diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index deae39aef54..c61674921f1 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -149,7 +149,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { // Check that all fields are filled $ok = 1; foreach ($listfield as $f => $value) { - if ($value == 'formula' && empty($_POST['formula'])) { + if ($value == 'formula' && !GETPOST('formula')) { continue; } if ($value == 'range_account' && empty($_POST['range_account'])) { diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 1bdc0f438bf..9301c809125 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -863,7 +863,7 @@ class AccountancyCategory // extends CommonObject if (!empty($cat_id)) { $sql = "SELECT t.rowid, t.account_number, t.label as account_label"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t"; - $sql .= " WHERE t.fk_accounting_category = ".$cat_id; + $sql .= " WHERE t.fk_accounting_category = ".((int) $cat_id); $sql .= " AND t.entity = ".$conf->entity; $sql .= " ORDER BY t.account_number"; } else { diff --git a/htdocs/accountancy/class/accountancyexport.class.php b/htdocs/accountancy/class/accountancyexport.class.php index ac8c3db644b..ad3e863cc8c 100644 --- a/htdocs/accountancy/class/accountancyexport.class.php +++ b/htdocs/accountancy/class/accountancyexport.class.php @@ -1644,7 +1644,7 @@ class AccountancyExport // Get new customer invoice ref and company name $sql = 'SELECT f.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture as f'; $sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON f.fk_soc = s.rowid'; - $sql .= ' WHERE f.rowid = ' . $line->fk_doc; + $sql .= ' WHERE f.rowid = '.((int) $line->fk_doc); $resql = $this->db->query($sql); if ($resql) { if ($obj = $this->db->fetch_object($resql)) { @@ -1658,7 +1658,7 @@ class AccountancyExport // Get new supplier invoice ref and company name $sql = 'SELECT ff.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture_fourn as ff'; $sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON ff.fk_soc = s.rowid'; - $sql .= ' WHERE ff.rowid = ' . $line->fk_doc; + $sql .= ' WHERE ff.rowid = '.((int) $line->fk_doc); $resql = $this->db->query($sql); if ($resql) { if ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index 9093721bff6..9878f67890c 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -421,7 +421,7 @@ if ($result) { //$tabtp[$obj->rowid][$account_pay_loan] += $obj->amount; $sqlmid = 'SELECT pl.amount_capital, pl.amount_insurance, pl.amount_interest, l.accountancy_account_capital, l.accountancy_account_insurance, l.accountancy_account_interest'; $sqlmid .= ' FROM '.MAIN_DB_PREFIX.'payment_loan as pl, '.MAIN_DB_PREFIX.'loan as l'; - $sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.$obj->rowid; + $sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.((int) $obj->rowid); dol_syslog("accountancy/journal/bankjournal.php:: sqlmid=".$sqlmid, LOG_DEBUG); $resultmid = $db->query($sqlmid); diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 4bef5ddcd16..715da90f3a7 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -1367,7 +1367,7 @@ class ActionComm extends CommonObject $sql .= ' fk_user_author,'; $sql .= ' fk_user_mod'; $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a'; - $sql .= ' WHERE a.id = '.$id; + $sql .= ' WHERE a.id = '.((int) $id); dol_syslog(get_class($this)."::info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 0388768fc1f..32206a0c251 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -2997,7 +2997,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal'; - $sql .= ' SET fk_availability = '.$availability_id; + $sql .= ' SET fk_availability = '.((int) $availability_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__.' availability('.$availability_id.')', LOG_DEBUG); @@ -3061,7 +3061,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal'; - $sql .= ' SET fk_input_reason = '.$demand_reason_id; + $sql .= ' SET fk_input_reason = '.((int) $demand_reason_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__.' demand_reason('.$demand_reason_id.')', LOG_DEBUG); diff --git a/htdocs/comm/propal/class/propalestats.class.php b/htdocs/comm/propal/class/propalestats.class.php index f64bc31c6ac..a06945a09a6 100644 --- a/htdocs/comm/propal/class/propalestats.class.php +++ b/htdocs/comm/propal/class/propalestats.class.php @@ -100,18 +100,18 @@ class PropaleStats extends Stats $this->where .= " AND p.fk_soc = ".$this->socid; } if ($this->userid > 0) { - $this->where .= ' AND fk_user_author = '.$this->userid; + $this->where .= ' AND fk_user_author = '.((int) $this->userid); } if ($typentid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = p.fk_soc'; - $this->where .= ' AND s.fk_typent = '.$typentid; + $this->where .= ' AND s.fk_typent = '.((int) $typentid); } if ($categid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cs ON cs.fk_soc = p.fk_soc'; $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as c ON c.rowid = cs.fk_categorie'; - $this->where .= ' AND c.rowid = '.$categid; + $this->where .= ' AND c.rowid = '.((int) $categid); } } diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 2f2f0a4d81c..607753d90fa 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -2417,7 +2417,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET remise_percent = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;'; + $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2743,7 +2743,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; - $sql .= ' SET fk_availability = '.$availability_id; + $sql .= ' SET fk_availability = '.((int) $availability_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); @@ -2807,7 +2807,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; - $sql .= ' SET fk_input_reason = '.$demand_reason_id; + $sql .= ' SET fk_input_reason = '.((int) $demand_reason_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); diff --git a/htdocs/commande/class/commandestats.class.php b/htdocs/commande/class/commandestats.class.php index a266dc0c4cf..85036543e18 100644 --- a/htdocs/commande/class/commandestats.class.php +++ b/htdocs/commande/class/commandestats.class.php @@ -100,13 +100,13 @@ class CommandeStats extends Stats if ($typentid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = c.fk_soc'; - $this->where .