id;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'mrp_production WHERE fk_mo = '.((int) $this->id);
$this->db->query($sql);
$moline = new MoLine($this->db);

6
htdocs/multicurrency/class/multicurrency.class.php
View File

@ -245,7 +245,7 @@ class MultiCurrency extends CommonObject
{
$sql = 'SELECT cr.rowid';
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as cr';
$sql .= ' WHERE cr.fk_multicurrency = '.$this->id;
$sql .= ' WHERE cr.fk_multicurrency = '.((int) $this->id);
$sql .= ' ORDER BY cr.date_sync DESC';
$this->rates = array();
@ -479,8 +479,8 @@ class MultiCurrency extends CommonObject
{
$sql = 'SELECT cr.rowid';
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as cr';
$sql .= ' WHERE cr.fk_multicurrency = '.$this->id;
$sql .= ' AND cr.date_sync = (SELECT MAX(cr2.date_sync) FROM '.MAIN_DB_PREFIX.$this->table_element_line.' AS cr2 WHERE cr2.fk_multicurrency = '.$this->id.')';
$sql .= ' WHERE cr.fk_multicurrency = '.((int) $this->id);
$sql .= ' AND cr.date_sync = (SELECT MAX(cr2.date_sync) FROM '.MAIN_DB_PREFIX.$this->table_element_line.' AS cr2 WHERE cr2.fk_multicurrency = '.((int) $this->id).')';
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);

4
htdocs/product/inventory/class/inventory.class.php
View File

@ -266,7 +266,7 @@ class Inventory extends CommonObject
if ($this->status == self::STATUS_DRAFT) {
// Delete inventory
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'inventorydet WHERE fk_inventory = '.$this->id;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'inventorydet WHERE fk_inventory = '.((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();
@ -349,7 +349,7 @@ class Inventory extends CommonObject
$this->db->begin();
// Delete inventory
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'inventorydet WHERE fk_inventory = '.$this->id;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'inventorydet WHERE fk_inventory = '.((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();

4
htdocs/product/inventory/inventory.php
View File

@ -116,7 +116,7 @@ if ($action == 'update' && !empty($user->rights->stock->mouvement->creer)) {
$sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,';
$sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated';
$sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id';
$sql .= ' WHERE id.fk_inventory = '.$object->id;
$sql .= ' WHERE id.fk_inventory = '.((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
@ -168,7 +168,7 @@ if ($action =='updateinventorylines' && $permissiontoadd) {
$sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,';
$sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated';
$sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id';
$sql .= ' WHERE id.fk_inventory = '.$object->id;
$sql .= ' WHERE id.fk_inventory = '.((int) $object->id);
$db->begin();

2
htdocs/projet/activity/perday.php
View File

@ -310,7 +310,7 @@ if ($action == 'addtime' && $user->rights->projet->lire && GETPOST('formfilterac
setEventMessages($langs->trans("RecordSaved"), null, 'mesgs');
// Redirect to avoid submit twice on back
header('Location: '.$_SERVER["PHP_SELF"].'?'.($projectid ? 'id='.$projectid : '').($search_usertoprocessid ? '&search_usertoprocessid='.$search_usertoprocessid : '').($mode ? '&mode='.$mode : '').'&year='.$yearofday.'&month='.$monthofday.'&day='.$dayofday);
header('Location: '.$_SERVER["PHP_SELF"].'?'.($projectid ? 'id='.$projectid : '').($search_usertoprocessid ? '&search_usertoprocessid='.urlencode($search_usertoprocessid) : '').($mode ? '&mode='.$mode : '').'&year='.$yearofday.'&month='.$monthofday.'&day='.$dayofday);
exit;
}
} else {

