mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-02-20 13:46:52 +01:00
Fix protect sql
This commit is contained in:
Laurent Destailleur
parent
1bd2bd3237
commit
d0cc64479d
|
|
@ -442,7 +442,7 @@ if ($id) {
|
|||
} else {
|
||||
$sql .= " WHERE ";
|
||||
}
|
||||
$sql .= " c.rowid = ".$search_country_id;
|
||||
$sql .= " c.rowid = ".((int) $search_country_id);
|
||||
}
|
||||
|
||||
// If sort order is "country", we use country_code instead
|
||||
|
|
|
|||
|
|
@ -563,7 +563,7 @@ if ($action == 'create') {
|
|||
{
|
||||
$sqlmid = 'SELECT rowid as ref';
|
||||
$sqlmid .= " FROM ".MAIN_DB_PREFIX."facture as fac";
|
||||
$sqlmid .= " WHERE fac.rowid=" . $object->fk_doc;
|
||||
$sqlmid .= " WHERE fac.rowid=" . ((int) $object->fk_doc);
|
||||
dol_syslog("accountancy/bookkeeping/card.php::sqlmid=" . $sqlmid, LOG_DEBUG);
|
||||
$resultmid = $db->query($sqlmid);
|
||||
if ($resultmid) {
|
||||
|
|
|
|||
|
|
@ -473,7 +473,7 @@ class AccountancyCategory // extends CommonObject
|
|||
$sql .= " SELECT DISTINCT aa.account_number";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as aa";
|
||||
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
|
||||
$sql .= " AND asy.rowid = ".$conf->global->CHARTOFACCOUNTS;
|
||||
$sql .= " AND asy.rowid = ".((int) $conf->global->CHARTOFACCOUNTS);
|
||||
$sql .= " AND aa.active = 1";
|
||||
$sql .= " AND aa.entity = ".$conf->entity.")";
|
||||
$sql .= " GROUP BY t.numero_compte, t.label_operation, t.doc_ref";
|
||||
|
|
@ -562,7 +562,7 @@ class AccountancyCategory // extends CommonObject
|
|||
$sql = "SELECT aa.rowid, aa.account_number";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as aa";
|
||||
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
|
||||
$sql .= " AND asy.rowid = ".$conf->global->CHARTOFACCOUNTS;
|
||||
$sql .= " AND asy.rowid = ".((int) $conf->global->CHARTOFACCOUNTS);
|
||||
$sql .= " AND aa.active = 1";
|
||||
$sql .= " AND aa.entity = ".$conf->entity;
|
||||
$sql .= " ORDER BY LENGTH(aa.account_number) DESC;"; // LENGTH is ok with mysql and postgresql
|
||||
|
|
@ -589,8 +589,8 @@ class AccountancyCategory // extends CommonObject
|
|||
$accountincptsadded[$account_number_formated] = 1;
|
||||
// We found an account number that is in list $cpts of account to add
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_account";
|
||||
$sql .= " SET fk_accounting_category=".$id_cat;
|
||||
$sql .= " WHERE rowid=".$obj->rowid;
|
||||
$sql .= " SET fk_accounting_category=".((int) $id_cat);
|
||||
$sql .= " WHERE rowid=".((int) $obj->rowid);
|
||||
dol_syslog(__METHOD__, LOG_DEBUG);
|
||||
$resqlupdate = $this->db->query($sql);
|
||||
if (!$resqlupdate) {
|
||||
|
|
@ -629,7 +629,7 @@ class AccountancyCategory // extends CommonObject
|
|||
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_account as aa";
|
||||
$sql .= " SET fk_accounting_category= 0";
|
||||
$sql .= " WHERE aa.rowid= ".$cpt_id;
|
||||
$sql .= " WHERE aa.rowid = ".((int) $cpt_id);
|
||||
$this->db->begin();
|
||||
|
||||
dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG);
|
||||
|
|
|
|||
|
|
@ -347,10 +347,10 @@ class AccountingAccount extends CommonObject
|
|||
$sql .= " , label = ".($this->label ? "'".$this->db->escape($this->label)."'" : "''");
|
||||
$sql .= " , labelshort = ".($this->labelshort ? "'".$this->db->escape($this->labelshort)."'" : "''");
|
||||
$sql .= " , fk_accounting_category = ".(empty($this->account_category) ? 0 : (int) $this->account_category);
|
||||
$sql .= " , fk_user_modif = ".$user->id;
|
||||
$sql .= " , fk_user_modif = ".((int) $user->id);
|
||||
$sql .= " , active = ".(int) $this->active;
|
||||
$sql .= " , reconcilable = ".(int) $this->reconcilable;
|
||||
$sql .= " WHERE rowid = ".$this->id;
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG);
|
||||
$result = $this->db->query($sql);
|
||||
|
|
|
|||
|
|
@ -1860,7 +1860,7 @@ class BookKeeping extends CommonObject
|
|||
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.account_number = ab.numero_compte";
|
||||
$sql .= " AND aa.active = 1";
|
||||
$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
|
||||
$sql .= " AND asy.rowid = " . $pcgver;
|
||||
$sql .= " AND asy.rowid = " . ((int) $pcgver);
|
||||
$sql .= " AND ab.entity IN (" . getEntity('accountancy') . ")";
|
||||
$sql .= " ORDER BY account_number ASC";
|
||||
*/
|
||||
|
|
@ -1893,7 +1893,7 @@ class BookKeeping extends CommonObject
|
|||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON aa.account_number = ab.numero_compte";
|
||||
$sql .= " AND aa.active = 1";
|
||||
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
|
||||
$sql .= " AND asy.rowid = ".$pcgver;
|
||||
$sql .= " AND asy.rowid = ".((int) $pcgver);
|
||||
$sql .= " AND ab.entity IN (".getEntity('accountancy').")";
|
||||
$sql .= " ORDER BY account_number ASC";
|
||||
|
||||
|
|
|
|||
|
|
@ -110,13 +110,13 @@ if ($action == 'validatehistory') {
|
|||
$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet";
|
||||
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
|
||||
$sql1 .= " FROM " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
|
||||
$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
|
||||