= ' AND s.fk_typent = '.$typentid; + $this->where .= ' AND s.fk_typent = '.((int) $typentid); } if ($categid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cats ON cats.fk_soc = c.fk_soc'; $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as cat ON cat.rowid = cats.fk_categorie'; - $this->where .= ' AND cat.rowid = '.$categid; + $this->where .= ' AND cat.rowid = '.((int) $categid); } } diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index dccdcd5cd24..86a70a35311 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -572,7 +572,7 @@ class PaymentVarious extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index dc71a1d2d27..010b4a08fde 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -179,7 +179,8 @@ $sqlrequestforbankline = $sql; if ($action == 'confirm_editbankreceipt' && !empty($oldbankreceipt) && !empty($newbankreceipt)) { // TODO Add a test to check newbankreceipt does not exists yet - $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.$id; + $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank'; + $sqlupdate .= ' SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.((int) $id); $result = $db->query($sqlupdate); if ($result < 0) { dol_print_error($db); diff --git a/htdocs/compta/cashcontrol/class/cashcontrol.class.php b/htdocs/compta/cashcontrol/class/cashcontrol.class.php index 1563309a3c4..cfd201e3ec4 100644 --- a/htdocs/compta/cashcontrol/class/cashcontrol.class.php +++ b/htdocs/compta/cashcontrol/class/cashcontrol.class.php @@ -213,7 +213,7 @@ class CashControl extends CommonObject if (!$error) { $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."pos_cash_fence"); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'pos_cash_fence SET ref = rowid where rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'pos_cash_fence SET ref = rowid where rowid = '.((int) $this->id); $this->db->query($sql); } diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index b891ae6eec7..bf30e2b011f 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -3091,7 +3091,7 @@ if ($action == 'create') { $sql = 'SELECT r.rowid, r.titre as title, r.total_ttc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture_rec as r'; - $sql .= ' WHERE r.fk_soc = '.$invoice_predefined->socid; + $sql .= ' WHERE r.fk_soc = '.((int) $invoice_predefined->socid); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php index 674b5917b17..b93f48ff655 100644 --- a/htdocs/compta/facture/class/facture-rec.class.php +++ b/htdocs/compta/facture/class/facture-rec.class.php @@ -1808,7 +1808,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET nb_gen_max = '.$nb; + $sql .= ' SET nb_gen_max = '.((int) $nb); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG); @@ -1835,7 +1835,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET auto_validate = '.$validate; + $sql .= ' SET auto_validate = '.((int) $validate); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); @@ -1862,7 +1862,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET generate_pdf = '.$validate; + $sql .= ' SET generate_pdf = '.((int) $validate); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setGeneratePdf", LOG_DEBUG); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 111ace7c415..7e9300be61c 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -2282,9 +2282,9 @@ class Facture extends CommonInvoice // Invoice line extrafileds $main = MAIN_DB_PREFIX.'facturedet'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_facture = $rowid)"; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid); // Delete invoice line - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facturedet WHERE fk_facture = '.$rowid; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facturedet WHERE fk_facture = '.((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); @@ -3585,8 +3585,7 @@ class Facture extends CommonInvoice { $sql = 'SELECT fd.situation_percent FROM '.MAIN_DB_PREFIX.'facturedet fd INNER JOIN '.MAIN_DB_PREFIX.'facture f ON (fd.fk_facture = f.rowid) - WHERE fd.fk_prev_id = '.$idline.' - AND f.fk_statut <> 0'; + WHERE fd.fk_prev_id = '.((int) $idline).' AND f.fk_statut <> 0'; $result = $this->db->query($sql); if (!$result) { @@ -3663,7 +3662,7 @@ class Facture extends CommonInvoice // Libere remise liee a ligne de facture $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_facture_line = NULL'; - $sql .= ' WHERE fk_facture_line = '.$rowid; + $sql .= ' WHERE fk_facture_line = '.((int) $rowid); dol_syslog(get_class($this)."::deleteline", LOG_DEBUG); $result = $this->db->query($sql); @@ -4610,7 +4609,7 @@ class Facture extends CommonInvoice $this->db->begin(); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/facture/class/facturestats.class.php b/htdocs/compta/facture/class/facturestats.class.php index 47644e4b13e..31c4704bb77 100644 --- a/htdocs/compta/facture/class/facturestats.class.php +++ b/htdocs/compta/facture/class/facturestats.class.php @@ -105,13 +105,13 @@ class FactureStats extends Stats if ($typentid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = f.fk_soc'; - $this->where .= ' AND s.fk_typent = '.$typentid; + $this->where .= ' AND s.fk_typent = '.((int) $typentid); } if ($categid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cs ON cs.fk_soc = f.fk_soc'; $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as c ON c.rowid = cs.fk_categorie'; - $this->where .= ' AND c.rowid = '.$categid; + $this->where .= ' AND c.rowid = '.((int) $categid); } } diff --git a/htdocs/compta/localtax/class/localtax.class.php b/htdocs/compta/localtax/class/localtax.class.php index 46b2b2b7805..2adfe41330b 100644 --- a/htdocs/compta/localtax/class/localtax.class.php +++ b/htdocs/compta/localtax/class/localtax.class.php @@ -559,8 +559,8 @@ class Localtax extends CommonObject public function update_fk_bank($id) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.$id; - $sql .= ' WHERE rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.((int) $id); + $sql .= ' WHERE rowid = '.