From f341c7fedde802baf2b0f1c12fc1480466f95bef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= <frederic.france@free.fr>
Date: Wed, 27 Jan 2016 23:09:05 +0100
Subject: [PATCH] Avoid errors with bad parameters

---
 htdocs/webservices/server_thirdparty.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/htdocs/webservices/server_thirdparty.php b/htdocs/webservices/server_thirdparty.php
index 542e2980c45..50b8e80e363 100644
--- a/htdocs/webservices/server_thirdparty.php
+++ b/htdocs/webservices/server_thirdparty.php
@@ -685,9 +685,9 @@ function getListOfThirdParties($authentication,$filterthirdparty)
         foreach($filterthirdparty as $key => $val)
         {
             if ($key == 'name'     && $val != '')  $sql.=" AND s.name LIKE '%".$db->escape($val)."%'";
-        	if ($key == 'client'   && $val != '')  $sql.=" AND s.client = ".$db->escape($val);
-            if ($key == 'supplier' && $val != '')  $sql.=" AND s.fournisseur = ".$db->escape($val);
-            if ($key == 'category' && $val != '')  $sql.=" AND s.rowid IN (SELECT fk_soc FROM ".MAIN_DB_PREFIX."categorie_societe WHERE fk_categorie=".$db->escape($val).") ";
+        	if ($key == 'client'   && (int) $val > 0)  $sql.=" AND s.client = ".$db->escape($val);
+            if ($key == 'supplier' && (int) $val > 0)  $sql.=" AND s.fournisseur = ".$db->escape($val);
+            if ($key == 'category' && (int) $val > 0)  $sql.=" AND s.rowid IN (SELECT fk_soc FROM ".MAIN_DB_PREFIX."categorie_societe WHERE fk_categorie=".$db->escape($val).") ";
         }
         dol_syslog("Function: getListOfThirdParties", LOG_DEBUG);