Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix yogosha 6347

Browse Source
This commit is contained in:
Laurent Destailleur 2021-06-09 15:36:47 +02:00
parent d4ca6bf42a
commit fb46ece906
199 changed files with 507 additions and 533 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/accountancy/admin/categories_list.php
View File

@ -444,7 +444,7 @@ if ($search_country_id > 0) {
} else {
$sql .= " WHERE ";
}
$sql .= " (a.fk_country = ".$search_country_id." OR a.fk_country = 0)";
$sql .= " (a.fk_country = ".((int) $search_country_id)." OR a.fk_country = 0)";
}
// If sort order is "country", we use country_code instead

4
htdocs/accountancy/class/accountancycategory.class.php
View File

@ -675,7 +675,7 @@ class AccountancyCategory // extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."c_accounting_category as c";
$sql .= " WHERE c.active = 1";
$sql .= " AND c.entity = ".$conf->entity;
$sql .= " AND (c.fk_country = ".$mysoc->country_id." OR c.fk_country = 0)";
$sql .= " AND (c.fk_country = ".((int) $mysoc->country_id)." OR c.fk_country = 0)";
$sql .= " AND cat.rowid = t.fk_accounting_category";
$sql .= " AND t.entity = ".$conf->entity;
$sql .= " ORDER BY cat.position ASC";
@ -806,7 +806,7 @@ class AccountancyCategory // extends CommonObject
if ($categorytype >= 0) {
$sql .= " AND c.category_type = 1";
}
$sql .= " AND (c.fk_country = ".$mysoc->country_id." OR c.fk_country = 0)";
$sql .= " AND (c.fk_country = ".((int) $mysoc->country_id)." OR c.fk_country = 0)";
$sql .= " ORDER BY c.position ASC";
$resql = $this->db->query($sql);

4
htdocs/accountancy/class/accountingaccount.class.php
View File

@ -602,7 +602,7 @@ class AccountingAccount extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_account ";
$sql .= "SET ".$fieldtouse." = '0'";
$sql .= " WHERE rowid = ".$this->db->escape($id);
$sql .= " WHERE rowid = ".((int) $id);
dol_syslog(get_class($this)."::accountDeactivate ".$fieldtouse." sql=".$sql, LOG_DEBUG);
$result = $this->db->query($sql);
@ -640,7 +640,7 @@ class AccountingAccount extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_account";
$sql .= " SET ".$fieldtouse." = '1'";
$sql .= " WHERE rowid = ".$this->db->escape($id);
$sql .= " WHERE rowid = ".((int) $id);
dol_syslog(get_class($this)."::account_activate ".$fieldtouse." sql=".$sql, LOG_DEBUG);
$result = $this->db->query($sql);

4
htdocs/accountancy/class/bookkeeping.class.php
View File

@ -294,7 +294,7 @@ class BookKeeping extends CommonObject
$sql = "SELECT count(*) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element;
$sql .= " WHERE doc_type = '".$this->db->escape($this->doc_type)."'";
$sql .= " AND fk_doc = ".$this->fk_doc;
$sql .= " AND fk_doc = ".((int) $this->fk_doc);
if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) {
// DO NOT USE THIS IN PRODUCTION. This will generate a lot of trouble into reports and will corrupt database (by generating duplicate entries.
$sql .= " AND fk_docdet = " . $this->fk_docdet; // This field can be 0 if record is for several lines
@ -312,7 +312,7 @@ class BookKeeping extends CommonObject
$sqlnum = "SELECT piece_num";
$sqlnum .= " FROM ".MAIN_DB_PREFIX.$this->table_element;
$sqlnum .= " WHERE doc_type = '".$this->db->escape($this->doc_type)."'"; // For example doc_type = 'bank'
$sqlnum .= " AND fk_doc = ".$this->fk_doc;
$sqlnum .= " AND fk_doc = ".((int) $this->fk_doc);
if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) {
// fk_docdet is rowid into llx_bank or llx_facturedet or llx_facturefourndet, or ...
$sqlnum .= " AND fk_docdet = ".((int) $this->fk_docdet);

2
htdocs/accountancy/journal/bankjournal.php
View File

@ -1320,7 +1320,7 @@ function getSourceDocRef($val, $typerecord)
if ($typerecord == 'payment') {
$sqlmid = 'SELECT payfac.fk_facture as id, f.ref as ref';
$sqlmid .= " FROM ".MAIN_DB_PREFIX."paiement_facture as payfac, ".MAIN_DB_PREFIX."facture as f";
$sqlmid .= " WHERE payfac.fk_facture = f.rowid AND payfac.fk_paiement=".$val["paymentid"];
$sqlmid .= " WHERE payfac.fk_facture = f.rowid AND payfac.fk_paiement=".((int) $val["paymentid"]);
$ref = $langs->transnoentitiesnoconv("Invoice");
} elseif ($typerecord == 'payment_supplier') {
$sqlmid = 'SELECT payfac.fk_facturefourn as id, f.ref';

6
htdocs/adherents/class/adherent.class.php
View File

@ -598,8 +598,8 @@ class Adherent extends CommonObject
if ($this->user_id) {
// Add link to user
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET";
$sql .= " fk_member = ".$this->id;
$sql .= " WHERE rowid = ".$this->user_id;
$sql .= " fk_member = ".((int) $this->id);
$sql .= " WHERE rowid = ".((int) $this->user_id);
dol_syslog(get_class($this)."::create", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -728,7 +728,7 @@ class Adherent extends CommonObject
if (!empty($this->oldcopy) && $this->typeid != $this->oldcopy->typeid) {
$sql2 = "SELECT libelle as label";
$sql2 .= " FROM ".MAIN_DB_PREFIX."adherent_type";
$sql2 .= " WHERE rowid = ".$this->typeid;
$sql2 .= " WHERE rowid = ".((int) $this->typeid);
$resql2 = $this->db->query($sql2);
if ($resql2) {
while ($obj = $this->db->fetch_object($resql2)) {

2
htdocs/adherents/class/adherent_type.class.php
View File

@ -362,7 +362,7 @@ class AdherentType extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."adherent_type ";
$sql .= "SET ";
$sql .= "statut = ".$this->status.",";
$sql .= "statut = ".((int) $this->status).",";
$sql .= "libelle = '".$this->db->escape($this->label)."',";
$sql .= "morphy = '".$this->db->escape($this->morphy)."',";
$sql .= "subscription = '".$this->db->escape($this->subscription)."',";

6
htdocs/adherents/class/api_members.class.php
View File

@ -228,12 +228,12 @@ class Members extends DolibarrApi
}
$sql .= ' WHERE t.entity IN ('.getEntity('adherent').')';
if (!empty($typeid)) {
$sql .= ' AND t.fk_adherent_type='.$typeid;
$sql .= ' AND t.fk_adherent_type='.((int) $typeid);
}
// Select members of given category
if ($category > 0) {
$sql .= " AND c.fk_categorie = ".$this->db->escape($category);
$sql .= " AND c.fk_member = t.rowid ";
$sql .= " AND c.fk_categorie = ".((int) $category);
$sql .= " AND c.fk_member = t.rowid";
}
// Add sql filters
if ($sqlfilters) {

8
htdocs/adherents/class/subscription.class.php
View File

@ -267,14 +267,14 @@ class Subscription extends CommonObject
}
$sql = "UPDATE ".MAIN_DB_PREFIX."subscription SET ";
$sql .= " fk_type = ".$this->fk_type.",";
$sql .= " fk_adherent = ".$this->fk_adherent.",";
$sql .= " fk_type = ".((int) $this->fk_type).",";
$sql .= " fk_adherent = ".((int) $this->fk_adherent).",";
$sql .= " note=".($this->note ? "'".$this->db->escape($this->note)."'" : 'null').",";
$sql .= " subscription = ".price2num($this->amount).",";
$sql .= " dateadh='".$this->db->idate($this->dateh)."',";
$sql .= " datef='".$this->db->idate($this->datef)."',";
$sql .= " datec='".$this->db->idate($this->datec)."',";
$sql .= " fk_bank = ".($this->fk_bank ? $this->fk_bank : 'null');
$sql .= " fk_bank = ".($this->fk_bank ? ((int) $this->fk_bank) : 'null');
$sql .= " WHERE rowid = ".$this->id;
dol_syslog(get_class($this)."::update", LOG_DEBUG);
@ -341,7 +341,7 @@ class Subscription extends CommonObject
}
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE rowid = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {

10
htdocs/api/class/api_setup.class.php
View File

@ -200,7 +200,7 @@ class Setup extends DolibarrApi
$sql = "SELECT id, code, type, libelle as label, module";
$sql .= " FROM ".MAIN_DB_PREFIX."c_paiement as t";
$sql .= " WHERE t.entity IN (".getEntity('c_paiement').")";
$sql .= " AND t.active = ".$active;
$sql .= " AND t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {
@ -1055,7 +1055,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid AS id, zip, town, fk_county, fk_pays AS fk_country";
$sql .= " FROM ".MAIN_DB_PREFIX."c_ziptown as t";
$sql .= " AND t.active = ".$active;
$sql .= " AND t.active = ".((int) $active);
if ($zipcode) {
$sql .= " AND t.zip LIKE '%".$this->db->escape($zipcode)."%'";
}
@ -1125,7 +1125,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid as id, code, sortorder, libelle as label, libelle_facture as descr, type_cdr, nbjour, decalage, module";
$sql .= " FROM ".MAIN_DB_PREFIX."c_payment_term as t";
$sql .= " WHERE t.entity IN (".getEntity('c_payment_term').")";
$sql .= " AND t.active = ".$active;
$sql .= " AND t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {
@ -1183,7 +1183,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid as id, code, libelle as label, description, tracking, module";
$sql .= " FROM ".MAIN_DB_PREFIX."c_shipment_mode as t";
$sql .= " WHERE t.entity IN (".getEntity('c_shipment_mode').")";
$sql .= " AND t.active = ".$active;
$sql .= " AND t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {
@ -1307,7 +1307,7 @@ class Setup extends DolibarrApi
$sql = "SELECT t.rowid, t.entity, t.code, t.label, t.url, t.icon, t.active";
$sql .= " FROM ".MAIN_DB_PREFIX."c_socialnetworks as t";
$sql .= " WHERE t.entity IN (".getEntity('c_socialnetworks').")";
$sql .= " AND t.active = ".$active;
$sql .= " AND t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {

4
htdocs/asset/class/asset_type.class.php
View File

@ -332,7 +332,7 @@ class AssetType extends CommonObject
/**
* Return array of Asset objects for asset type this->id (or all if this->id not defined)
*
* @param string $excludefilter Filter to exclude. This parameter must not be provided by input of users
* @param string $excludefilter Filter string to exclude. This parameter must not be provided by input of users
* @param int $mode 0=Return array of asset instance
* 1=Return array of asset instance without extra data
* 2=Return array of asset id only
@ -347,7 +347,7 @@ class AssetType extends CommonObject
$sql = "SELECT a.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."asset as a";
$sql .= " WHERE a.entity IN (".getEntity('asset').")";
$sql .= " AND a.fk_asset_type = ".$this->id;
$sql .= " AND a.fk_asset_type = ".((int) $this->id);
if (!empty($excludefilter)) {
$sql .= ' AND ('.$excludefilter.')';
}