((int) $this->id); $result = $this->db->query($sql); if ($result) { return 1; diff --git a/htdocs/compta/paiement/class/cpaiement.class.php b/htdocs/compta/paiement/class/cpaiement.class.php index d1cd1f0015b..e9623f55c11 100644 --- a/htdocs/compta/paiement/class/cpaiement.class.php +++ b/htdocs/compta/paiement/class/cpaiement.class.php @@ -187,7 +187,7 @@ class Cpaiement $sql .= ' WHERE t.entity IN ('.getEntity('c_paiement').')'; $sql .= " AND t.code = '".$this->db->escape($ref)."'"; } else { - $sql .= ' WHERE t.id = '.$id; + $sql .= ' WHERE t.id = '.((int) $id); } $resql = $this->db->query($sql); diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 9dcc57a47f2..5647295d171 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -736,7 +736,7 @@ class Paiement extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this).'::update_fk_bank', LOG_DEBUG); @@ -855,7 +855,7 @@ class Paiement extends CommonObject */ public function validate(User $user = null) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 1 WHERE rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 1 WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this).'::valide', LOG_DEBUG); $result = $this->db->query($sql); @@ -876,7 +876,7 @@ class Paiement extends CommonObject */ public function reject(User $user = null) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 2 WHERE rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 2 WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this).'::reject', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/sociales/class/cchargesociales.class.php b/htdocs/compta/sociales/class/cchargesociales.class.php index 4ae06f378b8..8cfadd84f4f 100644 --- a/htdocs/compta/sociales/class/cchargesociales.class.php +++ b/htdocs/compta/sociales/class/cchargesociales.class.php @@ -190,7 +190,7 @@ class Cchargesociales if (null !== $ref) { $sql .= " WHERE t.code = '".$this->db->escape($ref)."'"; } else { - $sql .= ' WHERE t.id = '.$id; + $sql .= ' WHERE t.id = '.((int) $id); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php index 6366cf52756..50d94da8531 100644 --- a/htdocs/core/class/commoninvoice.class.php +++ b/htdocs/core/class/commoninvoice.class.php @@ -801,7 +801,7 @@ abstract class CommonInvoice extends CommonObject { // phpcs:enable $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'prelevement_facture_demande'; - $sql .= ' WHERE rowid = '.$did; + $sql .= ' WHERE rowid = '.((int) $did); $sql .= ' AND traite = 0'; if ($this->db->query($sql)) { return 0; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 48e92d58172..410c896d329 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -2332,7 +2332,7 @@ abstract class CommonObject $fieldname = 'multicurrency_tx'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.$rate; + $sql .= ' SET '.$fieldname.' = '.((float) $rate); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2617,7 +2617,7 @@ abstract class CommonObject $fieldname = 'retained_warranty_fk_cond_reglement'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.$id; + $sql .= ' SET '.$fieldname.' = '.((int) $id); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -3062,11 +3062,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.$rang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; $sql .= ' AND rang = '.($rang - 1); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang - 1); + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang - 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -3093,11 +3093,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.$rang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; - $sql .= ' AND rang = '.($rang + 1); + $sql .= ' AND rang = '.((int) ($rang + 1)); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang + 1); + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang + 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -4221,7 +4221,7 @@ abstract class CommonObject public function getSpecialCode($lineid) { $sql = 'SELECT special_code FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE rowid = '.$lineid; + $sql .= ' WHERE rowid = '.((int) $lineid); $resql = $this->db->query($sql); if ($resql) { $row = $this->db->fetch_row($resql); @@ -7656,7 +7656,7 @@ abstract class CommonObject public static function commonReplaceThirdparty(DoliDB $db, $origin_id, $dest_id, array $tables, $ignoreerrors = 0) { foreach ($tables as $table) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$table.' SET fk_soc = '.$dest_id.' WHERE fk_soc = '.$origin_id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$table.' SET fk_soc = '.((int) $dest_id).' WHERE fk_soc = '.((int) $origin_id); if (!$db->query($sql)) { if ($ignoreerrors) { diff --git a/htdocs/core/class/dolreceiptprinter.class.php b/htdocs/core/class/dolreceiptprinter.class.php index 49eda053b8d..be13eb94849 100644 --- a/htdocs/core/class/dolreceiptprinter.class.php +++ b/htdocs/core/class/dolreceiptprinter.class.php @@ -879,7 +879,7 @@ class dolReceiptPrinter extends Printer $error = 0; $sql = 'SELECT rowid, name, fk_type, fk_profile, parameter'; $sql .= ' FROM '.MAIN_DB_PREFIX.'printer_receipt'; - $sql .= ' WHERE rowid = '.$printerid; + $sql .= ' WHERE rowid = '.((int) $printerid); $sql .= ' AND entity = '.$conf->entity; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/modules/expensereport/mod_expensereport_jade.php b/htdocs/core/modules/expensereport/mod_expensereport_jade.php index bbe2245a97d..b25ac15345b 100644 --- a/htdocs/core/modules/expensereport/mod_expensereport_jade.php +++ b/htdocs/core/modules/expensereport/mod_expensereport_jade.php @@ -163,7 +163,7 @@ class mod_expensereport_jade extends ModeleNumRefExpenseReport } $newref = str_replace(' ', '_', $user_author_infos).$expld_car.$prefix.$newref.$expld_car.dol_print_date($object->date_debut, '%y%m%d'); - $sqlbis = 'UPDATE '.MAIN_DB_PREFIX.'expensereport SET ref_number_int = '.$ref_number_int.' WHERE rowid = '.$object->id; + $sqlbis = 'UPDATE '.MAIN_DB_PREFIX.'expensereport SET ref_number_int = '.((int) $ref_number_int).' WHERE rowid = '.((int) $object->id); $resqlbis = $db->query($sqlbis); if (!$resqlbis) { dol_print_error($resqlbis); diff --git a/htdocs/core/modules/import/import_csv.modules.php b/htdocs/core/modules/import/import_csv.modules.php index 63a28fbe3d2..1768029b97e 100644 --- a/htdocs/core/modules/import/import_csv.modules.php +++ b/htdocs/core/modules/import/import_csv.modules.php @@ -790,7 +790,7 @@ class ImportCsv extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlSelect .= ' WHERE '.$keyfield.' = '.$lastinsertid; + $sqlSelect .= ' WHERE '.$keyfield.' = '.((int) $lastinsertid); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -824,7 +824,7 @@ class ImportCsv extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlend = ' WHERE '.$keyfield.' = '.$lastinsertid; + $sqlend = ' WHERE '.$keyfield.' = '.((int) $lastinsertid); $sql = $sqlstart.$sqlend; diff --git a/htdocs/core/modules/import/import_xlsx.modules.php b/htdocs/core/modules/import/import_xlsx.modules.php index 257e8f5253e..bc146c5ece7 100644 --- a/htdocs/core/modules/import/import_xlsx.modules.php +++ b/htdocs/core/modules/import/import_xlsx.modules.php @@ -830,7 +830,7 @@ class ImportXlsx extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlSelect .= ' WHERE ' . $keyfield . ' = ' . $lastinsertid; + $sqlSelect .= ' WHERE ' . $keyfield . ' = ' .((int) $lastinsertid); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -864,7 +864,7 @@ class ImportXlsx extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlend = ' WHERE ' . $keyfield . ' = ' . $lastinsertid; + $sqlend = ' WHERE ' . $keyfield . ' = '.((int) $lastinsertid); $sql = $sqlstart . $sqlend; diff --git a/htdocs/don/class/donstats.class.php b/htdocs/don/class/donstats.class.php index e3deff2dc2d..07eb6d6588e 100644 --- a/htdocs/don/class/donstats.class.php +++ b/htdocs/don/class/donstats.class.php @@ -85,7 +85,7 @@ class DonationStats extends Stats //$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity; $this->where .= " AND d.entity = ".$conf->entity; if ($this->userid > 0) { - $this->where .= ' WHERE c.fk_user_author = '.$this->userid; + $this->where .= ' WHERE c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php index d91181d0c51..f4914148f44 100644 --- a/htdocs/eventorganization/class/conferenceorbooth.class.php +++ b/htdocs/eventorganization/class/conferenceorbooth.class.php @@ -694,7 +694,7 @@ class ConferenceOrBooth extends ActionComm $sql = 'SELECT rowid, datec as datec, tms as datem,'; $sql .= ' fk_user_author, fk_user_mod'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.id = '.$id; + $sql .= ' WHERE t.id = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/expedition/class/expeditionstats.class.php b/htdocs/expedition/class/expeditionstats.class.php index 50382cef164..d25c7b52098 100644 --- a/htdocs/expedition/class/expeditionstats.class.php +++ b/htdocs/expedition/class/expeditionstats.class.php @@ -77,10 +77,10 @@ class ExpeditionStats extends Stats $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index 681675fd54c..d9b58667574 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -973,7 +973,7 @@ class ExpenseReport extends CommonObject { $sql = 'SELECT tt.total_ht, tt.total_ttc, tt.total_tva'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as tt'; - $sql .= ' WHERE tt.'.$this->fk_element.' = '.$id; + $sql .= ' WHERE tt.'.$this->fk_element.' = '.((int) $id); $total_ht = 0; $total_tva = 0; $total_ttc = 0; @@ -2757,7 +2757,7 @@ class ExpenseReportLine $sql = 'SELECT SUM(d.total_ttc) as total_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'expensereport_det d'; $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'expensereport e ON (d.fk_expensereport = e.rowid)'; - $sql .= ' WHERE e.fk_user_author = '.$fk_user; + $sql .= ' WHERE e.fk_user_author = '.((int) $fk_user); if (!empty($this->id)) { $sql .= ' AND d.rowid <> '.$this->id; } diff --git a/htdocs/expensereport/class/expensereport_rule.class.php b/htdocs/expensereport/class/expensereport_rule.class.php index 4e4d1009750..653f030b6d2 100644 --- a/htdocs/expensereport/class/expensereport_rule.class.php +++ b/htdocs/expensereport/class/expensereport_rule.class.php @@ -167,7 +167,7 @@ class ExpenseReportRule extends CoreObject if ($fk_user > 0) { $sql .= ' AND (er.is_for_all = 1'; $sql .= ' OR er.fk_user = '.$fk_user; - $sql .= ' OR er.fk_usergroup IN (SELECT ugu.fk_usergroup FROM '.MAIN_DB_PREFIX.'usergroup_user ugu WHERE ugu.fk_user = '.$fk_user.') )'; + $sql .= ' OR er.fk_usergroup IN (SELECT ugu.fk_usergroup FROM '.MAIN_DB_PREFIX.'usergroup_user ugu WHERE ugu.fk_user = '.((int) $fk_user).') )'; } $sql .= ' ORDER BY er.is_for_all, er.fk_usergroup, er.fk_user'; diff --git a/htdocs/fichinter/class/fichinterrec.class.php b/htdocs/fichinter/class/fichinterrec.class.php index 8ed842a70c9..960a2734706 100644 --- a/htdocs/fichinter/class/fichinterrec.class.php +++ b/htdocs/fichinter/class/fichinterrec.class.php @@ -784,8 +784,8 @@ class FichinterRec extends Fichinter } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET nb_gen_max = '.$nb; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' SET nb_gen_max = '.((int) $nb); + $sql .= ' WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG); if ($this->db->query($sql)) { @@ -811,8 +811,8 @@ class FichinterRec extends Fichinter } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET auto_validate = '.$validate; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' SET auto_validate = '.((int) $validate); + $sql .= ' WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/fichinter/class/fichinterstats.class.php b/htdocs/fichinter/class/fichinterstats.class.php index a0d22cf1e2a..2daede1457a 100644 --- a/htdocs/fichinter/class/fichinterstats.class.php +++ b/htdocs/fichinter/class/fichinterstats.class.php @@ -78,10 +78,10 @@ class FichinterStats extends Stats $this->where .= ($this->where ? ' AND ' : '')."c.entity IN (".getEntity('fichinter').')'; if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php index 21c36ced633..0f8b8341a3d 100644 --- a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php +++ b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php @@ -674,8 +674,10 @@ class CommandeFournisseurDispatch extends CommonObject $sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; } elseif ($key == 't.datec' || $key == 't.tms' || $key == 't.eatby' || $key == 't.sellby' || $key == 't.batch') { $sqlwhere [] = $key.' = \''.$this->db->escape($value).'