12
htdocs/projet/activity/permonth.php
View File

@ -334,12 +334,12 @@ llxHeader("", $title, "", '', '', '', array('/core/js/timesheet.js'));
//print_barre_liste($title, $page, $_SERVER["PHP_SELF"], "", $sortfield, $sortorder, "", $num, '', 'title_project');
$param = '';
$param .= ($mode ? '&mode='.$mode : '');
$param .= ($search_project_ref ? '&search_project_ref='.$search_project_ref : '');
$param .= ($search_usertoprocessid > 0 ? '&search_usertoprocessid='.$search_usertoprocessid : '');
$param .= ($search_thirdparty ? '&search_thirdparty='.$search_thirdparty : '');
$param .= ($search_task_ref ? '&search_task_ref='.$search_task_ref : '');
$param .= ($search_task_label ? '&search_task_label='.$search_task_label : '');
$param .= ($mode ? '&mode='.urlencode($mode) : '');
$param .= ($search_project_ref ? '&search_project_ref='.urlencode($search_project_ref) : '');
$param .= ($search_usertoprocessid > 0 ? '&search_usertoprocessid='.urlencode($search_usertoprocessid) : '');
$param .= ($search_thirdparty ? '&search_thirdparty='.urlencode($search_thirdparty) : '');
$param .= ($search_task_ref ? '&search_task_ref='.urlencode($search_task_ref) : '');
$param .= ($search_task_label ? '&search_task_label='.urlencode($search_task_label) : '');
// Show navigation bar
$nav = '<a class="inline-block valignmiddle" href="?year='.$prev_year."&month=".$prev_month."&day=".$prev_day.$param.'">'.img_previous($langs->trans("Previous"))."</a>\n";

8
htdocs/reception/class/reception.class.php
View File

@ -1034,7 +1034,7 @@ class Reception extends CommonObject
{
// phpcs:enable
dol_include_once('/fourn/class/fournisseur.commande.dispatch.class.php');
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch WHERE fk_reception='.$this->id;
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch WHERE fk_reception='.((int) $this->id);
$resql = $this->db->query($sql);
if (!empty($resql)) {
@ -1445,7 +1445,7 @@ class Reception extends CommonObject
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'reception SET fk_statut='.self::STATUS_CLOSED;
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0';
$sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0';
$resql = $this->db->query($sql);
if ($resql) {
@ -1590,7 +1590,7 @@ class Reception extends CommonObject
$this->setClosed();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'reception SET billed=1';
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0';
$sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0';
$resql = $this->db->query($sql);
if ($resql) {
@ -1630,7 +1630,7 @@ class Reception extends CommonObject
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'reception SET fk_statut=1, billed=0';
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0';
$sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0';
$resql = $this->db->query($sql);
if ($resql) {

4
htdocs/salaries/class/salary.class.php
View File

@ -468,7 +468,7 @@ class Salary extends CommonObject
{
// phpcs:enable
$sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.((int) $id_bank);
$sql .= ' WHERE rowid = '.$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
if ($result) {
return 1;
@ -570,7 +570,7 @@ class Salary extends CommonObject
$sql = 'SELECT sum(amount) as amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.$table;
$sql .= ' WHERE '.$field.' = '.$this->id;
$sql .= ' WHERE '.$field.' = '.((int) $this->id);
dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/salaries/payment_salary/card.php
View File

@ -180,7 +180,7 @@ $sql = 'SELECT f.rowid as scid, f.label, f.paye, f.amount as sc_amount, ps.amoun
$sql .= ' FROM '.MAIN_DB_PREFIX.'payment_salary as ps,'.MAIN_DB_PREFIX.'salary as f';
$sql .= ' WHERE ps.fk_salary = f.rowid';
$sql .= ' AND f.entity = '.$conf->entity;
$sql .= ' AND ps.rowid = '.$object->id;
$sql .= ' AND ps.rowid = '.((int) $object->id);
dol_syslog("payment_salary/card.php", LOG_DEBUG);
$resql = $db->query($sql);

2
htdocs/stripe/class/actions_stripe.class.php
View File

@ -173,7 +173,7 @@ class ActionsStripeconnect
// On verifie si la facture a des paiements
$sql = 'SELECT pf.amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf';
$sql .= ' WHERE pf.fk_facture = '.$object->id;
$sql .= ' WHERE pf.fk_facture = '.((int) $object->id);
$result = $this->db->query($sql);
if ($result) {