$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
|
||||
$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number";
|
||||
$sql1 .= " AND " . MAIN_DB_PREFIX . "facturedet.fk_code_ventilation = 0";
|
||||
} else {
|
||||
$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet as fd, " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
|
||||
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
|
||||
$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
|
||||
$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
|
||||
$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number";
|
||||
$sql1 .= " AND fd.fk_code_ventilation = 0";
|
||||
}*/
|
||||
|
|
|
|||
|
|
@ -103,13 +103,13 @@ if ($action == 'validatehistory') {
|
|||
$sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det";
|
||||
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
|
||||
$sql1 .= " FROM ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst";
|
||||
$sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=".$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
|
||||
$sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
|
||||
$sql1 .= " AND accnt.active = 1 AND t.accountancy_code = accnt.account_number";
|
||||
$sql1 .= " AND ".MAIN_DB_PREFIX."expensereport_det.fk_code_ventilation = 0";
|
||||
} else {
|
||||
$sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd, ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst";
|
||||
$sql1 .= " SET erd.fk_code_ventilation = accnt.rowid";
|
||||
$sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=".$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
|
||||
$sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
|
||||
$sql1 .= " AND accnt.active = 1 AND t.accountancy_code=accnt.account_number";
|
||||
$sql1 .= " AND erd.fk_code_ventilation = 0";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1323,42 +1323,42 @@ function getSourceDocRef($val, $typerecord)
|
|||
} elseif ($typerecord == 'payment_supplier') {
|
||||
$sqlmid = 'SELECT payfac.fk_facturefourn as id, f.ref';
|
||||
$sqlmid .= " FROM ".MAIN_DB_PREFIX."paiementfourn_facturefourn as payfac, ".MAIN_DB_PREFIX."facture_fourn as f";
|
||||
$sqlmid .= " WHERE payfac.fk_facturefourn = f.rowid AND payfac.fk_paiementfourn=".$val["paymentsupplierid"];
|
||||
$sqlmid .= " WHERE payfac.fk_facturefourn = f.rowid AND payfac.fk_paiementfourn=".((int) $val["paymentsupplierid"]);
|
||||
$ref = $langs->transnoentitiesnoconv("SupplierInvoice");
|
||||
} elseif ($typerecord == 'payment_expensereport') {
|
||||
$sqlmid = 'SELECT e.rowid as id, e.ref';
|
||||
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_expensereport as pe, ".MAIN_DB_PREFIX."expensereport as e";
|
||||
$sqlmid .= " WHERE pe.rowid=".$val["paymentexpensereport"]." AND pe.fk_expensereport = e.rowid";
|
||||
$sqlmid .= " WHERE pe.rowid=".((int) $val["paymentexpensereport"])." AND pe.fk_expensereport = e.rowid";
|
||||
$ref = $langs->transnoentitiesnoconv("ExpenseReport");
|
||||
} elseif ($typerecord == 'payment_salary') {
|
||||
$sqlmid = 'SELECT s.rowid as ref';
|
||||
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_salary as s";
|
||||
$sqlmid .= " WHERE s.rowid=".$val["paymentsalid"];
|
||||
$sqlmid .= " WHERE s.rowid=".((int) $val["paymentsalid"]);
|
||||
$ref = $langs->transnoentitiesnoconv("SalaryPayment");
|
||||
} elseif ($typerecord == 'sc') {
|
||||
$sqlmid = 'SELECT sc.rowid as ref';
|
||||
$sqlmid .= " FROM ".MAIN_DB_PREFIX."paiementcharge as sc";
|
||||
$sqlmid .= " WHERE sc.rowid=".$val["paymentscid"];
|
||||
$sqlmid .= " WHERE sc.rowid=".((int) $val["paymentscid"]);
|
||||
$ref = $langs->transnoentitiesnoconv("SocialContribution");
|
||||
} elseif ($typerecord == 'payment_vat') {
|
||||
$sqlmid = 'SELECT v.rowid as ref';
|
||||
$sqlmid .= " FROM ".MAIN_DB_PREFIX."tva as v";
|
||||
$sqlmid .= " WHERE v.rowid=".$val["paymentvatid"];
|
||||
$sqlmid .= " WHERE v.rowid=".((int) $val["paymentvatid"]);
|
||||
$ref = $langs->transnoentitiesnoconv("PaymentVat");
|
||||
} elseif ($typerecord == 'payment_donation') {
|
||||
$sqlmid = 'SELECT payd.fk_donation as ref';
|
||||
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_donation as payd";
|
||||
$sqlmid .= " WHERE payd.fk_donation=".$val["paymentdonationid"];
|
||||
$sqlmid .= " WHERE payd.fk_donation=".((int) $val["paymentdonationid"]);
|
||||
$ref = $langs->transnoentitiesnoconv("Donation");
|
||||
} elseif ($typerecord == 'payment_loan') {
|
||||
$sqlmid = 'SELECT l.rowid as ref';
|
||||
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_loan as l";
|
||||
$sqlmid .= " WHERE l.rowid=".$val["paymentloanid"];
|
||||
$sqlmid .= " WHERE l.rowid=".((int) $val["paymentloanid"]);
|
||||
$ref = $langs->transnoentitiesnoconv("LoanPayment");
|
||||
} elseif ($typerecord == 'payment_various') {
|
||||
$sqlmid = 'SELECT v.rowid as ref';
|
||||
$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_various as v";
|
||||
$sqlmid .= " WHERE v.rowid=".$val["paymentvariousid"];
|
||||
$sqlmid .= " WHERE v.rowid=".((int) $val["paymentvariousid"]);
|
||||
$ref = $langs->transnoentitiesnoconv("VariousPayment");
|
||||
}
|
||||
// Add warning
|
||||
|
|
|