\''; + } elseif ($key == 'qty') { + $sqlwhere [] = $key.' = '.((float) $value); } else { - $sqlwhere [] = $key.' = '.$this->db->escape($value); + $sqlwhere [] = $key.' = '.((int) $value); } } } diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 73e8be88c37..ab7e6ea3fc4 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -1181,7 +1181,7 @@ class FactureFournisseur extends CommonInvoice if (!$error) { // If invoice was converted into a discount not yet consumed, we remove discount $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'societe_remise_except'; - $sql .= ' WHERE fk_invoice_supplier_source = '.$rowid; + $sql .= ' WHERE fk_invoice_supplier_source = '.((int) $rowid); $sql .= ' AND fk_invoice_supplier_line IS NULL'; $resql = $this->db->query($sql); @@ -2092,7 +2092,7 @@ class FactureFournisseur extends CommonInvoice // Libere remise liee a ligne de facture $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_invoice_supplier_line = NULL'; - $sql .= ' WHERE fk_invoice_supplier_line = '.$rowid; + $sql .= ' WHERE fk_invoice_supplier_line = '.((int) $rowid); dol_syslog(get_class($this)."::deleteline", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/install/lib/repair.lib.php b/htdocs/install/lib/repair.lib.php index 6133f3eccc8..242fbff25d4 100644 --- a/htdocs/install/lib/repair.lib.php +++ b/htdocs/install/lib/repair.lib.php @@ -106,7 +106,7 @@ function checkLinkedElements($sourcetype, $targettype) foreach ($elements as $key => $element) { if (!checkElementExist($element[$sourcetype], $sourcetable) || !checkElementExist($element[$targettype], $targettable)) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'element_element'; - $sql .= ' WHERE rowid = '.$key; + $sql .= ' WHERE rowid = '.((int) $key); $resql = $db->query($sql); $deleted++; } diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index 9357128d050..1eb980ae173 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -1347,8 +1347,8 @@ if ($ok && GETPOST('repair_link_dispatch_lines_supplier_order_lines')) { $qty_for_line = min($remaining_qty, $obj_line->qty); if ($first_iteration) { $sql_attach = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch'; - $sql_attach .= ' SET fk_commandefourndet = '.$obj_line->rowid.', qty = '.$qty_for_line; - $sql_attach .= ' WHERE rowid = '.$obj_dispatch->rowid; + $sql_attach .= ' SET fk_commandefourndet = '.((int) $obj_line->rowid).', qty = '.((float) $qty_for_line); + $sql_attach .= ' WHERE rowid = '.((int) $obj_dispatch->rowid); $first_iteration = false; } else { $sql_attach_values = array( diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index ec322733c7d..de4ff58d018 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -1342,7 +1342,7 @@ function migrate_paiementfourn_facturefourn($db, $langs, $conf) // Verifier si la ligne est deja dans la nouvelle table. On ne veut pas inserer de doublons. $check_sql = 'SELECT fk_paiementfourn, fk_facturefourn'; $check_sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn'; - $check_sql .= ' WHERE fk_paiementfourn = '.$select_obj->rowid.' AND fk_facturefourn = '.$select_obj->fk_facture_fourn; + $check_sql .= ' WHERE fk_paiementfourn = '.$select_obj->rowid.' AND fk_facturefourn = '.((int) $select_obj->fk_facture_fourn); $check_resql = $db->query($check_sql); if ($check_resql) { $check_num = $db->num_rows($check_resql); diff --git a/htdocs/multicurrency/class/multicurrency.class.php b/htdocs/multicurrency/class/multicurrency.class.php index 7886bd35774..5067a6e91d5 100644 --- a/htdocs/multicurrency/class/multicurrency.class.php +++ b/htdocs/multicurrency/class/multicurrency.class.php @@ -591,7 +591,7 @@ class MultiCurrency extends CommonObject { global $db; - $sql = 'SELECT multicurrency_tx FROM '.MAIN_DB_PREFIX.$table.' WHERE rowid = '.$fk_facture; + $sql = 'SELECT multicurrency_tx FROM '.MAIN_DB_PREFIX.$table.' WHERE rowid = '.((int) $fk_facture); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 4ae3d682c07..ad3b694f137 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -3862,7 +3862,7 @@ class Product extends CommonObject // Check not already father of id_pere (to avoid father -> child -> father links) $sql = 'SELECT fk_product_pere from '.MAIN_DB_PREFIX.'product_association'; - $sql .= ' WHERE fk_product_pere = '.$id_fils.' AND fk_product_fils = '.$id_pere; + $sql .= ' WHERE fk_product_pere = '.((int) $id_fils).' AND fk_product_fils = '.((int) $id_pere); if (!$this->db->query($sql)) { dol_print_error($this->db); return -1; @@ -3875,7 +3875,7 @@ class Product extends CommonObject return -1; } else { $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'product_association(fk_product_pere,fk_product_fils,qty,incdec)'; - $sql .= ' VALUES ('.$id_pere.', '.$id_fils.', '.$qty.', '.$incdec.')'; + $sql .= ' VALUES ('.((int) $id_pere).', '.((int) $id_fils).', '.((float) $qty).', '.((int) $incdec).')'; if (!$this->db->query($sql)) { dol_print_error($this->db); return -1; diff --git a/htdocs/product/class/productfournisseurprice.class.php b/htdocs/product/class/productfournisseurprice.class.php index 71e25b0c4e1..13fa8433d07 100644 --- a/htdocs/product/class/productfournisseurprice.class.php +++ b/htdocs/product/class/productfournisseurprice.class.php @@ -181,10 +181,8 @@ class ProductFournisseurPrice extends CommonObject if (empty($conf->multicompany->enabled) && isset($this->fields['entity'])) $this->fields['entity']['enabled'] = 0; // Unset fields that are disabled - foreach ($this->fields as $key => $val) - { - if (isset($val['enabled']) && empty($val['enabled'])) - { + foreach ($this->fields as $key => $val) { + if (isset($val['enabled']) && empty($val['enabled'])) { unset($this->fields[$key]); } } @@ -241,14 +239,11 @@ class ProductFournisseurPrice extends CommonObject if (property_exists($object, 'date_modification')) { $object->date_modification = null; } // ... // Clear extrafields that are unique - if (is_array($object->array_options) && count($object->array_options) > 0) - { + if (is_array($object->array_options) && count($object->array_options) > 0) { $extrafields->fetch_name_optionals_label($this->table_element); - foreach ($object->array_options as $key => $option) - { + foreach ($object->array_options as $key => $option) { $shortkey = preg_replace('/options_/', '', $key); - if (!empty($extrafields->attributes[$this->table_element]['unique'][$shortkey])) - { + if (!empty($extrafields->attributes[$this->table_element]['unique'][$shortkey])) { //var_dump($key); var_dump($clonedObj->array_options[$key]); exit; unset($object->array_options[$key]); } @@ -264,20 +259,16 @@ class ProductFournisseurPrice extends CommonObject $this->errors = $object->errors; } - if (!