4
htdocs/bom/class/bom.class.php
View File

@ -614,8 +614,8 @@ class BOM extends CommonObject
$sql .= " SET ref = '".$this->db->escape($num)."',";
$sql .= " status = ".self::STATUS_VALIDATED.",";
$sql .= " date_valid='".$this->db->idate($now)."',";
$sql .= " fk_user_valid = ".$user->id;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " fk_user_valid = ".((int) $user->id);
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::validate()", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/bookmarks/bookmarks.lib.php
View File

@ -80,7 +80,7 @@ function printDropdownBookmarksList()
// Menu with list of bookmarks
$sql = "SELECT rowid, title, url, target FROM ".MAIN_DB_PREFIX."bookmark";
$sql .= " WHERE (fk_user = ".$user->id." OR fk_user is NULL OR fk_user = 0)";
$sql .= " WHERE (fk_user = ".((int) $user->id)." OR fk_user is NULL OR fk_user = 0)";
$sql .= " AND entity IN (".getEntity('bookmarks').")";
$sql .= " ORDER BY position";
if ($resql = $db->query($sql)) {

2
htdocs/bookmarks/list.php
View File

@ -98,7 +98,7 @@ $sql .= " FROM ".MAIN_DB_PREFIX."bookmark as b LEFT JOIN ".MAIN_DB_PREFIX."user
$sql .= " WHERE 1=1";
$sql .= " AND b.entity IN (".getEntity('bookmark').")";
if (!$user->admin) {
$sql .= " AND (b.fk_user = ".$user->id." OR b.fk_user is NULL OR b.fk_user = 0)";
$sql .= " AND (b.fk_user = ".((int) $user->id)." OR b.fk_user is NULL OR b.fk_user = 0)";
}
$sql .= $db->order($sortfield.", position", $sortorder);

6
htdocs/categories/class/categorie.class.php
View File

@ -774,7 +774,7 @@ class Categorie extends CommonObject
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]);
$sql .= " WHERE fk_categorie = ".$this->id;
$sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".$obj->id;
$sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $obj->id);
dol_syslog(get_class($this).'::del_type', LOG_DEBUG);
if ($this->db->query($sql)) {
@ -1303,7 +1303,7 @@ class Categorie extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."categorie as c ";
$sql .= " WHERE c.entity IN (".getEntity('category').")";
$sql .= " AND c.type = ".((int) $type);
$sql .= " AND c.fk_parent = ".$this->fk_parent;
$sql .= " AND c.fk_parent = ".((int) $this->fk_parent);
$sql .= " AND c.label = '".$this->db->escape($this->label)."'";
dol_syslog(get_class($this)."::already_exists", LOG_DEBUG);
@ -1552,7 +1552,7 @@ class Categorie extends CommonObject
// Generation requete recherche
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."categorie";
$sql .= " WHERE type = ".$this->MAP_ID[$type];
$sql .= " WHERE type = ".((int) $this->MAP_ID[$type]);
$sql .= " AND entity IN (".getEntity('category').")";
if ($nom) {
if (!$exact) {

4
htdocs/comm/action/class/actioncomm.class.php
View File

@ -1896,7 +1896,7 @@ class ActionComm extends CommonObject
$userforfilter = new User($this->db);
$result = $userforfilter->fetch('', $logint);
if ($result > 0) {
$sql .= " AND ar.fk_element = ".$userforfilter->id;
$sql .= " AND ar.fk_element = ".((int) $userforfilter->id);
} elseif ($result < 0 || $condition == '=') {
$sql .= " AND ar.fk_element = 0";
}
@ -2410,7 +2410,7 @@ class ActionComm extends CommonObject
// Delete also very old past events (we do not keep more than 1 month record in past)
$sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_reminder";
$sql .= " WHERE dateremind < '".$this->db->idate($now - (3600 * 24 * 32))."'";
$sql .= " AND status = ".$actionCommReminder::STATUS_DONE;
$sql .= " AND status = ".((int) $actionCommReminder::STATUS_DONE);
$resql = $this->db->query($sql);
if (!$resql) {

4
htdocs/comm/action/index.php
View File

@ -741,10 +741,10 @@ if ($status == 'todo') {
if ($filtert > 0 || $usergroup > 0) {
$sql .= " AND (";
if ($filtert > 0) {
$sql .= "ar.fk_element = ".$filtert;
$sql .= "ar.fk_element = ".((int) $filtert);
}
if ($usergroup > 0) {
$sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".$usergroup;
$sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".((int) $usergroup);
}
$sql .= ")";
}

2
htdocs/comm/action/pertype.php
View File

@ -616,7 +616,7 @@ if ($filtert > 0 || $usergroup > 0) {
$sql .= "ar.fk_element = ".$filtert;
}
if ($usergroup > 0) {
$sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".$usergroup;
$sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".((int) $usergroup);
}
$sql .= ")";
}

4
htdocs/comm/action/peruser.php
View File

@ -637,7 +637,7 @@ if ($filtert > 0 || $usergroup > 0) {
$sql .= "ar.fk_element = ".$filtert;
}
if ($usergroup > 0) {
$sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".$usergroup;
$sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".((int) $usergroup);
}
$sql .= ")";
}
@ -899,7 +899,7 @@ while ($currentdaytoshow < $lastdaytoshow) {
}
$sql .= " WHERE u.statut = 1 AND u.entity IN (".getEntity('user').")";
if ($usergroup > 0) {
$sql .= " AND ug.fk_usergroup = ".$usergroup;
$sql .= " AND ug.fk_usergroup = ".((int) $usergroup);
}
//print $sql;
$resql = $db->query($sql);

8
htdocs/comm/contact.php
View File

@ -104,23 +104,15 @@ if ($type == "f") {
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
}
if (dol_strlen($stcomm)) {
$sql .= " AND s.fk_stcomm=".$db->escape($stcomm);
}
if (!empty($search_lastname)) {
$sql .= " AND p.name LIKE '%".$db->escape($search_lastname)."%'";
}
if (!empty($search_firstname)) {
$sql .= " AND p.firstname LIKE '%".$db->escape($search_firstname)."%'";
}
if (!empty($search_company)) {
$sql .= " AND s.nom LIKE '%".$db->escape($search_company)."%'";
}
if (!empty($contactname)) { // acces a partir du module de recherche
$sql .= " AND (p.name LIKE '%".$db->escape($contactname)."%' OR lower(p.firstname) LIKE '%".$db->escape($contactname)."%') ";
$sortfield = "p.name";

10
htdocs/comm/propal/class/propal.class.php
View File

@ -2463,12 +2463,12 @@ class Propal extends CommonObject
$error = 0;
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_statut = ".$status.",";
$sql .= " SET fk_statut = ".((int) $status).",";
if (!empty($note)) {
$sql .= " note_private = '".$this->db->escape($note)."',";
}
$sql .= " date_cloture=NULL, fk_user_cloture=NULL";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$this->db->begin();
@ -4305,7 +4305,7 @@ class PropaleLigne extends CommonObjectLine
}
$sql .= ", fk_parent_line=".($this->fk_parent_line > 0 ? $this->fk_parent_line : "null");
if (!empty($this->rang)) {
$sql .= ", rang=".$this->rang;
$sql .= ", rang=".((int) $this->rang);
}
$sql .= ", date_start=".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null");
$sql .= ", date_end=".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null");
@ -4317,7 +4317,7 @@ class PropaleLigne extends CommonObjectLine
$sql .= ", multicurrency_total_tva=".price2num($this->multicurrency_total_tva)."";
$sql .= ", multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc)."";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -4365,7 +4365,7 @@ class PropaleLigne extends CommonObjectLine
$sql .= " total_ht=".price2num($this->total_ht, 'MT')."";
$sql .= ",total_tva=".price2num($this->total_tva, 'MT')."";
$sql .= ",total_ttc=".price2num($this->total_ttc, 'MT')."";
$sql .= " WHERE rowid = ".$this->rowid;
$sql .= " WHERE rowid = ".((int) $this->rowid);
dol_syslog("PropaleLigne::update_total", LOG_DEBUG);

8
htdocs/comm/propal/index.php
View File

@ -88,7 +88,7 @@ if (!empty($conf->propal->enabled)) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND p.fk_soc = ".$socid;
$sql .= " AND p.fk_soc = ".((int) $socid);
}
$resql = $db->query($sql);
@ -160,7 +160,7 @@ $sql .= " WHERE c.entity IN (".getEntity($propalstatic->element).")";
$sql .= " AND c.fk_soc = s.rowid";
//$sql.= " AND c.fk_statut > 2";
if ($socid) {
$sql .= " AND c.fk_soc = ".$socid;
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
@ -318,7 +318,7 @@ if (! empty($conf->propal->enabled))
$sql.= " WHERE c.fk_soc = s.rowid";
$sql.= " AND c.entity = ".$conf->entity;
$sql.= " AND c.fk_statut = 1";
if ($socid) $sql.= " AND c.fk_soc = ".$socid;
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
$sql.= " ORDER BY c.rowid DESC";
@ -393,7 +393,7 @@ if (! empty($conf->propal->enabled))
$sql.= " WHERE c.fk_soc = s.rowid";
$sql.= " AND c.entity = ".$conf->entity;
$sql.= " AND c.fk_statut = 2 ";
if ($socid) $sql.= " AND c.fk_soc = ".$socid;
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
$sql.= " ORDER BY c.rowid DESC";

12
htdocs/comm/propal/list.php
View File

@ -593,27 +593,27 @@ if ($sall) {
$sql .= natural_search(array_keys($fieldstosearchall), $sall);
}
if ($search_categ_cus > 0) {
$sql .= " AND cc.fk_categorie = ".$db->escape($search_categ_cus);
$sql .= " AND cc.fk_categorie = ".((int) $search_categ_cus);
}
if ($search_categ_cus == -2) {
$sql .= " AND cc.fk_categorie IS NULL";
}
if ($search_fk_cond_reglement > 0) {
$sql .= " AND p.fk_cond_reglement = ".$db->escape($search_fk_cond_reglement);
$sql .= " AND p.fk_cond_reglement = ".((int) $search_fk_cond_reglement);
}
if ($search_fk_shipping_method > 0) {
$sql .= " AND p.fk_shipping_method = ".$db->escape($search_fk_shipping_method);
$sql .= " AND p.fk_shipping_method = ".((int) $search_fk_shipping_method);
}
if ($search_fk_input_reason > 0) {
$sql .= " AND p.fk_input_reason = ".$db->escape($search_fk_input_reason);
$sql .= " AND p.fk_input_reason = ".((int) $search_fk_input_reason);
}
if ($search_fk_mode_reglement > 0) {
$sql .= " AND p.fk_mode_reglement = ".$db->escape($search_fk_mode_reglement);
$sql .= " AND p.fk_mode_reglement = ".((int) $search_fk_mode_reglement);
}
if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".$db->escape($search_product_category);
$sql .= " AND cp.fk_categorie = ".((int) $search_product_category);
}
if ($socid > 0) {
$sql .= ' AND s.rowid = '.((int) $socid);

8
htdocs/comm/prospect/index.php
View File

@ -87,7 +87,7 @@ $sql .= " WHERE s.fk_stcomm = st.id";
$sql .= " AND s.client IN (2, 3)";
$sql .= " AND s.entity IN (".getEntity($companystatic->element).")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY st.id";
$sql .= " ORDER BY st.id";
@ -129,7 +129,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) {
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.entity IN (".getEntity('propal').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $db->query($sql);
@ -191,7 +191,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) {
$sql .= " AND p.fk_statut = 1";
$sql .= " AND p.entity IN (".getEntity('propal').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -250,7 +250,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE s.fk_stcomm = 1";
$sql .= " AND s.entity IN (".getEntity($companystatic->element).")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY s.tms ASC";
$sql .= $db->plimit(15, 0);