|||
|
|
@ -118,13 +118,13 @@ if ($action == 'validatehistory') {
|
|||
$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facture_fourn_det";
|
||||
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
|
||||
$sql1 .= " FROM " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
|
||||
$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facture_fourn_det.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
|
||||
$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facture_fourn_det.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
|
||||
$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_buy=accnt.account_number";
|
||||
$sql1 .= " AND " . MAIN_DB_PREFIX . "facture_fourn_det.fk_code_ventilation = 0";
|
||||
} else {
|
||||
$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facture_fourn_det as fd, " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
|
||||
$sql1 .= " SET fk_code_ventilation = accnt.rowid";
|
||||
$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
|
||||
$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
|
||||
$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_buy=accnt.account_number";
|
||||
$sql1 .= " AND fd.fk_code_ventilation = 0";
|
||||
}*/
|
||||
|
|
|
|||
|
|
@ -1597,8 +1597,8 @@ class Adherent extends CommonObject
|
|||
$inserturlid = $acct->add_url_line($insertid, $this->id, DOL_URL_ROOT.'/adherents/card.php?rowid=', $this->getFullname($langs), 'member');
|
||||
if ($inserturlid > 0) {
|
||||
// Update table subscription
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."subscription SET fk_bank=".$insertid;
|
||||
$sql .= " WHERE rowid=".$subscriptionid;
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."subscription SET fk_bank=".((int) $insertid);
|
||||
$sql .= " WHERE rowid=".((int) $subscriptionid);
|
||||
|
||||
dol_syslog("subscription::subscription", LOG_DEBUG);
|
||||
$resql = $this->db->query($sql);
|
||||
|
|
|
|||
|
|
@ -365,7 +365,7 @@ class AdherentType extends CommonObject
|
|||
$sql .= "note = '".$this->db->escape($this->note)."',";
|
||||
$sql .= "vote = ".(integer) $this->db->escape($this->vote).",";
|
||||
$sql .= "mail_valid = '".$this->db->escape($this->mail_valid)."'";
|
||||
$sql .= " WHERE rowid =".$this->id;
|
||||
$sql .= " WHERE rowid =".((int) $this->id);
|
||||
|
||||
$result = $this->db->query($sql);
|
||||
if ($result) {
|
||||
|
|
|
|||
|
|
@ -217,7 +217,7 @@ class Subscription extends CommonObject
|
|||
$sql .= " datef,";
|
||||
$sql .= " subscription, note, fk_bank";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."subscription";
|
||||
$sql .= " WHERE rowid=".$rowid;
|
||||
$sql .= " WHERE rowid=".((int) $rowid);
|
||||
|
||||
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
|
||||
$resql = $this->db->query($sql);
|
||||
|
|
|
|||
|
|
@ -318,7 +318,7 @@ if ($sall) {
|
|||
$sql .= natural_search(array_keys($fieldstosearchall), $sall);
|
||||
}
|
||||
if ($search_type > 0) {
|
||||
$sql .= " AND t.rowid=".$db->escape($search_type);
|
||||
$sql .= " AND t.rowid=".((int) $search_type);
|
||||
}
|
||||
if ($search_filter == 'withoutsubscription') {
|
||||
$sql .= " AND (datefin IS NULL OR t.subscription = 0)";
|
||||
|
|
|
|||
|
|
@ -677,7 +677,7 @@ if ($rowid > 0) {
|
|||
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d, ".MAIN_DB_PREFIX."subscription as c";
|
||||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON c.fk_bank = b.rowid";
|
||||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON b.fk_account = ba.rowid";
|
||||
$sql .= " WHERE d.rowid = c.fk_adherent AND d.rowid=".$rowid;
|
||||
$sql .= " WHERE d.rowid = c.fk_adherent AND d.rowid=".((int) $rowid);
|
||||
$sql .= $db->order($sortfield, $sortorder);
|
||||
|
||||
$result = $db->query($sql);
|
||||
|
|
|
|||
|
|
@ -170,7 +170,7 @@ if (isset($date_select) && $date_select != '') {
|
|||
}
|
||||
if ($search_ref) {
|
||||
if (is_numeric($search_ref)) {
|
||||
$sql .= " AND (c.rowid = ".$db->escape($search_ref).")";
|
||||
$sql .= " AND c.rowid = ".((int) $search_ref);
|
||||
} else {
|
||||
$sql .= " AND 1 = 2"; // Always wrong
|
||||
}
|
||||
|
|
|
|||
|
|
@ -500,7 +500,7 @@ if ($rowid > 0) {
|
|||
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d, ".MAIN_DB_PREFIX."adherent_type as t";
|
||||
$sql .= " WHERE d.fk_adherent_type = t.rowid ";
|
||||
$sql .= " AND d.entity IN (".getEntity('adherent').")";
|
||||
$sql .= " AND t.rowid = ".$object->id;
|
||||
$sql .= " AND t.rowid = ".((int) $object->id);
|
||||
if ($sall) {
|
||||
$sql .= natural_search(array("f.firstname", "d.lastname", "d.societe", "d.email", "d.login", "d.address", "d.town", "d.note_public", "d.note_private"), $sall);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -156,7 +156,7 @@ if ($action == 'delete') {
|
|||
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes";
|
||||
$sql .= " WHERE entity = ".$conf->entity;
|
||||
$sql .= " AND box_id=".$obj->box_id;
|
||||
$sql .= " AND box_id=".((int) $obj->box_id);
|
||||
|
||||
$resql = $db->query($sql);
|
||||
|
||||
|
|
@ -255,7 +255,7 @@ if ($resql) {
|
|||
// We renumber the order of the boxes if one of them is in ''
|
||||
// This occurs just after an insert.