$error) - { + if (!$error) { // copy internal contacts - if ($this->copy_linked_contact($object, 'internal') < 0) - { + if ($this->copy_linked_contact($object, 'internal') < 0) { $error++; } } - if (!$error) - { + if (!$error) { // copy external contacts if same company - if (property_exists($this, 'socid') && $this->socid == $object->socid) - { + if (property_exists($this, 'socid') && $this->socid == $object->socid) { if ($this->copy_linked_contact($object, 'external') < 0) $error++; } @@ -362,8 +353,7 @@ class ProductFournisseurPrice extends CommonObject if ($resql) { $num = $this->db->num_rows($resql); $i = 0; - while ($i < ($limit ? min($limit, $num) : $num)) - { + while ($i < ($limit ? min($limit, $num) : $num)) { $obj = $this->db->fetch_object($resql); $record = new self($this->db); @@ -424,8 +414,7 @@ class ProductFournisseurPrice extends CommonObject $error = 0; // Protection - if ($this->status == self::STATUS_VALIDATED) - { + if ($this->status == self::STATUS_VALIDATED) { dol_syslog(get_class($this)."::validate action abandonned: already validated", LOG_WARNING); return 0; } @@ -435,8 +424,7 @@ class ProductFournisseurPrice extends CommonObject $this->db->begin(); // Define new ref - if (!$error && (preg_match('/^[\(]?PROV/i', $this->ref) || empty($this->ref))) // empty should not happened, but when it occurs, the test save life - { + if (!$error && (preg_match('/^[\(]?PROV/i', $this->ref) || empty($this->ref))) { // empty should not happened, but when it occurs, the test save life $num = $this->getNextNumRef(); } else { $num = $this->ref; @@ -454,15 +442,13 @@ class ProductFournisseurPrice extends CommonObject dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); - if (!$resql) - { + if (!$resql) { dol_print_error($this->db); $this->error = $this->db->lasterror(); $error++; } - if (!$error && !$notrigger) - { + if (!$error && !$notrigger) { // Call trigger $result = $this->call_trigger('PRODUCTFOURNISSEURPRICE_VALIDATE', $user); if ($result < 0) $error++; @@ -470,13 +456,11 @@ class ProductFournisseurPrice extends CommonObject } } - if (!$error) - { + if (!$error) { $this->oldref = $this->ref; // Rename directory if dir was a temporary ref - if (preg_match('/^[\(]?PROV/i', $this->ref)) - { + if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'productfournisseurprice/".$this->db->escape($this->newref)."'"; $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'productfournisseurprice/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; @@ -488,17 +472,14 @@ class ProductFournisseurPrice extends CommonObject $newref = dol_sanitizeFileName($num); $dirsource = $conf->buypricehistory->dir_output.'/productfournisseurprice/'.$oldref; $dirdest = $conf->buypricehistory->dir_output.'/productfournisseurprice/'.$newref; - if (!$error && file_exists($dirsource)) - { + if (!$error && file_exists($dirsource)) { dol_syslog(get_class($this)."::validate() rename dir ".$dirsource." into ".$dirdest); - if (@rename($dirsource, $dirdest)) - { + if (@rename($dirsource, $dirdest)) { dol_syslog("Rename ok"); // Rename docs starting with $oldref with $newref $listoffiles = dol_dir_list($conf->buypricehistory->dir_output.'/productfournisseurprice/'.$newref, 'files', 1, '^'.preg_quote($oldref, '/')); - foreach ($listoffiles as $fileentry) - { + foreach ($listoffiles as $fileentry) { $dirsource = $fileentry['name']; $dirdest = preg_replace('/^'.preg_quote($oldref, '/').'/', $newref, $dirsource); $dirsource = $fileentry['path'].'/'.$dirsource; @@ -511,14 +492,12 @@ class ProductFournisseurPrice extends CommonObject } // Set new ref and current status - if (!$error) - { + if (!$error) { $this->ref = $num; $this->status = self::STATUS_VALIDATED; } - if (!$error) - { + if (!$error) { $this->db->commit(); return 1; } else { @@ -538,8 +517,7 @@ class ProductFournisseurPrice extends CommonObject public function setDraft($user, $notrigger = 0) { // Protection - if ($this->status <= self::STATUS_DRAFT) - { + if ($this->status <= self::STATUS_DRAFT) { return 0; } @@ -556,8 +534,7 @@ class ProductFournisseurPrice extends CommonObject public function cancel($user, $notrigger = 0) { // Protection - if ($this->status != self::STATUS_VALIDATED) - { + if ($this->status != self::STATUS_VALIDATED) { return 0; } @@ -574,8 +551,7 @@ class ProductFournisseurPrice extends CommonObject public function reopen($user, $notrigger = 0) { // Protection - if ($this->status != self::STATUS_CANCELED) - { + if ($this->status != self::STATUS_CANCELED) { return 0; } @@ -609,8 +585,7 @@ class ProductFournisseurPrice extends CommonObject $url = dol_buildpath('/buypricehistory/productfournisseurprice_card.php', 1).'?id='.$this->id; - if ($option != 'nolink') - { + if ($option != 'nolink') { // Add param to save lastsearch_values or not $add_save_lastsearch_values = ($save_lastsearch_value == 1 ? 1 : 0); if ($save_lastsearch_value == -1 && preg_match('/list\.php/', $_SERVER["PHP_SELF"])) $add_save_lastsearch_values = 1; @@ -618,10 +593,8 @@ class ProductFournisseurPrice extends CommonObject } $linkclose = ''; - if (empty($notooltip)) - { - if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) - { + if (empty($notooltip)) { + if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { $label = $langs->trans("ShowProductFournisseurPrice"); $linkclose .