10
htdocs/commande/class/commande.class.php
View File

@ -2539,7 +2539,7 @@ class Commande extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande";
$sql .= " SET date_commande = ".($date ? "'".$this->db->idate($date)."'" : 'null');
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".((int) self::STATUS_DRAFT);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -4559,14 +4559,14 @@ class OrderLine extends CommonOrderLine
}
$sql .= " , fk_product_fournisseur_price=".(!empty($this->fk_fournprice) ? $this->fk_fournprice : "null");
$sql .= " , buy_price_ht='".price2num($this->pa_ht)."'";
$sql .= " , info_bits=".$this->info_bits;
$sql .= " , special_code=".$this->special_code;
$sql .= " , info_bits=".((int) $this->info_bits);
$sql .= " , special_code=".((int) $this->special_code);
$sql .= " , date_start=".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null");
$sql .= " , date_end=".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null");
$sql .= " , product_type=".$this->product_type;
$sql .= " , fk_parent_line=".(!empty($this->fk_parent_line) ? $this->fk_parent_line : "null");
if (!empty($this->rang)) {
$sql .= ", rang=".$this->rang;
$sql .= ", rang=".((int) $this->rang);
}
$sql .= " , fk_unit=".(!$this->fk_unit ? 'NULL' : $this->fk_unit);
@ -4576,7 +4576,7 @@ class OrderLine extends CommonOrderLine
$sql .= " , multicurrency_total_tva=".price2num($this->multicurrency_total_tva)."";
$sql .= " , multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc)."";
$sql .= " WHERE rowid = ".$this->rowid;
$sql .= " WHERE rowid = ".((int) $this->rowid);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
$resql = $this->db->query($sql);

3
htdocs/commande/customer.php
View File

@ -89,9 +89,6 @@ $sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if (dol_strlen($stcomm)) {
$sql .= " AND s.fk_stcomm=".$stcomm;
}
if (GETPOST("search_nom")) {
$sql .= natural_search("s.nom", GETPOST("search_nom"));
}

8
htdocs/commande/index.php
View File

@ -166,7 +166,7 @@ $sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('commande').")";
//$sql.= " AND c.fk_statut > 2";
if ($socid) {
$sql .= " AND c.fk_soc = ".$socid;
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
@ -250,7 +250,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.entity IN (".getEntity('commande').")";
$sql .= " AND c.fk_statut = ".Commande::STATUS_VALIDATED;
if ($socid) {
$sql .= " AND c.fk_soc = ".$socid;
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
@ -337,9 +337,9 @@ if (!empty($conf->commande->enabled)) {
}
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('commande').")";
$sql .= " AND c.fk_statut = ".Commande::STATUS_ACCEPTED;
$sql .= " AND c.fk_statut = ".((int) Commande::STATUS_ACCEPTED);
if ($socid) {
$sql .= " AND c.fk_soc = ".$socid;
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;

2
htdocs/commande/list.php
View File

@ -473,7 +473,7 @@ if ($search_user > 0) {
$sql .= ' WHERE c.fk_soc = s.rowid';
$sql .= ' AND c.entity IN ('.getEntity('commande').')';
if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".$search_product_category;
$sql .= " AND cp.fk_categorie = ".((int) $search_product_category);
}
if ($socid > 0) {
$sql .= ' AND s.rowid = '.((int) $socid);

2
htdocs/compta/bank/bankentries_list.php
View File

@ -1181,7 +1181,7 @@ if ($resql) {
$sqlforbalance .= " ".MAIN_DB_PREFIX."bank as b";
$sqlforbalance .= " WHERE b.fk_account = ba.rowid";
$sqlforbalance .= " AND ba.entity IN (".getEntity('bank_account').")";
$sqlforbalance .= " AND b.fk_account = ".$search_account;
$sqlforbalance .= " AND b.fk_account = ".((int) $search_account);
$sqlforbalance .= " AND (b.datev < '".$db->idate($db->jdate($objp->dv))."' OR (b.datev = '".$db->idate($db->jdate($objp->dv))."' AND (b.dateo < '".$db->idate($db->jdate($objp->do))."' OR (b.dateo = '".$db->idate($db->jdate($objp->do))."' AND b.rowid < ".$objp->rowid."))))";
$resqlforbalance = $db->query($sqlforbalance);
//print $sqlforbalance;

4
htdocs/compta/bank/class/account.class.php
View File

@ -1070,7 +1070,7 @@ class Account extends CommonObject
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_account";
$sql .= " WHERE rowid = ".$this->rowid;
$sql .= " WHERE rowid = ".((int) $this->rowid);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$result = $this->db->query($sql);
@ -2090,7 +2090,7 @@ class AccountLine extends CommonObject
$sql .= " amount = ".price2num($this->amount).",";
$sql .= " datev='".$this->db->idate($this->datev)."',";
$sql .= " dateo='".$this->db->idate($this->dateo)."'";
$sql .= " WHERE rowid = ".$this->rowid;
$sql .= " WHERE rowid = ".((int) $this->rowid);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/compta/bank/class/api_bankaccounts.class.php
View File

@ -77,7 +77,7 @@ class BankAccounts extends DolibarrApi
$sql .= ' WHERE t.entity IN ('.getEntity('bank_account').')';
// Select accounts of given category
if ($category > 0) {
$sql .= " AND c.fk_categorie = ".$this->db->escape($category)." AND c.fk_account = t.rowid ";
$sql .= " AND c.fk_categorie = ".((int) $category)." AND c.fk_account = t.rowid";
}
// Add sql filters
if ($sqlfilters) {

2
htdocs/compta/bank/line.php
View File

@ -173,7 +173,7 @@ if ($user->rights->banque->modifier && $action == "update") {
$sql .= " datev = '".$db->idate($dateval)."',";
}
}
$sql .= " fk_account = ".$actarget->id;
$sql .= " fk_account = ".((int) $actarget->id);
$sql .= " WHERE rowid = ".((int) $acline->id);
$result = $db->query($sql);

2
htdocs/compta/bank/releve.php
View File

@ -606,7 +606,7 @@ if (empty($numref)) {
$sql .= ", ".MAIN_DB_PREFIX."bank_class as cl";
$sql .= " WHERE ct.rowid = cl.fk_categ";
$sql .= " AND ct.entity = ".$conf->entity;
$sql .= " AND cl.lineid = ".$objp->rowid;
$sql .= " AND cl.lineid = ".((int) $objp->rowid);
$resc = $db->query($sql);
if ($resc) {

10
htdocs/compta/bank/various_payment/list.php
View File

@ -250,19 +250,19 @@ if ($search_amount_cred) {
$sql .= natural_search("v.amount", $search_amount_cred, 1);
}
if ($search_bank_account > 0) {
$sql .= " AND b.fk_account=".$db->escape($search_bank_account);
$sql .= " AND b.fk_account = ".((int) $search_bank_account);
}
if ($search_bank_entry > 0) {
$sql .= " AND b.fk_account=".$db->escape($search_bank_account);
$sql .= " AND b.fk_account = ".((int) $search_bank_account);
}
if ($search_accountancy_account > 0) {
$sql .= " AND v.accountancy_code=".$db->escape($search_accountancy_account);
$sql .= " AND v.accountancy_code = ".((int) $search_accountancy_account);
}
if ($search_accountancy_subledger > 0) {
$sql .= " AND v.subledger_account=".$db->escape($search_accountancy_subledger);
$sql .= " AND v.subledger_account = ".((int) $search_accountancy_subledger);
}
if ($typeid > 0) {
$sql .= " AND v.fk_typepayment=".$typeid;
$sql .= " AND v.fk_typepayment=".((int) $typeid);
}
if ($search_all) {
$sql .= natural_search(array_keys($fieldstosearchall), $search_all);

20
htdocs/compta/clients.php
View File

@ -71,7 +71,7 @@ llxHeader();
$thirdpartystatic = new Societe($db);
if ($action == 'note') {
$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET note='".$db->escape($note)."' WHERE rowid=".$socid;
$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET note='".$db->escape($note)."' WHERE rowid=".((int) $socid);
$result = $db->query($sql);
}
@ -107,29 +107,21 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if (dol_strlen($stcomm)) {
$sql .= " AND s.fk_stcomm=".$stcomm;
$sql .= " AND s.fk_stcomm=".((int) $stcomm);
}
if ($socname) {
$sql .= natural_search("s.nom", $socname);
$sortfield = "s.nom";
$sortorder = "ASC";
}
if ($_GET["search_nom"]) {
if (GETPOST("search_nom")) {
$sql .= natural_search("s.nom", GETPOST("search_nom"));
}
if ($_GET["search_compta"]) {
if (GETPOST("search_compta")) {
$sql .= natural_search("s.code_compta", GETPOST("search_compta"));
}
if ($_GET["search_code_client"]) {
if (GETPOST("search_code_client")) {
$sql .= natural_search("s.code_client", GETPOST("search_code_client"));
}
if (dol_strlen($begin)) {
$sql .= natural_search("s.nom", $begin);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY $sortfield $sortorder ";
$sql .= " ORDER BY $sortfield $sortorder";
$sql .= $db->plimit($conf->liste_limit + 1, $offset);
//print $sql;

2
htdocs/compta/facture/class/api_invoices.class.php
View File

@ -217,7 +217,7 @@ class Invoices extends DolibarrApi
}
// Insert sale filter
if ($search_sale > 0) {
$sql .= " AND sc.fk_user = ".$search_sale;
$sql .= " AND sc.fk_user = ".((int) $search_sale);
}
// Add sql filters
if ($sqlfilters) {

16
htdocs/compta/facture/class/facture-rec.class.php
View File

@ -470,9 +470,9 @@ class FactureRec extends CommonInvoice
$error = 0;
$sql = "UPDATE ".MAIN_DB_PREFIX."facture_rec SET";
$sql .= " fk_soc = ".$this->fk_soc;
$sql .= " fk_soc = ".((int) $this->fk_soc);
// TODO Add missing fields
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -1136,12 +1136,12 @@ class FactureRec extends CommonInvoice
$sql .= ", qty=".price2num($qty);
$sql .= ", tva_tx=".price2num($txtva);
$sql .= ", vat_src_code='".$this->db->escape($vat_src_code)."'";
$sql .= ", localtax1_tx=".$txlocaltax1;
$sql .= ", localtax1_tx=".((float) $txlocaltax1);
$sql .= ", localtax1_type='".$this->db->escape($localtaxes_type[0])."'";
$sql .= ", localtax2_tx=".$txlocaltax2;
$sql .= ", localtax2_tx=".((float) $txlocaltax2);
$sql .= ", localtax2_type='".$this->db->escape($localtaxes_type[2])."'";
$sql .= ", fk_product=".(!empty($fk_product) ? "'".$this->db->escape($fk_product)."'" : "null");
$sql .= ", product_type=".$product_type;
$sql .= ", product_type=".((int) $product_type);
$sql .= ", remise_percent='".price2num($remise_percent)."'";
$sql .= ", subprice='".price2num($pu_ht)."'";
$sql .= ", total_ht='".price2num($total_ht)."'";
@ -2124,11 +2124,11 @@ class FactureLigneRec extends CommonInvoiceLine
$sql .= ", total_localtax2=".price2num($this->total_localtax2);
$sql .= ", total_ttc=".price2num($this->total_ttc);
}
$sql .= ", rang=".$this->rang;
$sql .= ", special_code=".$this->special_code;
$sql .= ", rang=".((int) $this->rang);
$sql .= ", special_code=".((int) $this->special_code);
$sql .= ", fk_unit=".($this->fk_unit ? "'".$this->db->escape($this->fk_unit)."'" : "null");
$sql .= ", fk_contract_line=".($this->fk_contract_line ? $this->fk_contract_line : "null");
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$this->db->begin();