|
||||
if ($decalage) {
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($decalage)."' WHERE rowid=".$obj->rowid;
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($decalage)."' WHERE rowid=".((int) $obj->rowid);
|
||||
$db->query($sql);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1151,7 +1151,7 @@ if ($id) {
|
|||
$sql .= " WHERE 1 = 1";
|
||||
}
|
||||
if ($search_country_id > 0) {
|
||||
$sql .= " AND c.rowid = ".$search_country_id;
|
||||
$sql .= " AND c.rowid = ".((int) $search_country_id);
|
||||
}
|
||||
if ($search_code != '' && $id == 9) {
|
||||
$sql .= natural_search("code_iso", $search_code);
|
||||
|
|
|
|||
|
|
@ -136,7 +136,7 @@ if (GETPOST("delete")) {
|
|||
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes";
|
||||
$sql .= " WHERE entity = ".$conf->entity;
|
||||
$sql .= " AND box_id = ".$obj->rowid;
|
||||
$sql .= " AND box_id = ".((int) $obj->rowid);
|
||||
$resql = $db->query($sql);
|
||||
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def";
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ if ($action == 'activate_encrypt') {
|
|||
if (dol_hash($obj->pass)) {
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
|
||||
$sql .= " SET pass_crypted = '".dol_hash($obj->pass)."', pass = NULL";
|
||||
$sql .= " WHERE rowid=".$obj->rowid;
|
||||
$sql .= " WHERE rowid=".((int) $obj->rowid);
|
||||
//print $sql;
|
||||
|
||||
$resql2 = $db->query($sql);
|
||||
|
|
|
|||
|
|
@ -188,7 +188,7 @@ class AssetType extends CommonObject
|
|||
$sql .= "accountancy_code_depreciation_asset = '".$this->db->escape($this->accountancy_code_depreciation_asset)."',";
|
||||
$sql .= "accountancy_code_depreciation_expense = '".$this->db->escape($this->accountancy_code_depreciation_expense)."',";
|
||||
$sql .= "note = '".$this->db->escape($this->note)."'";
|
||||
$sql .= " WHERE rowid =".$this->id;
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
$result = $this->db->query($sql);
|
||||
if ($result) {
|
||||
|
|
|
|||
|
|
@ -148,7 +148,7 @@ class BlockedLogAuthority
|
|||
|
||||
global $langs;
|
||||
|
||||
dol_syslog(get_class($this)."::fetch id=".$id, LOG_DEBUG);
|
||||
dol_syslog(get_class($this)."::fetch id=".((int) $id), LOG_DEBUG);
|
||||
|
||||
if (empty($id) && empty($signature)) {
|
||||
$this->error = 'BadParameter';
|
||||
|
|
|
|||
|
|
@ -219,7 +219,7 @@ class Bookmark extends CommonObject
|
|||
$sql .= " ,title = '".$this->db->escape($this->title)."'";
|
||||
$sql .= " ,favicon = '".$this->db->escape($this->favicon)."'";
|
||||
$sql .= " ,position = ".(int) $this->position;
|
||||
$sql .= " WHERE rowid = ".$this->id;
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
dol_syslog("Bookmark::update", LOG_DEBUG);
|
||||
if ($this->db->query($sql)) {
|
||||
|
|
|
|||
|
|
@ -1470,7 +1470,7 @@ class Categorie extends CommonObject
|
|||
// Load bank categories
|
||||
$sql = "SELECT c.label, c.rowid";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."bank_class as a, ".MAIN_DB_PREFIX."bank_categ as c";
|
||||
$sql .= " WHERE a.lineid=".$id." AND a.fk_categ = c.rowid";
|
||||
$sql .= " WHERE a.lineid=".((int) $id)." AND a.fk_categ = c.rowid";
|
||||
$sql .= " AND c.entity IN (".getEntity('category').")";
|
||||
$sql .= " ORDER BY c.label";
|
||||
|
||||
|
|
|
|||
|
|
@ -2436,7 +2436,7 @@ class ActionComm extends CommonObject
|
|||
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."actioncomm ";
|
||||
$sql .= " SET percent = ".(int) $percent;
|
||||
$sql .= " WHERE id=".$id;
|
||||
$sql .= " WHERE id = ".((int) $id);
|
||||
|
||||
if ($this->db->query($sql)) {
|
||||
$this->db->commit();
|
||||
|
|
|
|||
|
|
@ -720,7 +720,7 @@ if ($action == 'show_day') {
|
|||
$sql .= ')';
|
||||
}
|
||||
if ($type) {
|
||||
$sql .= " AND ca.id = ".$type;
|
||||
$sql .= " AND ca.id = ".((int) $type);
|
||||
}
|
||||
if ($status == '0') {
|
||||
$sql .= " AND a.percent = 0";
|
||||
|
|
|
|||
|
|
@ -592,7 +592,7 @@ if ($action == 'show_day') {
|
|||
$sql .= ')';
|
||||
}
|
||||
if ($type) {
|
||||
$sql .= " AND ca.id = ".$type;
|
||||
$sql .= " AND ca.id = ".((int) $type);
|
||||
}
|
||||
if ($status == '0') {
|
||||
$sql .= " AND a.percent = 0";
|
||||
|
|
|
|||
|
|
@ -613,7 +613,7 @@ if ($action == 'show_day') {
|
|||
$sql .= ')';
|
||||
}
|
||||
if ($type) {
|
||||
$sql .= " AND ca.id = ".$type;
|
||||
$sql .= " AND ca.id = ".((int) $type);
|
||||
}
|
||||
if ($status == '0') {
|
||||
$sql .= " AND a.percent = 0";
|
||||
|
|
|
|||
|
|
@ -219,7 +219,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
|
||||
$resql = $db->query($sql);
|
||||
|
|
@ -605,7 +605,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY s.datec DESC";
|
||||
$sql .= $db->plimit($max, 0);
|
||||
|
|
@ -711,7 +711,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY c.tms DESC";
|
||||
$sql .= $db->plimit($max + 1, 0);
|
||||
|
|
@ -786,7 +786,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY p.rowid DESC";
|
||||
|
||||
|
|
@ -902,7 +902,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY c.rowid DESC";
