diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index c5091ef4207..9a8a84893fe 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -444,7 +444,7 @@ if ($search_country_id > 0) { } else { $sql .= " WHERE "; } - $sql .= " (a.fk_country = ".$search_country_id." OR a.fk_country = 0)"; + $sql .= " (a.fk_country = ".((int) $search_country_id)." OR a.fk_country = 0)"; } // If sort order is "country", we use country_code instead diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index d8e1598d1ac..aa200c770e4 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -675,7 +675,7 @@ class AccountancyCategory // extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_accounting_category as c"; $sql .= " WHERE c.active = 1"; $sql .= " AND c.entity = ".$conf->entity; - $sql .= " AND (c.fk_country = ".$mysoc->country_id." OR c.fk_country = 0)"; + $sql .= " AND (c.fk_country = ".((int) $mysoc->country_id)." OR c.fk_country = 0)"; $sql .= " AND cat.rowid = t.fk_accounting_category"; $sql .= " AND t.entity = ".$conf->entity; $sql .= " ORDER BY cat.position ASC"; @@ -806,7 +806,7 @@ class AccountancyCategory // extends CommonObject if ($categorytype >= 0) { $sql .= " AND c.category_type = 1"; } - $sql .= " AND (c.fk_country = ".$mysoc->country_id." OR c.fk_country = 0)"; + $sql .= " AND (c.fk_country = ".((int) $mysoc->country_id)." OR c.fk_country = 0)"; $sql .= " ORDER BY c.position ASC"; $resql = $this->db->query($sql); diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php index 28601380ac1..99a0dc0dc48 100644 --- a/htdocs/accountancy/class/accountingaccount.class.php +++ b/htdocs/accountancy/class/accountingaccount.class.php @@ -602,7 +602,7 @@ class AccountingAccount extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."accounting_account "; $sql .= "SET ".$fieldtouse." = '0'"; - $sql .= " WHERE rowid = ".$this->db->escape($id); + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::accountDeactivate ".$fieldtouse." sql=".$sql, LOG_DEBUG); $result = $this->db->query($sql); @@ -640,7 +640,7 @@ class AccountingAccount extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."accounting_account"; $sql .= " SET ".$fieldtouse." = '1'"; - $sql .= " WHERE rowid = ".$this->db->escape($id); + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::account_activate ".$fieldtouse." sql=".$sql, LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 3594bb26fc8..97ad7767be5 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -294,7 +294,7 @@ class BookKeeping extends CommonObject $sql = "SELECT count(*) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element; $sql .= " WHERE doc_type = '".$this->db->escape($this->doc_type)."'"; - $sql .= " AND fk_doc = ".$this->fk_doc; + $sql .= " AND fk_doc = ".((int) $this->fk_doc); if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) { // DO NOT USE THIS IN PRODUCTION. This will generate a lot of trouble into reports and will corrupt database (by generating duplicate entries. $sql .= " AND fk_docdet = " . $this->fk_docdet; // This field can be 0 if record is for several lines @@ -312,7 +312,7 @@ class BookKeeping extends CommonObject $sqlnum = "SELECT piece_num"; $sqlnum .= " FROM ".MAIN_DB_PREFIX.$this->table_element; $sqlnum .= " WHERE doc_type = '".$this->db->escape($this->doc_type)."'"; // For example doc_type = 'bank' - $sqlnum .= " AND fk_doc = ".$this->fk_doc; + $sqlnum .= " AND fk_doc = ".((int) $this->fk_doc); if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) { // fk_docdet is rowid into llx_bank or llx_facturedet or llx_facturefourndet, or ... $sqlnum .= " AND fk_docdet = ".((int) $this->fk_docdet); diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index 76984d55fba..32670b15575 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -1320,7 +1320,7 @@ function getSourceDocRef($val, $typerecord) if ($typerecord == 'payment') { $sqlmid = 'SELECT payfac.fk_facture as id, f.ref as ref'; $sqlmid .= " FROM ".MAIN_DB_PREFIX."paiement_facture as payfac, ".MAIN_DB_PREFIX."facture as f"; - $sqlmid .= " WHERE payfac.fk_facture = f.rowid AND payfac.fk_paiement=".$val["paymentid"]; + $sqlmid .= " WHERE payfac.fk_facture = f.rowid AND payfac.fk_paiement=".((int) $val["paymentid"]); $ref = $langs->transnoentitiesnoconv("Invoice"); } elseif ($typerecord == 'payment_supplier') { $sqlmid = 'SELECT payfac.fk_facturefourn as id, f.ref'; diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 4c0c602cbc1..91f01d19f89 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -598,8 +598,8 @@ class Adherent extends CommonObject if ($this->user_id) { // Add link to user $sql = "UPDATE ".MAIN_DB_PREFIX."user SET"; - $sql .= " fk_member = ".$this->id; - $sql .= " WHERE rowid = ".$this->user_id; + $sql .= " fk_member = ".((int) $this->id); + $sql .= " WHERE rowid = ".