6
htdocs/compta/facture/class/facture.class.php
View File

@ -4105,7 +4105,7 @@ class Facture extends CommonInvoice
$sql .= " AND pf.fk_paiement IS NULL"; // Aucun paiement deja fait
$sql .= " AND ff.fk_statut IS NULL"; // Renvoi vrai si pas facture de remplacement
if ($socid > 0) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " ORDER BY f.ref";
@ -5594,7 +5594,7 @@ class FactureLigne extends CommonInvoiceLine
$sql .= ", buy_price_ht=".(($this->pa_ht || $this->pa_ht === 0 || $this->pa_ht === '0') ? price2num($this->pa_ht) : "null"); // $this->pa_ht should always be defined (set to 0 or to sell price depending on option)
$sql .= ", fk_parent_line=".($this->fk_parent_line > 0 ? $this->fk_parent_line : "null");
if (!empty($this->rang)) {
$sql .= ", rang=".$this->rang;
$sql .= ", rang=".((int) $this->rang);
}
$sql .= ", situation_percent=".$this->situation_percent;
$sql .= ", fk_unit=".(!$this->fk_unit ? 'NULL' : $this->fk_unit);
@ -5606,7 +5606,7 @@ class FactureLigne extends CommonInvoiceLine
$sql .= ", multicurrency_total_tva=".price2num($this->multicurrency_total_tva)."";
$sql .= ", multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc)."";
$sql .= " WHERE rowid = ".$this->rowid;
$sql .= " WHERE rowid = ".((int) $this->rowid);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
$resql = $this->db->query($sql);

12
htdocs/compta/facture/list.php
View File

@ -546,7 +546,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".$db->escape($search_product_category);
$sql .= " AND cp.fk_categorie = ".((int) $search_product_category);
}
if ($socid > 0) {
$sql .= ' AND s.rowid = '.((int) $socid);
@ -634,7 +634,7 @@ if ($search_login) {
$sql .= natural_search(array('u.login', 'u.firstname', 'u.lastname'), $search_login);
}
if ($search_categ_cus > 0) {
$sql .= " AND cc.fk_categorie = ".$db->escape($search_categ_cus);
$sql .= " AND cc.fk_categorie = ".((int) $search_categ_cus);
}
if ($search_categ_cus == -2) {
$sql .= " AND cc.fk_categorie IS NULL";
@ -659,10 +659,10 @@ if ($search_status != '-1' && $search_status != '') {
}
if ($search_paymentmode > 0) {
$sql .= " AND f.fk_mode_reglement = ".$db->escape($search_paymentmode);
$sql .= " AND f.fk_mode_reglement = ".((int) $search_paymentmode);
}
if ($search_paymentterms > 0) {
$sql .= " AND f.fk_cond_reglement = ".$db->escape($search_paymentterms);
$sql .= " AND f.fk_cond_reglement = ".((int) $search_paymentterms);
}
if ($search_module_source) {
$sql .= natural_search("f.module_source", $search_module_source);
@ -692,10 +692,10 @@ if ($option == 'late') {
$sql .= " AND f.date_lim_reglement < '".$db->idate(dol_now() - $conf->facture->client->warning_delay)."'";
}
if ($search_sale > 0) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".(int) $search_sale;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale);
}
if ($search_user > 0) {
$sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='facture' AND tc.source='internal' AND ec.element_id = f.rowid AND ec.fk_socpeople = ".$search_user;
$sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='facture' AND tc.source='internal' AND ec.element_id = f.rowid AND ec.fk_socpeople = ".((int) $search_user);
}
// Add where from extra fields
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php';

6
htdocs/compta/index.php
View File

@ -138,7 +138,7 @@ if (!empty($conf->facture->enabled) && !empty($user->rights->facture->lire)) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
// Add where from hooks
$parameters = array();
@ -283,7 +283,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND ff.fk_soc = ".$socid;
$sql .= " AND ff.fk_soc = ".((int) $socid);
}
// Add where from hooks
$parameters = array();
@ -593,7 +593,7 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND c.fk_soc = ".$socid;
$sql .= " AND c.fk_soc = ".((int) $socid);
}
$sql .= " AND c.fk_statut = ".Commande::STATUS_CLOSED;
$sql .= " AND c.facture = 0";

2
htdocs/compta/localtax/class/localtax.class.php
View File

@ -170,7 +170,7 @@ class Localtax extends CommonObject
// Update request
$sql = "UPDATE ".MAIN_DB_PREFIX."localtax SET";
$sql .= " localtaxtype=".$this->ltt.",";
$sql .= " localtaxtype=".((int) $this->ltt).",";
$sql .= " tms='".$this->db->idate($this->tms)."',";
$sql .= " datep='".$this->db->idate($this->datep)."',";
$sql .= " datev='".$this->db->idate($this->datev)."',";

4
htdocs/compta/localtax/index.php
View File

@ -584,7 +584,7 @@ $sql .= "SELECT SUM(amount) as mm, date_format(f.datev,'%Y-%m') as dm, 'claimed'
$sql .= " FROM ".MAIN_DB_PREFIX."localtax as f";
$sql .= " WHERE f.entity = ".$conf->entity;
$sql .= " AND (f.datev >= '".$db->idate($date_start)."' AND f.datev <= '".$db->idate($date_end)."')";
$sql .= " AND localtaxtype=".$localTaxType;
$sql .= " AND localtaxtype=".((int) $localTaxType);
$sql .= " GROUP BY dm";
$sql .= " UNION ";
@ -593,7 +593,7 @@ $sql .= "SELECT SUM(amount) as mm, date_format(f.datep,'%Y-%m') as dm, 'paid' as
$sql .= " FROM ".MAIN_DB_PREFIX."localtax as f";
$sql .= " WHERE f.entity = ".$conf->entity;
$sql .= " AND (f.datep >= '".$db->idate($date_start)."' AND f.datep <= '".$db->idate($date_end)."')";
$sql .= " AND localtaxtype=".$localTaxType;
$sql .= " AND localtaxtype=".((int) $localTaxType);
$sql .= " GROUP BY dm";
$sql .= " ORDER BY dm ASC, mode ASC";

2
htdocs/compta/paiement/cheque/card.php
View File

@ -606,7 +606,7 @@ if ($action == 'new') {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement as p ON p.fk_bank = b.rowid";
$sql .= " WHERE ba.entity IN (".getEntity('bank_account').")";
$sql .= " AND b.fk_type= 'CHQ'";
$sql .= " AND b.fk_bordereau = ".$object->id;
$sql .= " AND b.fk_bordereau = ".((int) $object->id);
$sql .= $db->order($sortfield, $sortorder);
$resql = $db->query($sql);

2
htdocs/compta/paiement/cheque/list.php
View File

@ -104,7 +104,7 @@ if ($search_ref) {
$sql .= natural_search("bc.ref", $search_ref);
}
if ($search_account > 0) {
$sql .= " AND bc.fk_bank_account=".$search_account;
$sql .= " AND bc.fk_bank_account = ".((int) $search_account);
}
if ($search_amount) {
$sql .= natural_search("bc.amount", price2num($search_amount));

2
htdocs/compta/paiement/tovalidate.php
View File

@ -78,7 +78,7 @@ if ($socid) {
}
$sql .= " WHERE p.entity IN (".getEntity('invoice').')';
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " AND p.statut = 0";

2
htdocs/compta/prelevement/class/bonprelevement.class.php
View File

@ -203,7 +203,7 @@ class BonPrelevement extends CommonObject
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes";
$sql .= " WHERE fk_prelevement_bons = ".$this->id;
$sql .= " AND fk_soc =".$client_id;
$sql .= " AND fk_soc =".((int) $client_id);
$sql .= " AND code_banque = '".$this->db->escape($code_banque)."'";
$sql .= " AND code_guichet = '".$this->db->escape($code_guichet)."'";
$sql .= " AND number = '".$this->db->escape($number)."'";

6
htdocs/compta/prelevement/class/rejetprelevement.class.php
View File

@ -329,7 +329,7 @@ class RejetPrelevement
$sql = "SELECT pr.date_rejet as dr, motif, afacturer";
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_rejet as pr";
$sql .= " WHERE pr.fk_prelevement_lignes =".$rowid;
$sql .= " WHERE pr.fk_prelevement_lignes =".((int) $rowid);
$resql = $this->db->query($sql);
if ($resql) {
@ -345,11 +345,11 @@ class RejetPrelevement
return 0;
} else {
dol_syslog("RejetPrelevement::Fetch Erreur rowid=$rowid numrows=0");
dol_syslog("RejetPrelevement::Fetch Erreur rowid=".$rowid." numrows=0");
return -1;
}
} else {
dol_syslog("RejetPrelevement::Fetch Erreur rowid=$rowid");
dol_syslog("RejetPrelevement::Fetch Erreur rowid=".$rowid);
return -2;
}
}

6
htdocs/compta/prelevement/fiche-rejet.php
View File

@ -170,15 +170,15 @@ $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons as p";
$sql .= " , ".MAIN_DB_PREFIX."prelevement_lignes as pl";
$sql .= " , ".MAIN_DB_PREFIX."societe as s";
$sql .= " , ".MAIN_DB_PREFIX."prelevement_rejet as pr";
$sql .= " WHERE p.rowid=".$object->id;
$sql .= " WHERE p.rowid=".((int) $object->id);
$sql .= " AND pl.fk_prelevement_bons = p.rowid";
$sql .= " AND p.entity = ".$conf->entity;
$sql .= " AND pl.fk_soc = s.rowid";
$sql .= " AND pl.statut = 3 ";
$sql .= " AND pr.fk_prelevement_lignes = pl.rowid";
if ($socid) {
/*if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
}
}*/
$sql .= " ORDER BY pl.amount DESC";
// Count total nb of records

2
htdocs/compta/recap-compta.php
View File

@ -189,7 +189,7 @@ if ($id > 0) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON p.fk_user_creat = u.rowid";
$sql .= " WHERE pf.fk_paiement = p.rowid";
$sql .= " AND p.entity = ".$conf->entity;
$sql .= " AND pf.fk_facture = ".$fac->id;
$sql .= " AND pf.fk_facture = ".((int) $fac->id);
$sql .= " ORDER BY p.datep ASC, p.rowid ASC";
$resqlp = $db->query($sql);

2
htdocs/compta/resultat/clientfourn.php
View File

@ -403,7 +403,7 @@ if ($modecompta == 'BOOKKEEPING') {
}
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " GROUP BY name, socid";
$sql .= $db->order($sortfield, $sortorder);

6
htdocs/compta/sociales/list.php
View File

@ -218,7 +218,7 @@ if ($search_amount) {
$sql .= natural_search("cs.amount", $search_amount, 1);
}
if ($search_status != '' && $search_status >= 0) {
$sql .= " AND cs.paye = ".$db->escape($search_status);
$sql .= " AND cs.paye = ".((int) $search_status);
}
$sql .= dolSqlDateFilter("cs.periode", $search_day_lim, $search_month_lim, $search_year_lim);
//$sql.= dolSqlDateFilter("cs.periode", 0, 0, $year);
@ -230,8 +230,8 @@ if ($year > 0) {
$sql .= "OR (cs.periode IS NULL AND date_format(cs.date_ech, '%Y') = '".$db->escape($year)."')";
$sql .= ")";
}
if ($search_typeid) {
$sql .= " AND cs.fk_type=".$db->escape($search_typeid);
if ($search_typeid > 0) {
$sql .= " AND cs.fk_type = ".((int) $search_typeid);
}
$sql .= " GROUP BY cs.rowid, cs.fk_type, cs.fk_user, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle, cs.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos, pay.code, u.lastname";
if (!empty($conf->projet->enabled)) {

