Avoid errors with bad parameters

2025-02-20 13:46:52 +01:00 · 2016-01-27 23:09:05 +01:00 · 2016-01-27 23:09:05 +01:00 · f341c7fedd
commit f341c7fedd
parent 06bbf4c966
1 changed files with 3 additions and 3 deletions
--- a/htdocs/webservices/server_thirdparty.php
+++ b/htdocs/webservices/server_thirdparty.php
@ -685,9 +685,9 @@ function getListOfThirdParties($authentication,$filterthirdparty)
        foreach($filterthirdparty as $key => $val)
        {
            if ($key == 'name'     && $val != '')  $sql.=" AND s.name LIKE '%".$db->escape($val)."%'";
-        	if ($key == 'client'   && $val != '')  $sql.=" AND s.client = ".$db->escape($val);
-            if ($key == 'supplier' && $val != '')  $sql.=" AND s.fournisseur = ".$db->escape($val);
-            if ($key == 'category' && $val != '')  $sql.=" AND s.rowid IN (SELECT fk_soc FROM ".MAIN_DB_PREFIX."categorie_societe WHERE fk_categorie=".$db->escape($val).") ";
+        	if ($key == 'client'   && (int) $val > 0)  $sql.=" AND s.client = ".$db->escape($val);
+            if ($key == 'supplier' && (int) $val > 0)  $sql.=" AND s.fournisseur = ".$db->escape($val);
+            if ($key == 'category' && (int) $val > 0)  $sql.=" AND s.rowid IN (SELECT fk_soc FROM ".MAIN_DB_PREFIX."categorie_societe WHERE fk_categorie=".$db->escape($val).") ";
        }
        dol_syslog("Function: getListOfThirdParties", LOG_DEBUG);