((int) $this->user_id); dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -728,7 +728,7 @@ class Adherent extends CommonObject if (!empty($this->oldcopy) && $this->typeid != $this->oldcopy->typeid) { $sql2 = "SELECT libelle as label"; $sql2 .= " FROM ".MAIN_DB_PREFIX."adherent_type"; - $sql2 .= " WHERE rowid = ".$this->typeid; + $sql2 .= " WHERE rowid = ".((int) $this->typeid); $resql2 = $this->db->query($sql2); if ($resql2) { while ($obj = $this->db->fetch_object($resql2)) { diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index 0104f8f36e8..1cb9fcdb12c 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -362,7 +362,7 @@ class AdherentType extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent_type "; $sql .= "SET "; - $sql .= "statut = ".$this->status.","; + $sql .= "statut = ".((int) $this->status).","; $sql .= "libelle = '".$this->db->escape($this->label)."',"; $sql .= "morphy = '".$this->db->escape($this->morphy)."',"; $sql .= "subscription = '".$this->db->escape($this->subscription)."',"; diff --git a/htdocs/adherents/class/api_members.class.php b/htdocs/adherents/class/api_members.class.php index 5573961456f..d57a01510d4 100644 --- a/htdocs/adherents/class/api_members.class.php +++ b/htdocs/adherents/class/api_members.class.php @@ -228,12 +228,12 @@ class Members extends DolibarrApi } $sql .= ' WHERE t.entity IN ('.getEntity('adherent').')'; if (!empty($typeid)) { - $sql .= ' AND t.fk_adherent_type='.$typeid; + $sql .= ' AND t.fk_adherent_type='.((int) $typeid); } // Select members of given category if ($category > 0) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category); - $sql .= " AND c.fk_member = t.rowid "; + $sql .= " AND c.fk_categorie = ".((int) $category); + $sql .= " AND c.fk_member = t.rowid"; } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/adherents/class/subscription.class.php b/htdocs/adherents/class/subscription.class.php index 1285b12b2d0..bb5cdd20bd5 100644 --- a/htdocs/adherents/class/subscription.class.php +++ b/htdocs/adherents/class/subscription.class.php @@ -267,14 +267,14 @@ class Subscription extends CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX."subscription SET "; - $sql .= " fk_type = ".$this->fk_type.","; - $sql .= " fk_adherent = ".$this->fk_adherent.","; + $sql .= " fk_type = ".((int) $this->fk_type).","; + $sql .= " fk_adherent = ".((int) $this->fk_adherent).","; $sql .= " note=".($this->note ? "'".$this->db->escape($this->note)."'" : 'null').","; $sql .= " subscription = ".price2num($this->amount).","; $sql .= " dateadh='".$this->db->idate($this->dateh)."',"; $sql .= " datef='".$this->db->idate($this->datef)."',"; $sql .= " datec='".$this->db->idate($this->datec)."',"; - $sql .= " fk_bank = ".($this->fk_bank ? $this->fk_bank : 'null'); + $sql .= " fk_bank = ".($this->fk_bank ? ((int) $this->fk_bank) : 'null'); $sql .= " WHERE rowid = ".$this->id; dol_syslog(get_class($this)."::update", LOG_DEBUG); @@ -341,7 +341,7 @@ class Subscription extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/api/class/api_setup.class.php b/htdocs/api/class/api_setup.class.php index 15d31140874..1f59762c865 100644 --- a/htdocs/api/class/api_setup.class.php +++ b/htdocs/api/class/api_setup.class.php @@ -200,7 +200,7 @@ class Setup extends DolibarrApi $sql = "SELECT id, code, type, libelle as label, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_paiement as t"; $sql .= " WHERE t.entity IN (".getEntity('c_paiement').")"; - $sql .= " AND t.active = ".$active; + $sql .= " AND t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -1055,7 +1055,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid AS id, zip, town, fk_county, fk_pays AS fk_country"; $sql .= " FROM ".MAIN_DB_PREFIX."c_ziptown as t"; - $sql .= " AND t.active = ".$active; + $sql .= " AND t.active = ".((int) $active); if ($zipcode) { $sql .= " AND t.zip LIKE '%".$this->db->escape($zipcode)."%'"; } @@ -1125,7 +1125,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid as id, code, sortorder, libelle as label, libelle_facture as descr, type_cdr, nbjour, decalage, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_payment_term as t"; $sql .= " WHERE t.entity IN (".getEntity('c_payment_term').")"; - $sql .= " AND t.active = ".$active; + $sql .= " AND t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -1183,7 +1183,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid as id, code, libelle as label, description, tracking, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_shipment_mode as t"; $sql .= " WHERE t.entity IN (".getEntity('c_shipment_mode').")"; - $sql .= " AND t.active = ".$active; + $sql .= " AND t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -1307,7 +1307,7 @@ class Setup extends DolibarrApi $sql = "SELECT t.rowid, t.entity, t.code, t.label, t.url, t.icon, t.active"; $sql .= " FROM ".MAIN_DB_PREFIX."c_socialnetworks as t"; $sql .= " WHERE t.entity IN (".getEntity('c_socialnetworks').")"; - $sql .= " AND t.active = ".$active; + $sql .