= ' alt="'.dol_escape_htmltag($label, 1).'"'; } @@ -699,8 +672,7 @@ class ProductFournisseurPrice extends CommonObject public function LibStatut($status, $mode = 0) { // phpcs:enable - if (empty($this->labelStatus) || empty($this->labelStatusShort)) - { + if (empty($this->labelStatus) || empty($this->labelStatusShort)) { global $langs; //$langs->load("buypricehistory@buypricehistory"); $this->labelStatus[self::STATUS_DRAFT] = $langs->trans('Draft'); @@ -729,30 +701,25 @@ class ProductFournisseurPrice extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); - if ($result) - { - if ($this->db->num_rows($result)) - { + if ($result) { + if ($this->db->num_rows($result)) { $obj = $this->db->fetch_object($result); $this->id = $obj->rowid; - if ($obj->fk_user_author) - { + if ($obj->fk_user_author) { $cuser = new User($this->db); $cuser->fetch($obj->fk_user_author); $this->user_creation = $cuser; } - if ($obj->fk_user_valid) - { + if ($obj->fk_user_valid) { $vuser = new User($this->db); $vuser->fetch($obj->fk_user_valid); $this->user_validation = $vuser; } - if ($obj->fk_user_cloture) - { + if ($obj->fk_user_cloture) { $cluser = new User($this->db); $cluser->fetch($obj->fk_user_cloture); $this->user_cloture = $cluser; @@ -794,8 +761,7 @@ class ProductFournisseurPrice extends CommonObject $conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON = 'mod_productfournisseurprice_standard'; } - if (!empty($conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON)) - { + if (!empty($conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON)) { $mybool = false; $file = $conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON.".php"; @@ -803,16 +769,14 @@ class ProductFournisseurPrice extends CommonObject // Include file with class $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); - foreach ($dirmodels as $reldir) - { + foreach ($dirmodels as $reldir) { $dir = dol_buildpath($reldir."core/modules/buypricehistory/"); // Load file with numbering class (if found) $mybool |= @include_once $dir.$file; } - if ($mybool === false) - { + if ($mybool === false) { dol_print_error('', "Failed to include file ".$file); return ''; } @@ -821,8 +785,7 @@ class ProductFournisseurPrice extends CommonObject $obj = new $classname(); $numref = $obj->getNextValue($this); - if ($numref != '' && $numref != '-1') - { + if ($numref != '' && $numref != '-1') { return $numref; } else { $this->error = $obj->error; diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index ff18c361ff9..cde318cda81 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -290,7 +290,7 @@ if (empty($reshook)) { foreach ($extrafield_values as $key => $value) { $sql .= str_replace('options_', '', $key).' = "'.$value.'", '; } - $sql = substr($sql, 0, strlen($sql) - 2).' WHERE fk_object = '.$object->product_fourn_price_id; + $sql = substr($sql, 0, strlen($sql) - 2).' WHERE fk_object = '.((int) $object->product_fourn_price_id); } // Execute the sql command from above diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 327c428e9c9..214a12ead14 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -782,7 +782,7 @@ class Entrepot extends CommonObject $parentid = $this->fk_parent; // If parent_id not defined on current object, we do not start consecutive searches of parents $i = 0; while ($parentid > 0 && $i < $protection) { - $sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'entrepot WHERE rowid = '.$parentid; + $sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'entrepot WHERE rowid = '.((int) $parentid); $resql = $this->db->query($sql); if ($resql) { $objarbo = $this->db->fetch_object($resql); @@ -817,7 +817,7 @@ class Entrepot extends CommonObject $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'entrepot - WHERE fk_parent = '.$id; + WHERE fk_parent = '.((int) $id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php index 102e3ba1700..74803f63909 100644 --- a/htdocs/product/stock/class/mouvementstock.class.php +++ b/htdocs/product/stock/class/mouvementstock.class.php @@ -896,7 +896,7 @@ class MouvementStock extends CommonObject $nb = 0; $sql = 'SELECT SUM(value) as nb from '.MAIN_DB_PREFIX.'stock_mouvement'; - $sql .= ' WHERE fk_product = '.$productidselected; + $sql .= ' WHERE fk_product = '.((int) $productidselected); $sql .= " AND datem < '".$this->db->idate($datebefore)."'"; dol_syslog(get_class($this).__METHOD__.'', LOG_DEBUG); diff --git a/htdocs/product/stock/class/productstockentrepot.class.php b/htdocs/product/stock/class/productstockentrepot.class.php index 88fc636e07e..aea8c3e1f14 100644 --- a/htdocs/product/stock/class/productstockentrepot.class.php +++ b/htdocs/product/stock/class/productstockentrepot.class.php @@ -196,7 +196,7 @@ class ProductStockEntrepot extends CommonObject if (!empty($id)) { $sql .= ' WHERE t.rowid = '.((int) $id); } else { - $sql .= ' WHERE t.fk_product = '.$fk_product.' AND t.fk_entrepot = '.$fk_entrepot; + $sql .= ' WHERE t.fk_product = '.((int) $fk_product).' AND t.fk_entrepot = '.((int) $fk_entrepot); } $resql = $this->db->query($sql); diff --git a/htdocs/product/stock/lib/replenishment.lib.php b/htdocs/product/stock/lib/replenishment.lib.php index d0415ccad78..1faa67ad860 100644 --- a/htdocs/product/stock/lib/replenishment.lib.php +++ b/htdocs/product/stock/lib/replenishment.lib.php @@ -39,7 +39,7 @@ function dolDispatchToDo($order_id) // Count nb of quantity dispatched per product $sql = 'SELECT fk_product, SUM(qty) FROM '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch'; - $sql .= ' WHERE fk_commande = '.$order_id; + $sql .= ' WHERE fk_commande = '.((int) $order_id); $sql .= ' GROUP BY fk_product'; $sql .= ' ORDER by fk_product'; $resql = $db->query($sql); @@ -51,7 +51,7 @@ function dolDispatchToDo($order_id) // Count nb of quantity to dispatch per product $sql = 'SELECT fk_product, SUM(qty) FROM '.MAIN_DB_PREFIX.'commande_fournisseurdet'; - $sql .= ' WHERE fk_commande = '.$order_id; + $sql .= ' WHERE fk_commande = '.((int) $order_id); $sql .= ' AND fk_product > 0'; if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) { $sql .= ' AND product_type = 0'; diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index 904fa9b7e94..b282984cef5 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -756,7 +756,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { if (!empty($conf->global->MAIN_MULTILANGS)) { $sql = 'SELECT label,description'; $sql .= ' FROM '.MAIN_DB_PREFIX.'product_lang'; - $sql .= ' WHERE fk_product = '.$objp->rowid; + $sql .= ' WHERE fk_product = '.((int) $objp->rowid); $sql .= ' AND lang = "'.$langs->getDefaultLang().'"'; $sql .