6
htdocs/supplier_proposal/class/supplier_proposal.class.php
View File

@ -2565,7 +2565,7 @@ class SupplierProposal extends CommonObject
$sql .= ' pt.fk_multicurrency, pt.multicurrency_code, pt.multicurrency_subprice, pt.multicurrency_total_ht, pt.multicurrency_total_tva, pt.multicurrency_total_ttc, pt.fk_unit';
$sql .= ' FROM '.MAIN_DB_PREFIX.'supplier_proposaldet as pt';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON pt.fk_product=p.rowid';
$sql .= ' WHERE pt.fk_supplier_proposal = '.$this->id;
$sql .= ' WHERE pt.fk_supplier_proposal = '.((int) $this->id);
$sql .= ' ORDER BY pt.rang ASC, pt.rowid';
dol_syslog(get_class($this).'::getLinesArray', LOG_DEBUG);
@ -3045,8 +3045,8 @@ class SupplierProposalLine extends CommonObjectLine
$sql .= " ".price2num($this->total_ttc).",";
$sql .= " ".(!empty($this->fk_fournprice) ? "'".$this->db->escape($this->fk_fournprice)."'" : "null").",";
$sql .= " ".(isset($this->pa_ht) ? "'".price2num($this->pa_ht)."'" : "null").",";
$sql .= ' '.$this->special_code.',';
$sql .= ' '.$this->rang.',';
$sql .= ' '.((int) $this->special_code).',';
$sql .= ' '.((int) $this->rang).',';
$sql .= " '".$this->db->escape($this->ref_fourn)."'";
$sql .= ", ".($this->fk_multicurrency > 0 ? $this->fk_multicurrency : 'null');
$sql .= ", '".$this->db->escape($this->multicurrency_code)."'";

2
htdocs/user/group/ldap.php
View File

@ -189,7 +189,7 @@ if ($result > 0) {
$result = show_ldap_content($records, 0, $records['count'], true);
}
} else {
print '<tr class="oddeven"><td colspan="2">'.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')</td></tr>';
print '<tr class="oddeven"><td colspan="2">'.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')</td></tr>';
}
$ldap->unbind();
$ldap->close();

2
htdocs/user/ldap.php
View File

@ -194,7 +194,7 @@ if ($result > 0) {
$result = show_ldap_content($records, 0, $records['count'], true);
}
} else {
print '<tr class="oddeven"><td colspan="2">'.$langs->trans("LDAPRecordNotFound").' (dn='.$dn.' - search='.$search.')</td></tr>';
print '<tr class="oddeven"><td colspan="2">'.$langs->trans("LDAPRecordNotFound").' (dn='.dol_escape_htmltag($dn).' - search='.dol_escape_htmltag($search).')</td></tr>';
}
$ldap->unbind();

2
htdocs/website/class/website.class.php
View File

@ -1252,7 +1252,7 @@ class Website extends CommonObject
// Read record of website that has been updated by the run_sql function previously called so we can get the
// value of fk_default_home that is ID of home page
$sql = 'SELECT fk_default_home FROM '.MAIN_DB_PREFIX.'website WHERE rowid = '.$object->id;
$sql = 'SELECT fk_default_home FROM '.MAIN_DB_PREFIX.'website WHERE rowid = '.((int) $object->id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

4
htdocs/website/index.php
View File

@ -2857,7 +2857,7 @@ if (!GETPOST('hide_websitemenu')) {
$pagepreviousid = 0;
$pagenextid = 0;
if ($pageid) {
$sql = 'SELECT MAX(rowid) as pagepreviousid FROM '.MAIN_DB_PREFIX.'website_page WHERE rowid < '.$pageid.' AND fk_website = '.$object->id;
$sql = 'SELECT MAX(rowid) as pagepreviousid FROM '.MAIN_DB_PREFIX.'website_page WHERE rowid < '.$pageid.' AND fk_website = '.((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
@ -2867,7 +2867,7 @@ if (!GETPOST('hide_websitemenu')) {
} else {
dol_print_error($db);
}
$sql = 'SELECT MIN(rowid) as pagenextid FROM '.MAIN_DB_PREFIX.'website_page WHERE rowid > '.$pageid.' AND fk_website = '.$object->id;
$sql = 'SELECT MIN(rowid) as pagenextid FROM '.MAIN_DB_PREFIX.'website_page WHERE rowid > '.$pageid.' AND fk_website = '.((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);