= " AND t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { diff --git a/htdocs/asset/class/asset_type.class.php b/htdocs/asset/class/asset_type.class.php index 36c654c28ba..335cd63115a 100644 --- a/htdocs/asset/class/asset_type.class.php +++ b/htdocs/asset/class/asset_type.class.php @@ -332,7 +332,7 @@ class AssetType extends CommonObject /** * Return array of Asset objects for asset type this->id (or all if this->id not defined) * - * @param string $excludefilter Filter to exclude. This parameter must not be provided by input of users + * @param string $excludefilter Filter string to exclude. This parameter must not be provided by input of users * @param int $mode 0=Return array of asset instance * 1=Return array of asset instance without extra data * 2=Return array of asset id only @@ -347,7 +347,7 @@ class AssetType extends CommonObject $sql = "SELECT a.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."asset as a"; $sql .= " WHERE a.entity IN (".getEntity('asset').")"; - $sql .= " AND a.fk_asset_type = ".$this->id; + $sql .= " AND a.fk_asset_type = ".((int) $this->id); if (!empty($excludefilter)) { $sql .= ' AND ('.$excludefilter.')'; } diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index 220c724ad89..728bdef6cf6 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -614,8 +614,8 @@ class BOM extends CommonObject $sql .= " SET ref = '".$this->db->escape($num)."',"; $sql .= " status = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($now)."',"; - $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php index 199944165b4..a977ae57fbc 100644 --- a/htdocs/bookmarks/bookmarks.lib.php +++ b/htdocs/bookmarks/bookmarks.lib.php @@ -80,7 +80,7 @@ function printDropdownBookmarksList() // Menu with list of bookmarks $sql = "SELECT rowid, title, url, target FROM ".MAIN_DB_PREFIX."bookmark"; - $sql .= " WHERE (fk_user = ".$user->id." OR fk_user is NULL OR fk_user = 0)"; + $sql .= " WHERE (fk_user = ".((int) $user->id)." OR fk_user is NULL OR fk_user = 0)"; $sql .= " AND entity IN (".getEntity('bookmarks').")"; $sql .= " ORDER BY position"; if ($resql = $db->query($sql)) { diff --git a/htdocs/bookmarks/list.php b/htdocs/bookmarks/list.php index 7d644d3a103..17be6be9cef 100644 --- a/htdocs/bookmarks/list.php +++ b/htdocs/bookmarks/list.php @@ -98,7 +98,7 @@ $sql .= " FROM ".MAIN_DB_PREFIX."bookmark as b LEFT JOIN ".MAIN_DB_PREFIX."user $sql .= " WHERE 1=1"; $sql .= " AND b.entity IN (".getEntity('bookmark').")"; if (!$user->admin) { - $sql .= " AND (b.fk_user = ".$user->id." OR b.fk_user is NULL OR b.fk_user = 0)"; + $sql .= " AND (b.fk_user = ".((int) $user->id)." OR b.fk_user is NULL OR b.fk_user = 0)"; } $sql .= $db->order($sortfield.", position", $sortorder); diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 5f30a96c9c1..b98cff5b3a5 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -774,7 +774,7 @@ class Categorie extends CommonObject $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); $sql .= " WHERE fk_categorie = ".$this->id; - $sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".$obj->id; + $sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $obj->id); dol_syslog(get_class($this).'::del_type', LOG_DEBUG); if ($this->db->query($sql)) { @@ -1303,7 +1303,7 @@ class Categorie extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."categorie as c "; $sql .= " WHERE c.entity IN (".getEntity('category').")"; $sql .= " AND c.type = ".((int) $type); - $sql .= " AND c.fk_parent = ".$this->fk_parent; + $sql .= " AND c.fk_parent = ".((int) $this->fk_parent); $sql .= " AND c.label = '".$this->db->escape($this->label)."'"; dol_syslog(get_class($this)."::already_exists", LOG_DEBUG); @@ -1552,7 +1552,7 @@ class Categorie extends CommonObject // Generation requete recherche $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."categorie"; - $sql .= " WHERE type = ".$this->MAP_ID[$type]; + $sql .= " WHERE type = ".((int) $this->MAP_ID[$type]); $sql .= " AND entity IN (".getEntity('category').")"; if ($nom) { if (!$exact) { diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 3943a37e5a7..38acaac0fc9 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -1896,7 +1896,7 @@ class ActionComm extends CommonObject $userforfilter = new User($this->db); $result = $userforfilter->fetch('', $logint); if ($result > 0) { - $sql .= " AND ar.fk_element = ".$userforfilter->id; + $sql .= " AND ar.fk_element = ".((int) $userforfilter->id); } elseif ($result < 0 || $condition == '=') { $sql .= " AND ar.fk_element = 0"; } @@ -2410,7 +2410,7 @@ class ActionComm extends CommonObject // Delete also very old past events (we do not keep more than 1 month record in past) $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; $sql .= " WHERE dateremind < '".$this->db->idate($now - (3600 * 24 * 32))."'"; - $sql .= " AND status = ".$actionCommReminder::STATUS_DONE; + $sql .= " AND status = ".