|
||||
|
||||
|
|
|
|||
|
|
@ -379,7 +379,7 @@ if ($action == 'deletefilter') {
|
|||
|
||||
if ($action == 'delete') {
|
||||
// Ici, rowid indique le destinataire et id le mailing
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid=".$rowid;
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid = ".((int) $rowid);
|
||||
$resql = $db->query($sql);
|
||||
if ($resql) {
|
||||
if (!empty($id)) {
|
||||
|
|
|
|||
|
|
@ -167,7 +167,7 @@ if (GETPOST('exportcsv', 'int')) {
|
|||
|
||||
if ($action == 'delete') {
|
||||
// Ici, rowid indique le destinataire et id le mailing
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid=".$rowid;
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid = ".((int) $rowid);
|
||||
$resql = $db->query($sql);
|
||||
if ($resql) {
|
||||
if (!empty($id)) {
|
||||
|
|
|
|||
|
|
@ -1477,7 +1477,7 @@ class Propal extends CommonObject
|
|||
$sql .= " WHERE p.entity IN (".getEntity('propal').")"; // Dont't use entity if you use rowid
|
||||
$sql .= " AND p.ref='".$this->db->escape($ref)."'";
|
||||
} else {
|
||||
$sql .= " WHERE p.rowid=".$rowid;
|
||||
$sql .= " WHERE p.rowid = ".((int) $rowid);
|
||||
}
|
||||
|
||||
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
|
||||
|
|
|
|||
|
|
@ -194,7 +194,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) {
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY p.rowid DESC";
|
||||
$sql .= $db->plimit(5, 0);
|
||||
|
|
|
|||
|
|
@ -1807,7 +1807,7 @@ class Commande extends CommonOrder
|
|||
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON c.fk_incoterms = i.rowid';
|
||||
|
||||
if ($id) {
|
||||
$sql .= " WHERE c.rowid=".$id;
|
||||
$sql .= " WHERE c.rowid=".((int) $id);
|
||||
} else {
|
||||
$sql .= " WHERE c.entity IN (".getEntity('commande').")"; // Dont't use entity if you use rowid
|
||||
}
|
||||
|
|
@ -2687,7 +2687,7 @@ class Commande extends CommonOrder
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
if ($draft) {
|
||||
$sql .= " AND c.fk_statut = ".self::STATUS_DRAFT;
|
||||
|
|
|
|||
|
|
@ -105,7 +105,7 @@ if (dol_strlen($begin)) {
|
|||
$sql .= " AND s.nom like '".$db->escape($begin)."'";
|
||||
}
|
||||
if ($socid > 0) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " AND c.fk_statut in (1, 2) AND c.facture = 0";
|
||||
$sql .= " GROUP BY s.nom";
|
||||
|
|
|
|||
|
|
@ -509,6 +509,7 @@ class Account extends CommonObject
|
|||
}
|
||||
|
||||
// Clean parameters
|
||||
$label =
|
||||
$emetteur = trim($emetteur);
|
||||
$banque = trim($banque);
|
||||
|
||||
|
|
@ -516,7 +517,7 @@ class Account extends CommonObject
|
|||
|
||||
if (is_numeric($oper)) { // Clean operation to have a code instead of a rowid
|
||||
$sql = "SELECT code FROM ".MAIN_DB_PREFIX."c_paiement";
|
||||
$sql .= " WHERE id=".$oper;
|
||||
$sql .= " WHERE id = ".((int) $oper);
|
||||
$sql .= " AND entity IN (".getEntity('c_paiement').")";
|
||||
$resql = $this->db->query($sql);
|
||||
if ($resql) {
|
||||
|
|
@ -1223,7 +1224,7 @@ class Account extends CommonObject
|
|||
$sql .= " AND (ba.rappro = 1 AND ba.courant != 2)"; // Compte rapprochable
|
||||
$sql .= " AND clos = 0";
|
||||
if ($filteraccountid) {
|
||||
$sql .= " AND ba.rowid = ".$filteraccountid;
|
||||
$sql .= " AND ba.rowid = ".((int) $filteraccountid);
|
||||
}
|
||||
|
||||
$resql = $this->db->query($sql);
|
||||
|
|
@ -1278,7 +1279,7 @@ class Account extends CommonObject
|
|||
$sql .= " AND (ba.rappro = 1 AND ba.courant != 2)"; // Compte rapprochable
|
||||
$sql .= " AND clos = 0";
|
||||
if ($filteraccountid) {
|
||||
$sql .= " AND ba.rowid = ".$filteraccountid;
|
||||
$sql .= " AND ba.rowid = ".((int) $filteraccountid);
|
||||
}
|
||||
|
||||
$resql = $this->db->query($sql);
|
||||
|
|
|
|||
|
|
@ -268,7 +268,7 @@ $sql = "SELECT b.rowid,b.dateo as do,b.datev as dv, b.amount, b.label, b.rappro,
|
|||
$sql .= " b.num_releve, b.fk_user_author, b.num_chq, b.fk_type, b.fk_account, b.fk_bordereau as receiptid,";
|
||||
$sql .= " b.emetteur,b.banque";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
|
||||
$sql .= " WHERE rowid=".$rowid;
|
||||
$sql .= " WHERE rowid=".((int) $rowid);
|
||||
$sql .= " ORDER BY dateo ASC";
|
||||
$result = $db->query($sql);
|
||||
if ($result) {
|
||||
|
|
|
|||
|
|
@ -342,7 +342,7 @@ if ($resql) {
|
|||
$sql .= "SET";
|
||||
$sql .= " cash='".$db->escape($cash)."'";
|
||||
$sql .= ", card='".$db->escape($bank)."'";
|
||||
$sql .= " where rowid=".$id;
|
||||
$sql .= " where rowid = ".((int) $id);
|
||||
$db->query($sql);
|
||||
*/
|
||||
|
||||
|
|
|
|||
|
|
@ -127,7 +127,7 @@ if (dol_strlen($begin)) {
|
|||
$sql .= natural_search("s.nom", $begin);
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY $sortfield $sortorder ";
|
||||
$sql .= $db->plimit($conf->liste_limit + 1, $offset);
|
||||
|
|
|
|||
|
|
@ -1604,7 +1604,7 @@ class Facture extends CommonInvoice
|
|||
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON f.fk_incoterms = i.rowid';
|
||||
|
||||
if ($rowid) {
|
||||
$sql .= " WHERE f.rowid=".$rowid;