2
htdocs/compta/stats/cabyuser.php
View File

@ -262,7 +262,7 @@ if ($modecompta == 'CREANCES-DETTES') {
}
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " GROUP BY u.rowid, u.lastname, u.firstname";
$sql .= " ORDER BY u.rowid";

2
htdocs/compta/stats/index.php
View File

@ -681,7 +681,7 @@ print '</div>';
AND p.facture =0";
if ($socid)
{
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " GROUP BY p.rowid";

4
htdocs/compta/stats/supplier_turnover.php
View File

@ -197,7 +197,7 @@ if ($modecompta == 'CREANCES-DETTES') {
$sql .= " AND f.type IN (0,2)";
$sql .= " AND f.entity IN (".getEntity('supplier_invoice').")";
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
} elseif ($modecompta == "RECETTES-DEPENSES") {
$sql = "SELECT date_format(p.datep,'%Y-%m') as dm, sum(pf.amount) as amount_ttc";
@ -208,7 +208,7 @@ if ($modecompta == 'CREANCES-DETTES') {
$sql .= " AND pf.fk_facturefourn = f.rowid";
$sql .= " AND f.entity IN (".getEntity('supplier_invoice').")";
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
} elseif ($modecompta == "BOOKKEEPING") {
$pcgverid = $conf->global->CHARTOFACCOUNTS;

2
htdocs/compta/stats/supplier_turnover_by_thirdparty.php
View File

@ -301,7 +301,7 @@ if ($search_country > 0) {
}
$sql .= " AND f.entity IN (".getEntity('supplier_invoice').")";
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " GROUP BY s.rowid, s.nom, s.zip, s.town, s.fk_pays";
$sql .= " ORDER BY s.rowid";

2
htdocs/compta/tva/class/tva.class.php
View File

@ -207,7 +207,7 @@ class Tva extends CommonObject
$sql .= " amount=".price2num($this->amount).",";
$sql .= " label='".$this->db->escape($this->label)."',";
$sql .= " note='".$this->db->escape($this->note)."',";
$sql .= " fk_user_creat=".$this->fk_user_creat.",";
$sql .= " fk_user_creat=".((int) $this->fk_user_creat).",";
$sql .= " fk_user_modif=".($this->fk_user_modif > 0 ? $this->fk_user_modif : $user->id)."";
$sql .= " WHERE rowid=".((int) $this->id);

6
htdocs/compta/tva/list.php
View File

@ -171,16 +171,16 @@ if (!empty($search_datepayment_end)) {
$sql .= ' AND t.datep <= "'.$db->idate($search_datepayment_end).'"';
}
if (!empty($search_type) && $search_type > 0) {
$sql .= ' AND t.fk_typepayment='.$search_type;
$sql .= ' AND t.fk_typepayment = '.((int) $search_type);
}
if (!empty($search_account) && $search_account > 0) {
$sql .= ' AND t.fk_account='.$search_account;
$sql .= ' AND t.fk_account = '.((int) $search_account);
}
if (!empty($search_amount)) {
$sql .= natural_search('t.amount', price2num(trim($search_amount)), 1);
}
if ($search_status != '' && $search_status >= 0) {
$sql .= " AND t.paye = ".$db->escape($search_status);
$sql .= " AND t.paye = ".((int) $search_status);
}
$sql .= " GROUP BY t.rowid, t.amount, t.label, t.datev, t.datep, t.paye, t.fk_typepayment, t.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos, t.num_payment, pst.code";

16
htdocs/contact/class/contact.class.php
View File

@ -591,11 +591,11 @@ class Contact extends CommonObject
if (isset($this->stcomm_id)) {
$sql .= ", fk_stcommcontact = ".($this->stcomm_id > 0 || $this->stcomm_id == -1 ? $this->stcomm_id : "0");
}
$sql .= ", statut = ".$this->db->escape($this->statut);
$sql .= ", statut = ".((int) $this->statut);
$sql .= ", fk_user_modif=".($user->id > 0 ? "'".$this->db->escape($user->id)."'" : "NULL");
$sql .= ", default_lang=".($this->default_lang ? "'".$this->db->escape($this->default_lang)."'" : "NULL");
$sql .= ", entity = ".$this->db->escape($this->entity);
$sql .= " WHERE rowid=".$this->db->escape($id);
$sql .= ", entity = ".((int) $this->entity);
$sql .= " WHERE rowid=".((int) $id);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
$result = $this->db->query($sql);
@ -1221,7 +1221,7 @@ class Contact extends CommonObject
$obj = $this->db->fetch_object($resql);
$sqldel = "DELETE FROM ".MAIN_DB_PREFIX."element_contact";
$sqldel .= " WHERE rowid = ".$obj->rowid;
$sqldel .= " WHERE rowid = ".((int) $obj->rowid);
dol_syslog(__METHOD__, LOG_DEBUG);
$result = $this->db->query($sqldel);
if (!$result) {
@ -1324,7 +1324,7 @@ class Contact extends CommonObject
$sql = "SELECT c.rowid, c.datec as datec, c.fk_user_creat,";
$sql .= " c.tms as tms, c.fk_user_modif";
$sql .= " FROM ".MAIN_DB_PREFIX."socpeople as c";
$sql .= " WHERE c.rowid = ".$this->db->escape($id);
$sql .= " WHERE c.rowid = ".((int) $id);
$resql = $this->db->query($sql);
if ($resql) {
@ -1770,10 +1770,10 @@ class Contact extends CommonObject
$sql = "SELECT sc.fk_socpeople as id, sc.fk_c_type_contact";
$sql .= " FROM ".MAIN_DB_PREFIX."c_type_contact tc";
$sql .= ", ".MAIN_DB_PREFIX."societe_contacts sc";
$sql .= " WHERE sc.fk_soc =".$this->socid;
$sql .= " WHERE sc.fk_soc =".((int) $this->socid);
$sql .= " AND sc.fk_c_type_contact=tc.rowid";
$sql .= " AND tc.element='".$this->db->escape($element)."'";
$sql .= " AND tc.active=1";
$sql .= " AND tc.element = '".$this->db->escape($element)."'";
$sql .= " AND tc.active = 1";
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);

12
htdocs/contact/list.php
View File

@ -392,7 +392,7 @@ if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND (sc.fk_user = ".$user->id." OR p.fk_soc IS NULL)";
}
if (!empty($userid)) { // propre au commercial
$sql .= " AND p.fk_user_creat=".$db->escape($userid);
$sql .= " AND p.fk_user_creat=".((int) $userid);
}
if ($search_level) {
$sql .= natural_search("p.fk_prospectcontactlevel", join(',', $search_level), 3);
@ -414,19 +414,19 @@ if ($search_priv != '0' && $search_priv != '1') {
}
if ($search_categ > 0) {
$sql .= " AND cc.fk_categorie = ".$db->escape($search_categ);
$sql .= " AND cc.fk_categorie = ".((int) $search_categ);
}
if ($search_categ == -2) {
$sql .= " AND cc.fk_categorie IS NULL";
}
if ($search_categ_thirdparty > 0) {
$sql .= " AND cs.fk_categorie = ".$db->escape($search_categ_thirdparty);
$sql .= " AND cs.fk_categorie = ".((int) $search_categ_thirdparty);
}
if ($search_categ_thirdparty == -2) {
$sql .= " AND cs.fk_categorie IS NULL";
}
if ($search_categ_supplier > 0) {
$sql .= " AND cs2.fk_categorie = ".$db->escape($search_categ_supplier);
$sql .= " AND cs2.fk_categorie = ".((int) $search_categ_supplier);
}
if ($search_categ_supplier == -2) {
$sql .= " AND cs2.fk_categorie IS NULL";
@ -495,10 +495,10 @@ if (count($search_roles) > 0) {
$sql .= " AND p.rowid IN (SELECT sc.fk_socpeople FROM ".MAIN_DB_PREFIX."societe_contacts as sc WHERE sc.fk_c_type_contact IN (".$db->sanitize(implode(',', $search_roles))."))";
}
if ($search_no_email != '' && $search_no_email >= 0) {
$sql .= " AND p.no_email = ".$db->escape($search_no_email);
$sql .= " AND p.no_email = ".((int) $search_no_email);
}
if ($search_status != '' && $search_status >= 0) {
$sql .= " AND p.statut = ".$db->escape($search_status);
$sql .= " AND p.statut = ".((int) $search_status);
}
if ($search_import_key) {
$sql .= natural_search("p.import_key", $search_import_key);

8
htdocs/contrat/class/contrat.class.php
View File

@ -3066,9 +3066,9 @@ class ContratLigne extends CommonObjectLine
// Update request
$sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET";
$sql .= " fk_contrat=".$this->fk_contrat.",";
$sql .= " fk_contrat=".((int) $this->fk_contrat).",";
$sql .= " fk_product=".($this->fk_product ? "'".$this->db->escape($this->fk_product)."'" : 'null').",";
$sql .= " statut=".$this->statut.",";
$sql .= " statut=".((int) $this->statut).",";
$sql .= " label='".$this->db->escape($this->label)."',";
$sql .= " description='".$this->db->escape($this->description)."',";
$sql .= " date_commande=".($this->date_commande != '' ? "'".$this->db->idate($this->date_commande)."'" : "null").",";
@ -3373,11 +3373,11 @@ class ContratLigne extends CommonObjectLine
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET statut = ".ContratLigne::STATUS_CLOSED.",";
$sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET statut = ".((int) ContratLigne::STATUS_CLOSED).",";
$sql .= " date_cloture = '".$this->db->idate($date_end)."',";
$sql .= " fk_user_cloture = ".$user->id.",";
$sql .= " commentaire = '".$this->db->escape($comment)."'";
$sql .= " WHERE rowid = ".$this->id." AND statut = ".ContratLigne::STATUS_OPEN;
$sql .= " WHERE rowid = ".$this->id." AND statut = ".((int) ContratLigne::STATUS_OPEN);
$resql = $this->db->query($sql);
if ($resql) {

2
htdocs/contrat/index.php
View File

@ -250,7 +250,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND c.fk_soc = ".$socid;
$sql .= " AND c.fk_soc = ".((int) $socid);
}
$resql = $db->query($sql);

8
htdocs/contrat/list.php
View File

@ -265,10 +265,10 @@ if ($search_type_thirdparty != '' && $search_type_thirdparty > 0) {
$sql .= " AND s.fk_typent IN (".$db->sanitize($db->escape($search_type_thirdparty)).')';
}
if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".$search_product_category;
$sql .= " AND cp.fk_categorie = ".((int) $search_product_category);
}
if ($socid) {
$sql .= " AND s.rowid = ".$db->escape($socid);
$sql .= " AND s.rowid = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
@ -296,13 +296,13 @@ if ($search_town) {
$sql .= natural_search(array('s.town'), $search_town);
}
if ($search_sale > 0) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$search_sale;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale);
}
if ($sall) {
$sql .= natural_search(array_keys($fieldstosearchall), $sall);
}
if ($search_user > 0) {
$sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='contrat' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".$search_user;
$sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='contrat' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".((int) $search_user);
}
// Add where from extra fields
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php';