((int) $actionCommReminder::STATUS_DONE); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 459ede423b1..465f1be8701 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -741,10 +741,10 @@ if ($status == 'todo') { if ($filtert > 0 || $usergroup > 0) { $sql .= " AND ("; if ($filtert > 0) { - $sql .= "ar.fk_element = ".$filtert; + $sql .= "ar.fk_element = ".((int) $filtert); } if ($usergroup > 0) { - $sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".$usergroup; + $sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".((int) $usergroup); } $sql .= ")"; } diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php index 32eaccdcce1..b39d6c3141d 100644 --- a/htdocs/comm/action/pertype.php +++ b/htdocs/comm/action/pertype.php @@ -616,7 +616,7 @@ if ($filtert > 0 || $usergroup > 0) { $sql .= "ar.fk_element = ".$filtert; } if ($usergroup > 0) { - $sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".$usergroup; + $sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".((int) $usergroup); } $sql .= ")"; } diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index 76330d39453..10d9871c4c9 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -637,7 +637,7 @@ if ($filtert > 0 || $usergroup > 0) { $sql .= "ar.fk_element = ".$filtert; } if ($usergroup > 0) { - $sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".$usergroup; + $sql .= ($filtert > 0 ? " OR " : "")." ugu.fk_usergroup = ".((int) $usergroup); } $sql .= ")"; } @@ -899,7 +899,7 @@ while ($currentdaytoshow < $lastdaytoshow) { } $sql .= " WHERE u.statut = 1 AND u.entity IN (".getEntity('user').")"; if ($usergroup > 0) { - $sql .= " AND ug.fk_usergroup = ".$usergroup; + $sql .= " AND ug.fk_usergroup = ".((int) $usergroup); } //print $sql; $resql = $db->query($sql); diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 9945ca0e186..1d74cba61cd 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -104,23 +104,15 @@ if ($type == "f") { if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); } - -if (dol_strlen($stcomm)) { - $sql .= " AND s.fk_stcomm=".$db->escape($stcomm); -} - if (!empty($search_lastname)) { $sql .= " AND p.name LIKE '%".$db->escape($search_lastname)."%'"; } - if (!empty($search_firstname)) { $sql .= " AND p.firstname LIKE '%".$db->escape($search_firstname)."%'"; } - if (!empty($search_company)) { $sql .= " AND s.nom LIKE '%".$db->escape($search_company)."%'"; } - if (!empty($contactname)) { // acces a partir du module de recherche $sql .= " AND (p.name LIKE '%".$db->escape($contactname)."%' OR lower(p.firstname) LIKE '%".$db->escape($contactname)."%') "; $sortfield = "p.name"; diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index c544f5f7fe9..6c670c82364 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -2463,12 +2463,12 @@ class Propal extends CommonObject $error = 0; $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; - $sql .= " SET fk_statut = ".$status.","; + $sql .= " SET fk_statut = ".((int) $status).","; if (!empty($note)) { $sql .= " note_private = '".$this->db->escape($note)."',"; } $sql .= " date_cloture=NULL, fk_user_cloture=NULL"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -4305,7 +4305,7 @@ class PropaleLigne extends CommonObjectLine } $sql .= ", fk_parent_line=".($this->fk_parent_line > 0 ? $this->fk_parent_line : "null"); if (!empty($this->rang)) { - $sql .= ", rang=".$this->rang; + $sql .= ", rang=".((int) $this->rang); } $sql .= ", date_start=".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null"); $sql .= ", date_end=".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null"); @@ -4317,7 +4317,7 @@ class PropaleLigne extends CommonObjectLine $sql .= ", multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= ", multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -4365,7 +4365,7 @@ class PropaleLigne extends CommonObjectLine $sql .= " total_ht=".price2num($this->total_ht, 'MT').""; $sql .= ",total_tva=".price2num($this->total_tva, 'MT').""; $sql .= ",total_ttc=".price2num($this->total_ttc, 'MT').""; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog("PropaleLigne::update_total", LOG_DEBUG); diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index 3973071d1f0..7ff3e405499 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -88,7 +88,7 @@ if (!empty($conf->propal->enabled)) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND p.fk_soc = ".$socid; + $sql .= " AND p.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -160,7 +160,7 @@ $sql .= " WHERE c.entity IN (".getEntity($propalstatic->element).")"; $sql .= " AND c.fk_soc = s.rowid"; //$sql.