|
||||
$sql .= " WHERE f.rowid=".((int) $rowid);
|
||||
} else {
|
||||
$sql .= ' WHERE f.entity IN ('.getEntity('invoice').')'; // Dont't use entity if you use rowid
|
||||
if ($ref) {
|
||||
|
|
|
|||
|
|
@ -290,7 +290,7 @@ class BonPrelevement extends CommonObject
|
|||
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons as p";
|
||||
$sql .= " WHERE p.entity IN (".getEntity('invoice').")";
|
||||
if ($rowid > 0) {
|
||||
$sql .= " AND p.rowid = ".$rowid;
|
||||
$sql .= " AND p.rowid = ".((int) $rowid);
|
||||
} else {
|
||||
$sql .= " AND p.ref = '".$this->db->escape($ref)."'";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ class LignePrelevement
|
|||
$sql .= ", pl.statut, pl.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes as pl";
|
||||
$sql .= ", ".MAIN_DB_PREFIX."prelevement_bons as p";
|
||||
$sql .= " WHERE pl.rowid=".$rowid;
|
||||
$sql .= " WHERE pl.rowid=".((int) $rowid);
|
||||
$sql .= " AND p.rowid = pl.fk_prelevement_bons";
|
||||
$sql .= " AND p.entity = ".$conf->entity;
|
||||
|
||||
|
|
|
|||
|
|
@ -125,7 +125,7 @@ if ($type == 'bank-transfer') {
|
|||
$sql .= " AND f.fk_soc = s.rowid";
|
||||
$sql .= " AND f.entity IN (".getEntity('invoice').")";
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
if ($search_line) {
|
||||
$sql .= " AND pl.rowid = '".$db->escape($search_line)."'";
|
||||
|
|
|
|||
|
|
@ -99,7 +99,7 @@ if ($type == 'bank-transfer') {
|
|||
$sql .= " AND p.type = 'debit-order'";
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= $db->order($sortfield, $sortorder);
|
||||
$sql .= $db->plimit($limit + 1, $offset);
|
||||
|
|
|
|||
|
|
@ -147,7 +147,7 @@ class ChargeSociales extends CommonObject
|
|||
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as p ON cs.fk_mode_reglement = p.id';
|
||||
$sql .= ' WHERE cs.entity IN ('.getEntity('tax').')';
|
||||
if ($ref) {
|
||||
$sql .= " AND cs.rowid = ".$ref;
|
||||
$sql .= " AND cs.ref = '".$this->db->escape($ref)."'";
|
||||
} else {
|
||||
$sql .= " AND cs.rowid = ".((int) $id);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -195,7 +195,7 @@ $sql .= " WHERE cs.fk_type = c.id";
|
|||
$sql .= " AND cs.entity = ".$conf->entity;
|
||||
// Search criteria
|
||||
if ($search_ref) {
|
||||
$sql .= " AND cs.rowid=".$db->escape($search_ref);
|
||||
$sql .= " AND cs.ref = '".$db->escape($search_ref)."'";
|
||||
}
|
||||
if ($search_label) {
|
||||
$sql .= natural_search("cs.libelle", $search_label);
|
||||
|
|
|
|||
|
|
@ -513,7 +513,7 @@ if ($type == "o") { // filtre sur type
|
|||
$sql .= " AND s.client IN (2, 3)";
|
||||
}
|
||||
if (!empty($socid)) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
// Add where from extra fields
|
||||
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php';
|
||||
|
|
|
|||
|
|
@ -323,11 +323,11 @@ if (!$user->rights->societe->client->voir && !$socid) {
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " GROUP BY c.rowid, c.ref, c.datec, c.tms, c.statut, s.nom, s.rowid";
|
||||
$sql .= " ORDER BY c.tms DESC";
|
||||
$sql .= " LIMIT ".$max;
|
||||
$sql .= $db->plimit($max);
|
||||
|
||||
dol_syslog("contrat/index.php", LOG_DEBUG);
|
||||
$result = $db->query($sql);
|
||||
|
|
@ -398,7 +398,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY cd.tms DESC";
|
||||
|
||||
|
|
@ -480,7 +480,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY cd.tms DESC";
|
||||
|
||||
|
|
@ -562,7 +562,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY cd.tms DESC";
|
||||
|
||||
|
|
|
|||
|
|
@ -288,7 +288,7 @@ if ($search_service) {
|
|||
$sql .= " AND (p.ref LIKE '%".$db->escape($search_service)."%' OR p.description LIKE '%".$db->escape($search_service)."%' OR cd.description LIKE '%".$db->escape($search_service)."%')";
|
||||
}
|
||||
if ($socid > 0) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
|
||||
$filter_dateouvertureprevue_start = dol_mktime(0, 0, 0, $opouvertureprevuemonth, $opouvertureprevueday, $opouvertureprevueyear);
|
||||
|
|
|
|||
|
|
@ -604,10 +604,10 @@ abstract class CommonInvoice extends CommonObject
|
|||
$sqltemp = 'SELECT c.type_cdr, c.nbjour, c.decalage';
|
||||
$sqltemp .= ' FROM '.MAIN_DB_PREFIX.'c_payment_term as c';
|
||||
if (is_numeric($cond_reglement)) {
|
||||
$sqltemp .= " WHERE c.rowid=".$cond_reglement;
|
||||
$sqltemp .= " WHERE c.rowid=".((int) $cond_reglement);
|
||||
} else {
|
||||
$sqltemp .= " WHERE c.entity IN (".getEntity('c_payment_term').")";
|
||||
$sqltemp .= " AND c.code='".$this->db->escape($cond_reglement)."'";
|
||||
$sqltemp .= " AND c.code = '".$this->db->escape($cond_reglement)."'";
|
||||
}
|
||||
|
||||
dol_syslog(get_class($this).'::calculate_date_lim_reglement', LOG_DEBUG);
|
||||
|
|
|
|||
|
|
@ -3969,7 +3969,7 @@ abstract class CommonObject
|
|||
$sql = "DELETE FROM " . MAIN_DB_PREFIX . "element_element";
|
||||
$sql .= " WHERE";
|
||||
if ($rowid > 0) {
|
||||
$sql .= " rowid = " . $rowid;
|
||||
$sql .= " rowid = " . ((int) $rowid);
|
||||
} else {
|
||||
if ($deletesource) {
|
||||