= ' LIMIT 1'; diff --git a/htdocs/product/stock/stockatdate.php b/htdocs/product/stock/stockatdate.php index bdac3a70f54..d9a9be0cd70 100644 --- a/htdocs/product/stock/stockatdate.php +++ b/htdocs/product/stock/stockatdate.php @@ -487,7 +487,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { { $sql = 'SELECT label,description'; $sql .= ' FROM '.MAIN_DB_PREFIX.'product_lang'; - $sql .= ' WHERE fk_product = '.$objp->rowid; + $sql .= ' WHERE fk_product = '.((int) $objp->rowid); $sql .= ' AND lang = "'.$langs->getDefaultLang().'"'; $sql .= ' LIMIT 1'; diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index 54f622b95a1..1c3cacb4cee 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -428,7 +428,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($langs->trans("TimeSpentForInvoice", $username).' : '.$qtyhourtext, $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).') AND fk_user = '.((int) $userid); $result = $db->query($sql); if (!$result) { @@ -467,7 +467,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($value['note'], $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).') AND fk_user = '.((int) $userid); $result = $db->query($sql); if (!$result) { @@ -503,7 +503,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($lineName, $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).')'; $result = $db->query($sql); if (!$result) { diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php index 454201203cc..91418707d3a 100644 --- a/htdocs/public/emailing/mailing-read.php +++ b/htdocs/public/emailing/mailing-read.php @@ -122,19 +122,19 @@ if (!empty($tag)) { //Update status of target $statut = '2'; - $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE rowid = ".((int) $obj->rowid); + $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".((int) $statut)." WHERE rowid = ".((int) $obj->rowid); $resql = $db->query($sql); if (!$resql) dol_print_error($db); //Update status communication of thirdparty prospect if ($obj->source_id > 0 && $obj->source_type == 'thirdparty' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid = '.$obj->source_id; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid = '.((int) $obj->source_id); $resql = $db->query($sql); } //Update status communication of contact prospect if ($obj->source_id > 0 && $obj->source_type == 'contact' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.$obj->source_id.')'; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '((int) $obj->source_id).')'; $resql = $db->query($sql); } } diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index fdd1bfd7f73..85ccfc0a1db 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -463,7 +463,7 @@ class Salary extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 7746001dea7..99453db7ac4 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -4620,7 +4620,7 @@ class Societe extends CommonObject $resql = $db->query($sql); while ($obj = $db->fetch_object($resql)) { - $db->query('DELETE FROM '.MAIN_DB_PREFIX.'societe_commerciaux WHERE rowid = '.$obj->rowid); + $db->query('DELETE FROM '.MAIN_DB_PREFIX.'societe_commerciaux WHERE rowid = '.((int) $obj->rowid)); } /** diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index bbb06f2a2da..0320a663ea8 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1777,7 +1777,7 @@ class SupplierProposal extends CommonObject $price = price2num($product->subprice * $product->qty, 'MU'); $unitPrice = price2num($product->subprice, 'MU'); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_fournisseur_price SET '.(!empty($product->ref_fourn) ? 'ref_fourn = "'.$product->ref_fourn.'", ' : '').' price ='.$price.', unitprice ='.$unitPrice.' WHERE rowid = '.$idProductFournPrice; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_fournisseur_price SET '.(!empty($product->ref_fourn) ? 'ref_fourn = "'.$this->db->escape($product->ref_fourn).'", ' : '').' price ='.((float) $price).', unitprice ='.((float) $unitPrice).' WHERE rowid = '.((int) $idProductFournPrice); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/variants/class/ProductAttribute.class.php b/htdocs/variants/class/ProductAttribute.class.php index a4e9f92eb10..1e7f44bb936 100644 --- a/htdocs/variants/class/ProductAttribute.class.php +++ b/htdocs/variants/class/ProductAttribute.class.php @@ -319,7 +319,7 @@ class ProductAttribute extends CommonObject $newrang = $this->rang + 1; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_attribute SET rang = '.$this->rang.' WHERE rang = '.$newrang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_attribute SET rang = '.((int) $this->rang).' WHERE rang = '.((int) $newrang); if (!$this->db->query($sql)) { $this->db->rollback(); diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php index 3dbdb353a3e..32c8c0b8688 100644 --- a/htdocs/website/class/websitepage.class.php +++ b/htdocs/website/class/websitepage.class.php @@ -407,7 +407,7 @@ class WebsitePage extends CommonObject $sql .= " t.object_type,"; $sql .= " t.fk_object"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.fk_website = '.$websiteid; + $sql .= ' WHERE t.fk_website = '.((int) $websiteid); // Manage filter (same than into countAll) $sqlwhere = array(); if (count($filter) > 0) { @@ -509,7 +509,7 @@ class WebsitePage extends CommonObject $sql = 'SELECT COUNT(t.rowid) as nb'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.fk_website = '.$websiteid; + $sql .= ' WHERE t.fk_website = '.((int) $websiteid); // Manage filter (same than into fetchAll) $sqlwhere = array(); if (count($filter) > 0) { diff --git a/htdocs/zapier/class/hook.class.php b/htdocs/zapier/class/hook.class.php index 92066e496e2..5197296f659 100644 --- a/htdocs/zapier/class/hook.class.php +++ b/htdocs/zapier/class/hook.class.php @@ -416,13 +416,13 @@ class Hook extends CommonObject $sql .= ' t.rowid'; // TODO Get all fields $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.entity = '.$conf->entity; + $sql .= ' WHERE t.entity = '.((int) $conf->entity); // Manage filter $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key.' = '.((int) $value); } elseif (strpos($key, 'date') !== false) { $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; } elseif ($key == 'customsql') {