= " AND c.fk_statut > 2"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -318,7 +318,7 @@ if (! empty($conf->propal->enabled)) $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 1"; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " ORDER BY c.rowid DESC"; @@ -393,7 +393,7 @@ if (! empty($conf->propal->enabled)) $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 2 "; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " ORDER BY c.rowid DESC"; diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index ceb945d1e72..95d461eac39 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -593,27 +593,27 @@ if ($sall) { $sql .= natural_search(array_keys($fieldstosearchall), $sall); } if ($search_categ_cus > 0) { - $sql .= " AND cc.fk_categorie = ".$db->escape($search_categ_cus); + $sql .= " AND cc.fk_categorie = ".((int) $search_categ_cus); } if ($search_categ_cus == -2) { $sql .= " AND cc.fk_categorie IS NULL"; } if ($search_fk_cond_reglement > 0) { - $sql .= " AND p.fk_cond_reglement = ".$db->escape($search_fk_cond_reglement); + $sql .= " AND p.fk_cond_reglement = ".((int) $search_fk_cond_reglement); } if ($search_fk_shipping_method > 0) { - $sql .= " AND p.fk_shipping_method = ".$db->escape($search_fk_shipping_method); + $sql .= " AND p.fk_shipping_method = ".((int) $search_fk_shipping_method); } if ($search_fk_input_reason > 0) { - $sql .= " AND p.fk_input_reason = ".$db->escape($search_fk_input_reason); + $sql .= " AND p.fk_input_reason = ".((int) $search_fk_input_reason); } if ($search_fk_mode_reglement > 0) { - $sql .= " AND p.fk_mode_reglement = ".$db->escape($search_fk_mode_reglement); + $sql .= " AND p.fk_mode_reglement = ".((int) $search_fk_mode_reglement); } if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$db->escape($search_product_category); + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); diff --git a/htdocs/comm/prospect/index.php b/htdocs/comm/prospect/index.php index 8883e0af6f3..d2f60c36212 100644 --- a/htdocs/comm/prospect/index.php +++ b/htdocs/comm/prospect/index.php @@ -87,7 +87,7 @@ $sql .= " WHERE s.fk_stcomm = st.id"; $sql .= " AND s.client IN (2, 3)"; $sql .= " AND s.entity IN (".getEntity($companystatic->element).")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY st.id"; $sql .= " ORDER BY st.id"; @@ -129,7 +129,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -191,7 +191,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) { $sql .= " AND p.fk_statut = 1"; $sql .= " AND p.entity IN (".getEntity('propal').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -250,7 +250,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.fk_stcomm = 1"; $sql .= " AND s.entity IN (".getEntity($companystatic->element).")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY s.tms ASC"; $sql .= $db->plimit(15, 0); diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index c0851dfee1d..c19cc6c379f 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -2539,7 +2539,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET date_commande = ".($date ? "'".$this->db->idate($date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".((int) self::STATUS_DRAFT); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -4559,14 +4559,14 @@ class OrderLine extends CommonOrderLine } $sql .= " , fk_product_fournisseur_price=".(!empty($this->fk_fournprice) ? $this->fk_fournprice : "null"); $sql .= " , buy_price_ht='".price2num($this->pa_ht)."'"; - $sql .= " , info_bits=".$this->info_bits; - $sql .= " , special_code=".$this->special_code; + $sql .= " , info_bits=".((int) $this->info_bits); + $sql .= " , special_code=".((int) $this->special_code); $sql .= " , date_start=".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null"); $sql .= " , date_end=".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null"); $sql .= " , product_type=".$this->product_type; $sql .= " , fk_parent_line=".(!empty($this->fk_parent_line) ? $this->fk_parent_line : "null"); if (!empty($this->rang)) { - $sql .= ", rang=".$this->rang; + $sql .= ", rang=".((int) $this->rang); } $sql .= " , fk_unit=".(!$this->fk_unit ? 'NULL' : $this->fk_unit); @@ -4576,7 +4576,7 @@ class OrderLine extends CommonOrderLine $sql .= " , multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= " , multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/commande/customer.php b/htdocs/commande/customer.php index 6dfa898a024..62f8c4772f6 100644 --- a/htdocs/commande/customer.php +++ b/htdocs/commande/customer.php @@ -89,9 +89,6 @@ $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } -if (dol_strlen($stcomm)) { - $sql .= " AND s.fk_stcomm=".$stcomm; -} if (GETPOST("search_nom")) { $sql .= natural_search("s.nom", GETPOST("search_nom")); } diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php index 48f1f600126..73f40668cea 100644 --- a/htdocs/commande/index.php +++ b/htdocs/commande/index.php @@ -166,7 +166,7 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('commande').")"; //$sql.= " AND c.fk_statut > 2"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -250,7 +250,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.entity IN (".getEntity('commande').")"; $sql .