$sql .= " fk_source = " . $sourceid . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'";
|
||||
|
|
@ -5012,7 +5012,7 @@ abstract class CommonObject
|
|||
$this->db->begin();
|
||||
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."element_resources";
|
||||
$sql .= " WHERE rowid=".$rowid;
|
||||
$sql .= " WHERE rowid = ".((int) $rowid);
|
||||
|
||||
dol_syslog(get_class($this)."::delete_resource", LOG_DEBUG);
|
||||
|
||||
|
|
|
|||
|
|
@ -504,11 +504,11 @@ function getCountry($searchkey, $withcode = '', $dbtouse = 0, $outputlangs = '',
|
|||
|
||||
$sql = "SELECT rowid, code, label FROM ".MAIN_DB_PREFIX."c_country";
|
||||
if (is_numeric($searchkey)) {
|
||||
$sql .= " WHERE rowid=".$searchkey;
|
||||
$sql .= " WHERE rowid = ".((int) $searchkey);
|
||||
} elseif (!empty($searchkey)) {
|
||||
$sql .= " WHERE code='".$db->escape($searchkey)."'";
|
||||
$sql .= " WHERE code = '".$db->escape($searchkey)."'";
|
||||
} else {
|
||||
$sql .= " WHERE label='".$db->escape($searchlabel)."'";
|
||||
$sql .= " WHERE label = '".$db->escape($searchlabel)."'";
|
||||
}
|
||||
|
||||
$resql = $dbtouse->query($sql);
|
||||
|
|
|
|||
|
|
@ -295,7 +295,7 @@ class pdf_stdandard extends ModelePDFMovement
|
|||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON m.batch = pl.batch AND m.fk_product = pl.fk_product";
|
||||
$sql .= " WHERE m.fk_product = p.rowid";
|
||||
if ($msid > 0) {
|
||||
$sql .= " AND m.rowid = ".$msid;
|
||||
$sql .= " AND m.rowid = ".((int) $msid);
|
||||
}
|
||||
$sql .= " AND m.fk_entrepot = e.rowid";
|
||||
$sql .= " AND e.entity IN (".getEntity('stock').")";
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ if ($_SERVER['PHP_SELF'] != DOL_URL_ROOT.'/website/index.php') { // If we browsi
|
|||
$sql = "SELECT wp.rowid, wp.lang, wp.pageurl, wp.fk_page";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."website_page as wp";
|
||||
$sql .= " WHERE wp.fk_website = ".((int) $website->id);
|
||||
$sql .= " AND (wp.fk_page = ".$pageid." OR wp.rowid = ".$pageid;
|
||||
$sql .= " AND (wp.fk_page = ".((int) $pageid)." OR wp.rowid = ".((int) $pageid);
|
||||
if (is_object($websitepage) && $websitepage->fk_page > 0) {
|
||||
$sql .= " OR wp.fk_page = ".$websitepage->fk_page." OR wp.rowid = ".$websitepage->fk_page;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -612,7 +612,7 @@ class Don extends CommonObject
|
|||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON d.fk_country = c.rowid";
|
||||
$sql .= " WHERE d.entity IN (".getEntity('donation').")";
|
||||
if (!empty($id)) {
|
||||
$sql .= " AND d.rowid=".$id;
|
||||
$sql .= " AND d.rowid=".((int) $id);
|
||||
} elseif (!empty($ref)) {
|
||||
$sql .= " AND d.ref='".$this->db->escape($ref)."'";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -545,7 +545,7 @@ class Expedition extends CommonObject
|
|||
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_shipment_mode as s ON e.fk_shipping_method = s.rowid';
|
||||
$sql .= " WHERE e.entity IN (".getEntity('expedition').")";
|
||||
if ($id) {
|
||||
$sql .= " AND e.rowid=".$id;
|
||||
$sql .= " AND e.rowid = ".((int) $id);
|
||||
}
|
||||
if ($ref) {
|
||||
$sql .= " AND e.ref='".$this->db->escape($ref)."'";
|
||||
|
|
@ -2033,7 +2033,7 @@ class Expedition extends CommonObject
|
|||
$sql = "SELECT em.rowid, em.code, em.libelle as label, em.description, em.tracking, em.active";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."c_shipment_mode as em";
|
||||
if ($id != '') {
|
||||
$sql .= " WHERE em.rowid=".$id;
|
||||
$sql .= " WHERE em.rowid=".((int) $id);
|
||||
}
|
||||
|
||||
$resql = $this->db->query($sql);
|
||||
|
|
@ -2072,7 +2072,7 @@ class Expedition extends CommonObject
|
|||
$sql .= ",libelle='".$this->db->escape($this->update['libelle'])."'";
|
||||
$sql .= ",description='".$this->db->escape($this->update['description'])."'";
|
||||
$sql .= ",tracking='".$this->db->escape($this->update['tracking'])."'";
|
||||
$sql .= " WHERE rowid=".$id;
|
||||
$sql .= " WHERE rowid=".((int) $id);
|
||||
$resql = $this->db->query($sql);
|
||||
}
|
||||
if ($resql < 0) {
|
||||
|
|
@ -2952,7 +2952,7 @@ class ExpeditionLigne extends CommonObjectLine
|
|||
// delete lot expedition line
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet_batch";
|
||||
$sql .= " WHERE fk_expeditiondet = ".$this->id;
|
||||
$sql .= " AND rowid = ".$expedition_batch_id;
|
||||
$sql .= " AND rowid = ".((int) $expedition_batch_id);
|
||||
|
||||
if (!$this->db->query($sql)) {
|
||||
$this->errors[] = $this->db->lasterror()." - sql=$sql";
|
||||
|
|
|
|||
|
|
@ -771,7 +771,7 @@ if ($action == 'create') {
|
|||
$sql .= " WHERE f.fk_soc = s.rowid";
|
||||
$sql .= " AND f.entity = ".$conf->entity;
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
if (!$user->rights->societe->client->voir && !$socid) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
|
|
|
|||
|
|
@ -432,7 +432,7 @@ class Fichinter extends CommonObject
|
|||
$sql .= " WHERE f.entity IN (".getEntity('intervention').")";
|
||||