2
htdocs/contrat/services_list.php
View File

@ -257,7 +257,7 @@ if ($search_product_category > 0) {
$sql .= " WHERE c.entity = ".$conf->entity;
$sql .= " AND c.rowid = cd.fk_contrat";
if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".$search_product_category;
$sql .= " AND cp.fk_categorie = ".((int) $search_product_category);
}
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {

26
htdocs/core/class/commonobject.class.php
View File

@ -531,7 +531,7 @@ abstract class CommonObject
$sql .= " WHERE entity IN (".getEntity($element).")";
if ($id > 0) {
$sql .= " AND rowid = ".$db->escape($id);
$sql .= " AND rowid = ".((int) $id);
} elseif ($ref) {
$sql .= " AND ref = '".$db->escape($ref)."'";
} elseif ($ref_ext) {
@ -542,7 +542,7 @@ abstract class CommonObject
return -1;
}
if ($ref || $ref_ext) {
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND entity = ".((int) $conf->entity);
}
dol_syslog(get_class()."::isExistingObject", LOG_DEBUG);
@ -1278,7 +1278,7 @@ abstract class CommonObject
}
$sql .= " AND tc.active=1";
if ($status >= 0) {
$sql .= " AND ec.statut = ".$status;
$sql .= " AND ec.statut = ".((int) $status);
}
$sql .= " ORDER BY t.lastname ASC";
@ -1926,7 +1926,7 @@ abstract class CommonObject
if ($format == 'text') {
$sql .= $field." = '".$this->db->escape($value)."'";
} elseif ($format == 'int') {
$sql .= $field." = ".$this->db->escape($value);
$sql .= $field." = ".((int) $value);
} elseif ($format == 'date') {
$sql .= $field." = ".($value ? "'".$this->db->idate($value)."'" : "null");
}
@ -3709,19 +3709,19 @@ abstract class CommonObject
$sql .= " WHERE ";
if ($justsource || $justtarget) {
if ($justsource) {
$sql .= "fk_source = ".$sourceid." AND sourcetype = '".$this->db->escape($sourcetype)."'";
$sql .= "fk_source = ".((int) $sourceid)." AND sourcetype = '".$this->db->escape($sourcetype)."'";
if ($withtargettype) {
$sql .= " AND targettype = '".$this->db->escape($targettype)."'";
}
} elseif ($justtarget) {
$sql .= "fk_target = ".$targetid." AND targettype = '".$this->db->escape($targettype)."'";
$sql .= "fk_target = ".((int) $targetid)." AND targettype = '".$this->db->escape($targettype)."'";
if ($withsourcetype) {
$sql .= " AND sourcetype = '".$this->db->escape($sourcetype)."'";
}
}
} else {
$sql .= "(fk_source = ".$sourceid." AND sourcetype = '".$this->db->escape($sourcetype)."')";
$sql .= " ".$clause." (fk_target = ".$targetid." AND targettype = '".$this->db->escape($targettype)."')";
$sql .= "(fk_source = ".((int) $sourceid)." AND sourcetype = '".$this->db->escape($sourcetype)."')";
$sql .= " ".$clause." (fk_target = ".((int) $targetid)." AND targettype = '".$this->db->escape($targettype)."')";
}
$sql .= ' ORDER BY '.$orderby;
@ -4106,12 +4106,12 @@ abstract class CommonObject
}
$sql = "UPDATE ".MAIN_DB_PREFIX.$elementTable;
$sql .= " SET ".$fieldstatus." = ".$status;
$sql .= " SET ".$fieldstatus." = ".((int) $status);
// If status = 1 = validated, update also fk_user_valid
if ($status == 1 && $elementTable == 'expensereport') {
$sql .= ", fk_user_valid = ".$user->id;
}
$sql .= " WHERE rowid=".$elementId;
$sql .= " WHERE rowid=".((int) $elementId);
dol_syslog(get_class($this)."::setStatut", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -7122,11 +7122,11 @@ abstract class CommonObject
$sql .= ' as main';
}
if ($selectkey == 'rowid' && empty($value)) {
$sql .= " WHERE ".$selectkey."=0";
$sql .= " WHERE ".$selectkey." = 0";
} elseif ($selectkey == 'rowid') {
$sql .= " WHERE ".$selectkey."=".$this->db->escape($value);
$sql .= " WHERE ".$selectkey." = ".((int) $value);
} else {
$sql .= " WHERE ".$selectkey."='".$this->db->escape($value)."'";
$sql .= " WHERE ".$selectkey." = '".$this->db->escape($value)."'";
}
//$sql.= ' AND entity = '.$conf->entity;

2
htdocs/core/class/discount.class.php
View File

@ -292,7 +292,7 @@ class DiscountAbsolute
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except";
$sql .= " WHERE (fk_facture_line IS NOT NULL"; // Not used as absolute simple discount
$sql .= " OR fk_facture IS NOT NULL)"; // Not used as credit note and not used as deposit
$sql .= " AND fk_facture_source = ".$this->fk_facture_source;
$sql .= " AND fk_facture_source = ".((int) $this->fk_facture_source);
//$sql.=" AND rowid != ".$this->id;
dol_syslog(get_class($this)."::delete Check if we can remove discount", LOG_DEBUG);

6
htdocs/core/class/extrafields.class.php
View File

@ -1722,11 +1722,11 @@ class ExtraFields
$sql .= ' as main';
}
if ($selectkey == 'rowid' && empty($value)) {
$sql .= " WHERE ".$selectkey."=0";
$sql .= " WHERE ".$selectkey." = 0";
} elseif ($selectkey == 'rowid') {
$sql .= " WHERE ".$selectkey."=".$this->db->escape($value);
$sql .= " WHERE ".$selectkey." = ".((int) $value);
} else {
$sql .= " WHERE ".$selectkey."='".$this->db->escape($value)."'";
$sql .= " WHERE ".$selectkey." = '".$this->db->escape($value)."'";
}
//$sql.= ' AND entity = '.$conf->entity;

12
htdocs/core/class/html.form.class.php
View File

@ -2497,18 +2497,18 @@ class Form
}
if ($finished == 0) {
$sql .= " AND p.finished = ".$finished;
$sql .= " AND p.finished = ".((int) $finished);
} elseif ($finished == 1) {
$sql .= " AND p.finished = ".$finished;
$sql .= " AND p.finished = ".((int) $finished);
if ($status >= 0) {
$sql .= " AND p.tosell = ".$status;
$sql .= " AND p.tosell = ".((int) $status);
}
} elseif ($status >= 0) {
$sql .= " AND p.tosell = ".$status;
$sql .= " AND p.tosell = ".((int) $status);
}
// Filter by product type
if (strval($filtertype) != '') {
$sql .= " AND p.fk_product_type = ".$filtertype;
$sql .= " AND p.fk_product_type = ".((int) $filtertype);
} elseif (empty($conf->product->enabled)) { // when product module is disabled, show services only
$sql .= " AND p.fk_product_type = 1";
} elseif (empty($conf->service->enabled)) { // when service module is disabled, show products only
@ -3828,7 +3828,6 @@ class Form
$sql = "SELECT id, code, libelle as label, type, active";
$sql .= " FROM ".MAIN_DB_PREFIX."c_paiement";
$sql .= " WHERE entity IN (".getEntity('c_paiement').")";
//if ($active >= 0) $sql.= " AND active = ".$active;
$resql = $this->db->query($sql);
if ($resql) {
@ -4061,7 +4060,6 @@ class Form
$sql = "SELECT rowid, code, label, active";
$sql .= " FROM ".MAIN_DB_PREFIX."c_transport_mode";
$sql .= " WHERE entity IN (".getEntity('c_transport_mode').")";
//if ($active >= 0) $sql.= " AND active = ".$active;
$resql = $this->db->query($sql);
if ($resql) {

2
htdocs/core/class/html.formaccounting.class.php
View File

@ -242,7 +242,7 @@ class FormAccounting extends Form
$sql .= " WHERE c.active = 1";
$sql .= " AND c.category_type = 0";
if (empty($allcountries)) {
$sql .= " AND c.fk_country = ".$mysoc->country_id;
$sql .= " AND c.fk_country = ".((int) $mysoc->country_id);
}
$sql .= " ORDER BY c.label ASC";
} else {

4
htdocs/core/class/html.formintervention.class.php
View File

@ -77,14 +77,14 @@ class FormIntervention
if ($socid == '0') {
$sql .= " AND (f.fk_soc = 0 OR f.fk_soc IS NULL)";
} else {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
}
dol_syslog(get_class($this)."::select_intervention", LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {
$out .= '<select id="interventionid" class="flat" name="'.$htmlname.'">';
$out .= '<select id="interventionid" class="flat" name="'.dol_escape_htmltag($htmlname).'">';
if ($showempty) {
$out .= '<option value="0">&nbsp;</option>';
}

6
htdocs/core/class/html.formmail.class.php
View File

@ -1275,10 +1275,10 @@ class FormMail extends Form
$sql .= " AND entity IN (".getEntity('c_email_templates').")";
$sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // Get all public or private owned
if ($active >= 0) {
$sql .= " AND active = ".$active;
$sql .= " AND active = ".((int) $active);
}
if ($label) {
$sql .= " AND label ='".$db->escape($label)."'";
$sql .= " AND label = '".$db->escape($label)."'";
}
if (!($id > 0) && $languagetosearch) {
$sql .= " AND (lang = '".$db->escape($languagetosearch)."'".($languagetosearchmain ? " OR lang = '".$db->escape($languagetosearchmain)."'" : "")." OR lang IS NULL OR lang = '')";
@ -1434,7 +1434,7 @@ class FormMail extends Form
$sql .= " AND entity IN (".getEntity('c_email_templates').")";
$sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // See all public templates or templates I own.
if ($active >= 0) {
$sql .= " AND active = ".$active;
$sql .= " AND active = ".((int) $active);
}
//if (is_object($outputlangs)) $sql.= " AND (lang = '".$this->db->escape($outputlangs->defaultlang)."' OR lang IS NULL OR lang = '')"; // Return all languages
$sql .= $this->db->order("position,lang,label", "ASC");

2
htdocs/core/class/html.formsocialcontrib.class.php
View File

@ -76,7 +76,7 @@ class FormSocialContrib
$sql = "SELECT c.id, c.libelle as type";
$sql .= " FROM ".MAIN_DB_PREFIX."c_chargesociales as c";
$sql .= " WHERE c.active = 1";
$sql .= " AND c.fk_pays = ".$mysoc->country_id;
$sql .= " AND c.fk_pays = ".((int) $mysoc->country_id);
$sql .= " ORDER BY c.libelle ASC";
} else {
$sql = "SELECT c.id, c.libelle as type";