= " AND c.fk_statut = ".Commande::STATUS_VALIDATED; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -337,9 +337,9 @@ if (!empty($conf->commande->enabled)) { } $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('commande').")"; - $sql .= " AND c.fk_statut = ".Commande::STATUS_ACCEPTED; + $sql .= " AND c.fk_statut = ".((int) Commande::STATUS_ACCEPTED); if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index f42b7c08de9..98bbd00b351 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -473,7 +473,7 @@ if ($search_user > 0) { $sql .= ' WHERE c.fk_soc = s.rowid'; $sql .= ' AND c.entity IN ('.getEntity('commande').')'; if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$search_product_category; + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 0a9784fce75..666621cbdd6 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -1181,7 +1181,7 @@ if ($resql) { $sqlforbalance .= " ".MAIN_DB_PREFIX."bank as b"; $sqlforbalance .= " WHERE b.fk_account = ba.rowid"; $sqlforbalance .= " AND ba.entity IN (".getEntity('bank_account').")"; - $sqlforbalance .= " AND b.fk_account = ".$search_account; + $sqlforbalance .= " AND b.fk_account = ".((int) $search_account); $sqlforbalance .= " AND (b.datev < '".$db->idate($db->jdate($objp->dv))."' OR (b.datev = '".$db->idate($db->jdate($objp->dv))."' AND (b.dateo < '".$db->idate($db->jdate($objp->do))."' OR (b.dateo = '".$db->idate($db->jdate($objp->do))."' AND b.rowid < ".$objp->rowid."))))"; $resqlforbalance = $db->query($sqlforbalance); //print $sqlforbalance; diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index e629d7620f0..0d97ed69a07 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -1070,7 +1070,7 @@ class Account extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_account"; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $result = $this->db->query($sql); @@ -2090,7 +2090,7 @@ class AccountLine extends CommonObject $sql .= " amount = ".price2num($this->amount).","; $sql .= " datev='".$this->db->idate($this->datev)."',"; $sql .= " dateo='".$this->db->idate($this->dateo)."'"; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/bank/class/api_bankaccounts.class.php b/htdocs/compta/bank/class/api_bankaccounts.class.php index 10357155295..fd7ed1838f2 100644 --- a/htdocs/compta/bank/class/api_bankaccounts.class.php +++ b/htdocs/compta/bank/class/api_bankaccounts.class.php @@ -77,7 +77,7 @@ class BankAccounts extends DolibarrApi $sql .= ' WHERE t.entity IN ('.getEntity('bank_account').')'; // Select accounts of given category if ($category > 0) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category)." AND c.fk_account = t.rowid "; + $sql .= " AND c.fk_categorie = ".((int) $category)." AND c.fk_account = t.rowid"; } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/compta/bank/line.php b/htdocs/compta/bank/line.php index c84f52ffee1..2c33085aa6d 100644 --- a/htdocs/compta/bank/line.php +++ b/htdocs/compta/bank/line.php @@ -173,7 +173,7 @@ if ($user->rights->banque->modifier && $action == "update") { $sql .= " datev = '".$db->idate($dateval)."',"; } } - $sql .= " fk_account = ".$actarget->id; + $sql .= " fk_account = ".((int) $actarget->id); $sql .= " WHERE rowid = ".((int) $acline->id); $result = $db->query($sql); diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index f45d2a64af4..167c809a8b1 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -606,7 +606,7 @@ if (empty($numref)) { $sql .= ", ".MAIN_DB_PREFIX."bank_class as cl"; $sql .= " WHERE ct.rowid = cl.fk_categ"; $sql .= " AND ct.entity = ".$conf->entity; - $sql .= " AND cl.lineid = ".$objp->rowid; + $sql .= " AND cl.lineid = ".((int) $objp->rowid); $resc = $db->query($sql); if ($resc) { diff --git a/htdocs/compta/bank/various_payment/list.php b/htdocs/compta/bank/various_payment/list.php index f78e004f571..dda68a096a1 100644 --- a/htdocs/compta/bank/various_payment/list.php +++ b/htdocs/compta/bank/various_payment/list.php @@ -250,19 +250,19 @@ if ($search_amount_cred) { $sql .= natural_search("v.amount", $search_amount_cred, 1); } if ($search_bank_account > 0) { - $sql .= " AND b.fk_account=".$db->escape($search_bank_account); + $sql .= " AND b.fk_account = ".((int) $search_bank_account); } if ($search_bank_entry > 0) { - $sql .= " AND b.fk_account=".$db->escape($search_bank_account); + $sql .= " AND b.fk_account = ".((int) $search_bank_account); } if ($search_accountancy_account > 0) { - $sql .= " AND v.accountancy_code=".$db->escape($search_accountancy_account); + $sql .= " AND v.accountancy_code = ".((int) $search_accountancy_account); } if ($search_accountancy_subledger > 0) { - $sql .= " AND v.subledger_account=".$db->escape($search_accountancy_subledger); + $sql .= " AND v.subledger_account = ".((int) $search_accountancy_subledger); } if ($typeid > 0) { - $sql .= " AND v.fk_typepayment=".$typeid; + $sql .= " AND v.fk_typepayment=".((int) $typeid); } if ($search_all) { $sql .