$sql .= " AND f.ref='".$this->db->escape($ref)."'";
|
||||
} else {
|
||||
$sql .= " WHERE f.rowid=".$rowid;
|
||||
$sql .= " WHERE f.rowid=".((int) $rowid);
|
||||
}
|
||||
|
||||
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
|
||||
|
|
|
|||
|
|
@ -282,7 +282,7 @@ if (!$user->rights->societe->client->voir && empty($socid)) {
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
if ($sall) {
|
||||
$sql .= natural_search(array_keys($fieldstosearchall), $sall);
|
||||
|
|
|
|||
|
|
@ -331,7 +331,7 @@ class CommandeFournisseur extends CommonOrder
|
|||
if (empty($id)) {
|
||||
$sql .= " WHERE c.entity IN (".getEntity('supplier_order').")";
|
||||
} else {
|
||||
$sql .= " WHERE c.rowid=".$id;
|
||||
$sql .= " WHERE c.rowid=".((int) $id);
|
||||
}
|
||||
|
||||
if ($ref) {
|
||||
|
|
|
|||
|
|
@ -113,7 +113,7 @@ if ($search_amount) {
|
|||
$sql .= natural_search("l.capital", $search_amount, 1);
|
||||
}
|
||||
if ($search_ref) {
|
||||
$sql .= " AND l.rowid = ".$db->escape($search_ref);
|
||||
$sql .= " AND l.rowid = ".((int) $search_ref);
|
||||
}
|
||||
if ($search_label) {
|
||||
$sql .= natural_search("l.label", $search_label);
|
||||
|
|
|
|||
|
|
@ -441,7 +441,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
|
|||
$sql .= " WHERE m.fk_product = p.rowid";
|
||||
$sql .= " AND m.origintype = 'mo' AND m.fk_origin = ".(int) $object->id;
|
||||
if ($msid > 0) {
|
||||
$sql .= " AND m.rowid = ".$msid;
|
||||
$sql .= " AND m.rowid = ".((int) $msid);
|
||||
}
|
||||
$sql .= " AND m.fk_entrepot = e.rowid";
|
||||
$sql .= " AND e.entity IN (".getEntity('stock').")";
|
||||
|
|
|
|||
|
|
@ -1679,11 +1679,11 @@ class Product extends CommonObject
|
|||
{
|
||||
// phpcs:enable
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty";
|
||||
$sql .= " WHERE fk_product_price=".$rowid;
|
||||
$sql .= " WHERE fk_product_price=".((int) $rowid);
|
||||
$resql = $this->db->query($sql);
|
||||
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price";
|
||||
$sql .= " WHERE rowid=".$rowid;
|
||||
$sql .= " WHERE rowid=".((int) $rowid);
|
||||
$resql = $this->db->query($sql);
|
||||
if ($resql) {
|
||||
return 1;
|
||||
|
|
|
|||
|
|
@ -266,7 +266,7 @@ $reshook = $hookmanager->executeHooks('printFieldListJoin', $parameters); // Not
|
|||
$sql .= $hookmanager->resPrint;
|
||||
$sql .= ' WHERE p.entity IN ('.getEntity('product').')';
|
||||
if ($productid > 0) {
|
||||
$sql .= " AND p.rowid = ".$productid;
|
||||
$sql .= " AND p.rowid = ".((int) $productid);
|
||||
}
|
||||
if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) {
|
||||
$sql .= " AND p.fk_product_type = 0";
|
||||
|
|
|
|||
|
|
@ -424,7 +424,7 @@ if ($search_public != '') {
|
|||
$sql .= " AND p.public = ".$db->escape($search_public);
|
||||
}
|
||||
// For external user, no check is done on company permission because readability is managed by public status of project and assignement.
|
||||
//if ($socid > 0) $sql.= " AND s.rowid = ".$socid;
|
||||
//if ($socid > 0) $sql.= " AND s.rowid = ".((int) $socid);
|
||||
if ($search_sale > 0) {
|
||||
$sql .= " AND sc.fk_user = ".((int) $search_sale);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -384,7 +384,7 @@ class Reception extends CommonObject
|
|||
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON e.fk_incoterms = i.rowid';
|
||||
$sql .= " WHERE e.entity IN (".getEntity('reception').")";
|
||||
if ($id) {
|
||||
$sql .= " AND e.rowid=".$id;
|
||||
$sql .= " AND e.rowid=".((int) $id);
|
||||
}
|
||||
if ($ref) {
|
||||
$sql .= " AND e.ref='".$this->db->escape($ref)."'";
|
||||
|
|
@ -1356,7 +1356,7 @@ class Reception extends CommonObject
|
|||
$sql .= ",libelle='".$this->db->escape($this->update['libelle'])."'";
|
||||
$sql .= ",description='".$this->db->escape($this->update['description'])."'";
|
||||
$sql .= ",tracking='".$this->db->escape($this->update['tracking'])."'";
|
||||
$sql .= " WHERE rowid=".$id;
|
||||
$sql .= " WHERE rowid=".((int) $id);
|
||||
$resql = $this->db->query($sql);
|
||||
}
|
||||
if ($resql < 0) {
|
||||
|
|
|
|||
|
|
@ -274,7 +274,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
if (!$user->rights->fournisseur->lire) {
|
||||
$sql .= " AND (s.fournisseur != 1 OR s.client != 0)";
|
||||
|
|
|
|||
|
|
@ -1938,7 +1938,7 @@ class SupplierProposal extends CommonObject
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
if ($draft) {
|
||||
$sql .= " AND p.fk_statut = 0";
|
||||
|
|
|
|||
|
|
@ -315,7 +315,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
|
|||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY p.rowid DESC";
|
||||
|
||||
|
|
|
|||
|
|
@ -504,7 +504,7 @@ class UserGroup extends CommonObject
|
|||
}
|
||||
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights";
|
||||
$sql .= " WHERE fk_usergroup = $this->id AND fk_id=".$nid;
|
||||
$sql .= " WHERE fk_usergroup = $this->id AND fk_id=".((int) $nid);
|
||||
$sql .= " AND entity = ".$entity;
|
||||
if (!$this->db->query($sql)) {
|
||||
$error++;
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user