8
htdocs/core/class/infobox.class.php
View File

@ -105,7 +105,7 @@ class InfoBox
$sql .= " WHERE b.box_id = d.rowid";
$sql .= " AND b.entity IN (0,".$conf->entity.")";
if ($zone >= 0) {
$sql .= " AND b.position = ".$zone;
$sql .= " AND b.position = ".((int) $zone);
}
if (is_object($user)) {
$sql .= " AND b.fk_user IN (0,".$user->id.")";
@ -116,7 +116,7 @@ class InfoBox
} else { // available
$sql = "SELECT d.rowid as box_id, d.file, d.note, d.tms";
$sql .= " FROM ".MAIN_DB_PREFIX."boxes_def as d";
$sql .= " WHERE d.entity IN (0,".$conf->entity.")";
$sql .= " WHERE d.entity IN (0, ".$conf->entity.")";
}
dol_syslog(get_class()."::listBoxes get default box list for mode=".$mode." userid=".(is_object($user) ? $user->id : '')."", LOG_DEBUG);
@ -254,8 +254,8 @@ class InfoBox
// Delete all lines
$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes";
$sql .= " WHERE entity = ".$conf->entity;
$sql .= " AND fk_user = ".$userid;
$sql .= " AND position = ".$zone;
$sql .= " AND fk_user = ".((int) $userid);
$sql .= " AND position = ".((int) $zone);
dol_syslog(get_class()."::saveboxorder", LOG_DEBUG);
$result = $db->query($sql);

4
htdocs/core/class/menubase.class.php
View File

@ -352,10 +352,10 @@ class Menubase
$sql .= " type='".$this->db->escape($this->type)."',";
$sql .= " mainmenu='".$this->db->escape($this->mainmenu)."',";
$sql .= " leftmenu='".$this->db->escape($this->leftmenu)."',";
$sql .= " fk_menu=".$this->fk_menu.",";
$sql .= " fk_menu=".((int) $this->fk_menu).",";
$sql .= " fk_mainmenu=".($this->fk_mainmenu ? "'".$this->db->escape($this->fk_mainmenu)."'" : "null").",";
$sql .= " fk_leftmenu=".($this->fk_leftmenu ? "'".$this->db->escape($this->fk_leftmenu)."'" : "null").",";
$sql .= " position=".($this->position > 0 ? $this->position : 0).",";
$sql .= " position=".($this->position > 0 ? ((int) $this->position) : 0).",";
$sql .= " url='".$this->db->escape($this->url)."',";
$sql .= " target='".$this->db->escape($this->target)."',";
$sql .= " titre='".$this->db->escape($this->title)."',";

10
htdocs/core/class/notify.class.php
View File

@ -176,7 +176,7 @@ class Notify
$sqlnotifcode = '';
if ($notifcode) {
if (is_numeric($notifcode)) {
$sqlnotifcode = " AND n.fk_action = ".$notifcode; // Old usage
$sqlnotifcode = " AND n.fk_action = ".((int) $notifcode); // Old usage
} else {
$sqlnotifcode = " AND a.code = '".$this->db->escape($notifcode)."'"; // New usage
}
@ -195,7 +195,7 @@ class Notify
$sql .= $sqlnotifcode;
$sql .= " AND s.entity IN (".getEntity('societe').")";
if ($socid > 0) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
dol_syslog(__METHOD__." ".$notifcode.", ".$socid."", LOG_DEBUG);
@ -233,7 +233,7 @@ class Notify
$sql .= $sqlnotifcode;
$sql .= " AND c.entity IN (".getEntity('user').")";
if ($userid > 0) {
$sql .= " AND c.rowid = ".$userid;
$sql .= " AND c.rowid = ".((int) $userid);
}
dol_syslog(__METHOD__." ".$notifcode.", ".$socid."", LOG_DEBUG);
@ -380,11 +380,11 @@ class Notify
$sql .= " AND n.fk_soc = s.rowid";
$sql .= " AND c.statut = 1";
if (is_numeric($notifcode)) {
$sql .= " AND n.fk_action = ".$notifcode; // Old usage
$sql .= " AND n.fk_action = ".((int) $notifcode); // Old usage
} else {
$sql .= " AND a.code = '".$this->db->escape($notifcode)."'"; // New usage
}
$sql .= " AND s.rowid = ".$object->socid;
$sql .= " AND s.rowid = ".((int) $object->socid);
$sql .= "\nUNION\n";
}

4
htdocs/core/lib/agenda.lib.php
View File

@ -168,7 +168,7 @@ function show_array_actions_to_do($max = 5)
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY a.datep DESC, a.id DESC";
$sql .= $db->plimit($max, 0);
@ -284,7 +284,7 @@ function show_array_last_actions_done($max = 5)
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY a.datep2 DESC";
$sql .= $db->plimit($max, 0);

8
htdocs/core/lib/company.lib.php
View File

@ -227,7 +227,7 @@ function societe_prepare_head(Societe $object)
if (empty($conf->stripe->enabled)) {
$sql .= " AND n.stripe_card_ref IS NULL";
} else {
$sql .= " AND (n.stripe_card_ref IS NULL OR (n.stripe_card_ref IS NOT NULL AND n.status = ".$servicestatus."))";
$sql .= " AND (n.stripe_card_ref IS NULL OR (n.stripe_card_ref IS NOT NULL AND n.status = ".((int) $servicestatus)."))";
}
$resql = $db->query($sql);
@ -1448,7 +1448,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin
if (is_object($objcon) && $objcon->id > 0) {
$force_filter_contact = true;
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm_resources as r ON a.id = r.fk_actioncomm";
$sql .= " AND r.element_type = '".$db->escape($objcon->table_element)."' AND r.fk_element = ".$objcon->id;
$sql .= " AND r.element_type = '".$db->escape($objcon->table_element)."' AND r.fk_element = ".((int) $objcon->id);
}
if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur'))) {
@ -1457,7 +1457,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."element_resources as er";
$sql .= " ON er.resource_type = 'dolresource'";
$sql .= " AND er.element_id = a.id";
$sql .= " AND er.resource_id = ".$filterobj->id;
$sql .= " AND er.resource_id = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Project') {
/* Nothing */
} elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') {
@ -1940,7 +1940,7 @@ function show_subsidiaries($conf, $langs, $db, $object)
$sql = "SELECT s.rowid, s.client, s.fournisseur, s.nom as name, s.name_alias, s.email, s.address, s.zip, s.town, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur, s.canvas";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= " WHERE s.parent = ".$object->id;
$sql .= " WHERE s.parent = ".((int) $object->id);
$sql .= " AND s.entity IN (".getEntity('societe').")";
$sql .= " ORDER BY s.nom";

2
htdocs/core/lib/fourn.lib.php
View File

@ -59,7 +59,7 @@ function facturefourn_prepare_head($object)
$nbStandingOrders = 0;
$sql = "SELECT COUNT(pfd.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd";
$sql .= " WHERE pfd.fk_facture_fourn = ".$object->id;
$sql .= " WHERE pfd.fk_facture_fourn = ".((int) $object->id);
$sql .= " AND pfd.ext_payment_id IS NULL";
$resql = $db->query($sql);
if ($resql) {

8
htdocs/core/lib/invoice.lib.php
View File

@ -734,7 +734,7 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0)
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
// Add where from hooks
$parameters = array();
@ -950,7 +950,7 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0)
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('facture_fourn').")";
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
@ -1062,7 +1062,7 @@ function getCustomerInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0)
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
// Add where from hooks
$parameters = array();
@ -1250,7 +1250,7 @@ function getPurchaseInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0)
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND ff.fk_soc = ".$socid;
$sql .= " AND ff.fk_soc = ".((int) $socid);
}
// Add where from hooks
$parameters = array();

2
htdocs/core/lib/sendings.lib.php
View File

@ -246,7 +246,7 @@ function show_list_sending_receive($origin, $origin_id, $filter = '')
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON obj.fk_product = p.rowid";
//TODO Add link to expeditiondet_batch
$sql .= " WHERE e.entity IN (".getEntity('expedition').")";
$sql .= " AND obj.fk_".$origin." = ".$origin_id;
$sql .= " AND obj.fk_".$origin." = ".((int) $origin_id);
$sql .= " AND obj.rowid = ed.fk_origin_line";
$sql .= " AND ed.fk_expedition = e.rowid";
if ($filter) {

2
htdocs/core/lib/ticket.lib.php
View File

@ -336,7 +336,7 @@ function show_ticket_messaging($conf, $langs, $db, $filterobj, $objcon = '', $no
if (is_object($objcon) && $objcon->id > 0) {
$force_filter_contact = true;
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm_resources as r ON a.id = r.fk_actioncomm";
$sql .= " AND r.element_type = '".$db->escape($objcon->table_element)."' AND r.fk_element = ".$objcon->id;
$sql .= " AND r.element_type = '".$db->escape($objcon->table_element)."' AND r.fk_element = ".((int) $objcon->id);
}
if (is_object($filterobj) && get_class($filterobj) == 'Societe') {

2
htdocs/core/lib/usergroups.lib.php
View File

@ -110,7 +110,7 @@ function user_prepare_head($object)
$nbNote = 0;
$sql = "SELECT COUNT(n.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."notify_def as n";
$sql .= " WHERE fk_user = ".$object->id;
$sql .= " WHERE fk_user = ".((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);

6
htdocs/core/modules/DolibarrModules.class.php
View File

@ -1371,7 +1371,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
if ($command) {
$sql .= " AND command = '".$this->db->escape($command)."'";
}
$sql .= " AND entity = ".$entity; // Must be exact entity
$sql .= " AND entity = ".((int) $entity); // Must be exact entity
$now = dol_now();
@ -1612,7 +1612,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
$sql = "SELECT count(*)";
$sql .= " FROM ".MAIN_DB_PREFIX."const";
$sql .= " WHERE ".$this->db->decrypt('name')." = '".$this->db->escape($name)."'";
$sql .= " AND entity = ".$entity;
$sql .= " AND entity = ".((int) $entity);
$result = $this->db->query($sql);
if ($result) {
@ -2197,7 +2197,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
$sql = "DELETE FROM ".MAIN_DB_PREFIX."const";
$sql .= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->db->escape($this->const_name)."_".strtoupper($key)."'";
$sql .= " AND entity = ".$entity;
$sql .= " AND entity = ".((int) $entity);
dol_syslog(get_class($this)."::delete_const_".$key."", LOG_DEBUG);
if (!$this->db->query($sql)) {

2
htdocs/core/modules/mailings/pomme.modules.php
View File

@ -171,7 +171,7 @@ class mailing_pomme extends MailingTargets
$sql .= " FROM ".MAIN_DB_PREFIX."user as u";
$sql .= " WHERE u.email <> ''"; // u.email IS NOT NULL est implicite dans ce test
$sql .= " AND u.entity IN (0,".$conf->entity.")";
$sql .= " AND u.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
$sql .= " AND u.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")";
if (GETPOSTISSET("filter") && GETPOST("filter") == '1') {
$sql .= " AND u.statut=1";
}

6
htdocs/core/modules/mailings/thirdparties.modules.php
View File

@ -77,7 +77,7 @@ class mailing_thirdparties extends MailingTargets
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= " WHERE s.email <> ''";
$sql .= " AND s.entity IN (".getEntity('societe').")";
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")";
} else {
$addFilter = "";
if (GETPOSTISSET("filter_client") && GETPOST("filter_client") <> '-1') {
@ -112,7 +112,7 @@ class mailing_thirdparties extends MailingTargets
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."categorie_societe as cs, ".MAIN_DB_PREFIX."categorie as c";
$sql .= " WHERE s.email <> ''";
$sql .= " AND s.entity IN (".getEntity('societe').")";
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")";
$sql .= " AND cs.fk_soc = s.rowid";
$sql .= " AND c.rowid = cs.fk_categorie";
$sql .= " AND c.rowid=".((int) GETPOST('filter', 'int'));
@ -122,7 +122,7 @@ class mailing_thirdparties extends MailingTargets
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."categorie_fournisseur as cs, ".MAIN_DB_PREFIX."categorie as c";
$sql .= " WHERE s.email <> ''";
$sql .= " AND s.entity IN (".getEntity('societe').")";
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")";
$sql .= " AND cs.fk_soc = s.rowid";
$sql .= " AND c.rowid = cs.fk_categorie";
$sql .= " AND c.rowid=".((int) GETPOST('filter', 'int'));

2
htdocs/core/modules/mailings/thirdparties_services_expired.modules.php
View File

@ -110,7 +110,7 @@ class mailing_thirdparties_services_expired extends MailingTargets
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c";
$sql .= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."product as p";
$sql .= " WHERE s.entity IN (".getEntity('societe').")";
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")";
$sql .= " AND s.rowid = c.fk_soc AND cd.fk_contrat = c.rowid AND s.email != ''";
$sql .= " AND cd.statut= 4 AND cd.fk_product=p.rowid AND p.ref = '".$this->db->escape($product)."'";
$sql .= " AND cd.date_fin_validite < '".$this->db->idate($now)."'";

4
htdocs/core/modules/movement/doc/pdf_standard.modules.php
View File

@ -529,8 +529,8 @@ class pdf_stdandard extends ModelePDFMovement
if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active
$sql = "SELECT label";
$sql .= " FROM ".MAIN_DB_PREFIX."product_lang";
$sql .= " WHERE fk_product=".$objp->rowid;
$sql .= " AND lang='".$this->db->escape($langs->getDefaultLang())."'";
$sql .= " WHERE fk_product = ".((int) $objp->rowid);
$sql .= " AND lang = '".$this->db->escape($langs->getDefaultLang())."'";
$sql .= " LIMIT 1";
$result = $this->db->query($sql);

2
htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php
View File

@ -742,7 +742,7 @@ class doc_generic_project_odt extends ModelePDFProjects
$sql .= ", u.lastname, u.firstname, t.thm";
$sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t";
$sql .= " , ".MAIN_DB_PREFIX."user as u";
$sql .= " WHERE t.fk_task =".$task->id;
$sql .= " WHERE t.fk_task =".((int) $task->id);
$sql .= " AND t.fk_user = u.rowid";
$sql .= " ORDER BY t.task_date DESC";

2
htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php
View File

@ -657,7 +657,7 @@ class doc_generic_task_odt extends ModelePDFTask
$sql .= ", u.lastname, u.firstname";
$sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t";
$sql .= " , ".MAIN_DB_PREFIX."user as u";
$sql .= " WHERE t.fk_task =".$object->id;
$sql .= " WHERE t.fk_task =".((int) $object->id);
$sql .= " AND t.fk_user = u.rowid";
$sql .= " ORDER BY t.task_date DESC";

2
htdocs/core/modules/rapport/pdf_paiement.class.php
View File

@ -209,7 +209,7 @@ class pdf_paiement
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if (!empty($socid)) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
// If global param PAYMENTS_REPORT_GROUP_BY_MOD is set, payement are ordered by paiement_code
if (!empty($conf->global->PAYMENTS_REPORT_GROUP_BY_MOD)) {

2
htdocs/core/modules/stock/doc/pdf_standard.modules.php
View File

@ -315,7 +315,7 @@ class pdf_standard extends ModelePDFStock
$sql .= " FROM ".MAIN_DB_PREFIX."product_stock as ps, ".MAIN_DB_PREFIX."product as p";
$sql .= " WHERE ps.fk_product = p.rowid";
$sql .= " AND ps.reel <> 0"; // We do not show if stock is 0 (no product in this warehouse)
$sql .= " AND ps.fk_entrepot = ".$object->id;
$sql .= " AND ps.fk_entrepot = ".((int) $object->id);
$sql .= $this->db->order($sortfield, $sortorder);
//dol_syslog('List products', LOG_DEBUG);

2
htdocs/datapolicy/class/actions_datapolicy.class.php
View File

@ -121,7 +121,7 @@ class ActionsDatapolicy
if ($object->update($object->id, $user, 0)) {
// On supprime les contacts associé
$sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".$object->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".((int) $object->id);
$this->db->query($sql);
setEventMessages($langs->trans('ANONYMISER_SUCCESS'), array());

2
htdocs/don/class/api_donations.class.php
View File

@ -123,7 +123,7 @@ class Donations extends DolibarrApi
$sql .= " AND t.fk_soc = sc.fk_soc";
}
if ($thirdparty_ids) {
$sql .= " AND t.fk_soc = ".$thirdparty_ids." ";
$sql .= " AND t.fk_soc = ".((int) $thirdparty_ids)." ";
}
// Add sql filters

8
htdocs/don/class/don.class.php
View File

@ -476,8 +476,8 @@ class Don extends CommonObject
$sql .= ",address='".$this->db->escape($this->address)."'";
$sql .= ",zip='".$this->db->escape($this->zip)."'";
$sql .= ",town='".$this->db->escape($this->town)."'";
$sql .= ",fk_country = ".($this->country_id > 0 ? $this->country_id : '0');
$sql .= ",public=".$this->public;
$sql .= ",fk_country = ".($this->country_id > 0 ? ((int) $this->country_id) : '0');
$sql .= ",public=".((int) $this->public);
$sql .= ",fk_projet=".($this->fk_project > 0 ? $this->fk_project : 'null');
$sql .= ",note_private=".(!empty($this->note_private) ? ("'".$this->db->escape($this->note_private)."'") : "NULL");
$sql .= ",note_public=".(!empty($this->note_public) ? ("'".$this->db->escape($this->note_public)."'") : "NULL");
@ -486,8 +486,8 @@ class Don extends CommonObject
$sql .= ",email='".$this->db->escape(trim($this->email))."'";
$sql .= ",phone='".$this->db->escape(trim($this->phone))."'";
$sql .= ",phone_mobile='".$this->db->escape(trim($this->phone_mobile))."'";
$sql .= ",fk_statut=".$this->statut;
$sql .= " WHERE rowid = ".$this->id;
$sql .= ",fk_statut=".((int) $this->statut);
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::Update", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/ecm/class/ecmfiles.class.php
View File

@ -425,7 +425,7 @@ class EcmFiles extends CommonObject
//$sql .= " AND t.entity = ".$conf->entity; // hashforshare already unique
} elseif ($src_object_type && $src_object_id) {
// Warning: May return several record, and only first one is returned !
$sql .= " AND t.src_object_type ='".$this->db->escape($src_object_type)."' AND t.src_object_id = ".$this->db->escape($src_object_id);
$sql .= " AND t.src_object_type = '".$this->db->escape($src_object_type)."' AND t.src_object_id = ".((int) $src_object_id);
$sql .= " AND t.entity = ".$conf->entity;
} else {
$sql .= ' AND t.rowid = '.((int) $id); // rowid already unique

2
htdocs/eventorganization/conferenceorboothattendee_list.php
View File

@ -234,7 +234,7 @@ $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters, $obje
$sql .= preg_replace('/^,/', '', $hookmanager->resPrint);
$sql = preg_replace('/,\s*$/', '', $sql);
$sql .= " FROM ".MAIN_DB_PREFIX.$object->table_element." as t";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as a on a.id=t.fk_actioncomm AND a.id=".$confOrBooth->id;
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as a on a.id=t.fk_actioncomm AND a.id=".((int) $confOrBooth->id);
if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as ef on (t.rowid = ef.fk_object)";
}

2
htdocs/expedition/card.php
View File

@ -1982,7 +1982,7 @@ if ($action == 'create') {
//if ($conf->delivery_note->enabled) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."delivery as l ON l.fk_expedition = e.rowid LEFT JOIN ".MAIN_DB_PREFIX."deliverydet as ld ON ld.fk_delivery = l.rowid AND obj.rowid = ld.fk_origin_line";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON obj.fk_product = p.rowid";
$sql .= " WHERE e.entity IN (".getEntity('expedition').")";
$sql .= " AND obj.fk_".$origin." = ".$origin_id;
$sql .= " AND obj.fk_".$origin." = ".((int) $origin_id);
$sql .= " AND obj.rowid = ed.fk_origin_line";
$sql .= " AND ed.fk_expedition = e.rowid";
//if ($filter) $sql.= $filter;

2
htdocs/expedition/class/api_shipments.class.php
View File

@ -140,7 +140,7 @@ class Shipments extends DolibarrApi
}
// Insert sale filter
if ($search_sale > 0) {
$sql .= " AND sc.fk_user = ".$search_sale;
$sql .= " AND sc.fk_user = ".((int) $search_sale);
}
// Add sql filters
if ($sqlfilters) {

6
htdocs/expedition/class/expedition.class.php
View File

@ -2125,7 +2125,7 @@ class Expedition extends CommonObject
if (!empty($this->shipping_method_id)) {
$sql = "SELECT em.code, em.tracking";
$sql .= " FROM ".MAIN_DB_PREFIX."c_shipment_mode as em";
$sql .= " WHERE em.rowid = ".$this->shipping_method_id;
$sql .= " WHERE em.rowid = ".((int) $this->shipping_method_id);
$resql = $this->db->query($sql);
if ($resql) {
@ -2981,8 +2981,8 @@ class ExpeditionLigne extends CommonObjectLine
// update line
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET";
$sql .= " fk_entrepot = ".($this->entrepot_id > 0 ? $this->entrepot_id : 'null');
$sql .= " , qty = ".$qty;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " , qty = ".((float) price2num($qty, 'MS'));
$sql .= " WHERE rowid = ".((int) $this->id);
if (!$this->db->query($sql)) {
$this->errors[] = $this->db->lasterror()." - sql=$sql";

2
htdocs/expedition/class/expeditionbatch.class.php
View File

@ -186,7 +186,7 @@ class ExpeditionLineBatch extends CommonObject
}
$sql .= " FROM ".MAIN_DB_PREFIX.self::$_table_element." as eb";
if ($fk_product > 0) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON pl.batch = eb.batch AND pl.fk_product = ".$fk_product;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON pl.batch = eb.batch AND pl.fk_product = ".((int) $fk_product);
}
$sql .= " WHERE fk_expeditiondet=".(int) $id_line_expdet;

8
htdocs/expedition/list.php
View File

@ -282,7 +282,7 @@ if ($search_user > 0) {
}
$sql .= " WHERE e.entity IN (".getEntity('expedition').")";
if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".$search_product_category;
$sql .= " AND cp.fk_categorie = ".((int) $search_product_category);
}
if ($socid > 0) {
$sql .= ' AND s.rowid = '.$socid;
@ -292,7 +292,7 @@ if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no
$sql .= " AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND e.fk_soc = ".$socid;
$sql .= " AND e.fk_soc = ".((int) $socid);
}
if ($search_status <> '' && $search_status >= 0) {
$sql .= " AND e.fk_statut = ".((int) $search_status);
@ -322,7 +322,7 @@ if ($search_type_thirdparty != '' && $search_type_thirdparty > 0) {
$sql .= " AND s.fk_typent IN (".$db->sanitize($search_type_thirdparty).')';
}
if ($search_sale > 0) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$search_sale;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale);
}
if ($search_user > 0) {
// The contact on a shipment is also the contact of the order.
@ -353,7 +353,7 @@ if ($sall) {
$sql .= natural_search(array_keys($fieldstosearchall), $sall);
}
if ($search_categ_cus > 0) {
$sql .= " AND cc.fk_categorie = ".$db->escape($search_categ_cus);
$sql .= " AND cc.fk_categorie = ".((int) $search_categ_cus);
}
if ($search_categ_cus == -2) {
$sql .= " AND cc.fk_categorie IS NULL";

Some files were not shown because too many files have changed in this diff Show More