= natural_search(array_keys($fieldstosearchall), $search_all); diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php index 60924dae644..b0a4716b7e1 100644 --- a/htdocs/compta/clients.php +++ b/htdocs/compta/clients.php @@ -71,7 +71,7 @@ llxHeader(); $thirdpartystatic = new Societe($db); if ($action == 'note') { - $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET note='".$db->escape($note)."' WHERE rowid=".$socid; + $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET note='".$db->escape($note)."' WHERE rowid=".((int) $socid); $result = $db->query($sql); } @@ -107,29 +107,21 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if (dol_strlen($stcomm)) { - $sql .= " AND s.fk_stcomm=".$stcomm; + $sql .= " AND s.fk_stcomm=".((int) $stcomm); } -if ($socname) { - $sql .= natural_search("s.nom", $socname); - $sortfield = "s.nom"; - $sortorder = "ASC"; -} -if ($_GET["search_nom"]) { +if (GETPOST("search_nom")) { $sql .= natural_search("s.nom", GETPOST("search_nom")); } -if ($_GET["search_compta"]) { +if (GETPOST("search_compta")) { $sql .= natural_search("s.code_compta", GETPOST("search_compta")); } -if ($_GET["search_code_client"]) { +if (GETPOST("search_code_client")) { $sql .= natural_search("s.code_client", GETPOST("search_code_client")); } -if (dol_strlen($begin)) { - $sql .= natural_search("s.nom", $begin); -} if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); } -$sql .= " ORDER BY $sortfield $sortorder "; +$sql .= " ORDER BY $sortfield $sortorder"; $sql .= $db->plimit($conf->liste_limit + 1, $offset); //print $sql; diff --git a/htdocs/compta/facture/class/api_invoices.class.php b/htdocs/compta/facture/class/api_invoices.class.php index 84b4df207a5..3dfa5f70603 100644 --- a/htdocs/compta/facture/class/api_invoices.class.php +++ b/htdocs/compta/facture/class/api_invoices.class.php @@ -217,7 +217,7 @@ class Invoices extends DolibarrApi } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php index 286b5a1ccea..7d2ffe9e022 100644 --- a/htdocs/compta/facture/class/facture-rec.class.php +++ b/htdocs/compta/facture/class/facture-rec.class.php @@ -470,9 +470,9 @@ class FactureRec extends CommonInvoice $error = 0; $sql = "UPDATE ".MAIN_DB_PREFIX."facture_rec SET"; - $sql .= " fk_soc = ".$this->fk_soc; + $sql .= " fk_soc = ".((int) $this->fk_soc); // TODO Add missing fields - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1136,12 +1136,12 @@ class FactureRec extends CommonInvoice $sql .= ", qty=".price2num($qty); $sql .= ", tva_tx=".price2num($txtva); $sql .= ", vat_src_code='".$this->db->escape($vat_src_code)."'"; - $sql .= ", localtax1_tx=".$txlocaltax1; + $sql .= ", localtax1_tx=".((float) $txlocaltax1); $sql .= ", localtax1_type='".$this->db->escape($localtaxes_type[0])."'"; - $sql .= ", localtax2_tx=".$txlocaltax2; + $sql .= ", localtax2_tx=".((float) $txlocaltax2); $sql .= ", localtax2_type='".$this->db->escape($localtaxes_type[2])."'"; $sql .= ", fk_product=".(!empty($fk_product) ? "'".$this->db->escape($fk_product)."'" : "null"); - $sql .= ", product_type=".$product_type; + $sql .= ", product_type=".((int) $product_type); $sql .= ", remise_percent='".price2num($remise_percent)."'"; $sql .= ", subprice='".price2num($pu_ht)."'"; $sql .= ", total_ht='".price2num($total_ht)."'"; @@ -2124,11 +2124,11 @@ class FactureLigneRec extends CommonInvoiceLine $sql .= ", total_localtax2=".price2num($this->total_localtax2); $sql .= ", total_ttc=".price2num($this->total_ttc); } - $sql .= ", rang=".$this->rang; - $sql .= ", special_code=".$this->special_code; + $sql .= ", rang=".((int) $this->rang); + $sql .= ", special_code=".((int) $this->special_code); $sql .= ", fk_unit=".($this->fk_unit ? "'".$this->db->escape($this->fk_unit)."'" : "null"); $sql .= ", fk_contract_line=".($this->fk_contract_line ? $this->fk_contract_line : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 6dd67d4d931..40a14eb1711 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -4105,7 +4105,7 @@ class Facture extends CommonInvoice $sql .= " AND pf.fk_paiement IS NULL"; // Aucun paiement deja fait $sql .= " AND ff.fk_statut IS NULL"; // Renvoi vrai si pas facture de remplacement if ($socid > 0) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " ORDER BY f.ref"; @@ -5594,7 +5594,7 @@ class FactureLigne extends CommonInvoiceLine $sql .= ", buy_price_ht=".(($this->pa_ht || $this->pa_ht === 0 || $this->pa_ht === '0') ? price2num($this->pa_ht) : "null"); // $this->pa_ht should always be defined (set to 0 or to sell price depending on option) $sql .= ", fk_parent_line=".($this->fk_parent_line > 0 ? $this->fk_parent_line : "null"); if (!empty($this->rang)) { - $sql .= ", rang=".$this->rang; + $sql .= ", rang=".((int) $this->rang); } $sql .= ", situation_percent=".$this->situation_percent; $sql .= ", fk_unit=".(!$this->fk_unit ? 'NULL' : $this->fk_unit); @@ -5606,7 +5606,7 @@ class FactureLigne extends CommonInvoiceLine $sql .= ", multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= ", multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index fb4089fabec..a375bc677f2 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -546,7 +546,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$db->escape($search_product_category); + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); @@ -634,7 +634,7 @@ if ($search_login) { $sql .= natural_search(array('u.login', 'u.firstname', 'u.lastname'), $search_login); } if ($search_categ_cus > 0) { - $sql .= " AND cc.fk_categorie = ".$db->escape($search_categ_cus); + $sql .= " AND cc.fk_categorie = ".((int) $search_categ_cus); } if ($search_categ_cus == -2) { $sql .= " AND cc.fk_categorie IS NULL"; @@ -659,10 +659,10 @@ if ($search_status != '-1' && $search_status != '') { } if ($search_paymentmode > 0) { - $sql .= " AND f.fk_mode_reglement = ".$db->escape($search_paymentmode); + $sql .= " AND f.fk_mode_reglement = ".((int) $search_paymentmode); } if ($search_paymentterms > 0) { - $sql .= " AND f.fk_cond_reglement = ".$db->escape($search_paymentterms); + $sql .= " AND f.fk_cond_reglement = ".((int) $search_paymentterms); } if ($search_module_source) { $sql .= natural_search("f.module_source", $search_module_source); @@ -692,10 +692,10 @@ if ($option == 'late') { $sql .= " AND f.date_lim_reglement < '".$db->idate(dol_now() - $conf->facture->client->warning_delay)."'"; } if ($search_sale > 0) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".(int) $search_sale; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='facture' AND tc.source='internal' AND ec.element_id = f.rowid AND ec.fk_socpeople = ".$search_user; + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='facture' AND tc.source='internal' AND ec.element_id = f.rowid AND ec.fk_socpeople = ".((int) $search_user); } // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index e33ddc35610..18519955bf6 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -138,7 +138,7 @@ if (!empty($conf->facture->enabled) && !empty($user->rights->facture->lire)) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } // Add where from hooks $parameters = array(); @@ -283,7 +283,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND ff.fk_soc = ".$socid; + $sql .= " AND ff.fk_soc = ".((int) $socid); } // Add where from hooks $parameters = array(); @@ -593,7 +593,7 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $sql .= " AND c.fk_statut = ".Commande::STATUS_CLOSED; $sql .= " AND c.facture = 0"; diff --git a/htdocs/compta/localtax/class/localtax.class.php b/htdocs/compta/localtax/class/localtax.class.php index dc133977202..115dce99c9e 100644 --- a/htdocs/compta/localtax/class/localtax.class.php +++ b/htdocs/compta/localtax/class/localtax.class.php @@ -170,7 +170,7 @@ class Localtax extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."localtax SET"; - $sql .= " localtaxtype=".$this->ltt.","; + $sql .= " localtaxtype=".((int) $this->ltt).","; $sql .= " tms='".$this->db->idate($this->tms)."',"; $sql .= " datep='".$this->db->idate($this->datep)."',"; $sql .= " datev='".$this->db->idate($this->datev)."',"; diff --git a/htdocs/compta/localtax/index.php b/htdocs/compta/localtax/index.php index 86fa3fe52f0..f9ea0ac02d9 100644 --- a/htdocs/compta/localtax/index.php +++ b/htdocs/compta/localtax/index.php @@ -584,7 +584,7 @@ $sql .= "SELECT SUM(amount) as mm, date_format(f.datev,'%Y-%m') as dm, 'claimed' $sql .= " FROM ".MAIN_DB_PREFIX."localtax as f"; $sql .= " WHERE f.entity = ".$conf->entity; $sql .= " AND (f.datev >= '".$db->idate($date_start)."' AND f.datev <= '".$db->idate($date_end)."')"; -$sql .= " AND localtaxtype=".$localTaxType; +$sql .= " AND localtaxtype=".((int) $localTaxType); $sql .= " GROUP BY dm"; $sql .= " UNION "; @@ -593,7 +593,7 @@ $sql .= "SELECT SUM(amount) as mm, date_format(f.datep,'%Y-%m') as dm, 'paid' as $sql .= " FROM ".MAIN_DB_PREFIX."localtax as f"; $sql .= " WHERE f.entity = ".$conf->entity; $sql .= " AND (f.datep >= '".$db->idate($date_start)."' AND f.datep <= '".$db->idate($date_end)."')"; -$sql .= " AND localtaxtype=".$localTaxType; +$sql .= " AND localtaxtype=".((int) $localTaxType); $sql .= " GROUP BY dm"; $sql .= " ORDER BY dm ASC, mode ASC"; diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index 04eee81ced0..32f81532ecf 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -606,7 +606,7 @@ if ($action == 'new') { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement as p ON p.fk_bank = b.rowid"; $sql .= " WHERE ba.entity IN (".getEntity('bank_account').")"; $sql .= " AND b.fk_type= 'CHQ'"; - $sql .= " AND b.fk_bordereau = ".$object->id; + $sql .= " AND b.fk_bordereau = ".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); $resql = $db->query($sql); diff --git a/htdocs/compta/paiement/cheque/list.php b/htdocs/compta/paiement/cheque/list.php index 0c4a6d9c478..f4d6c9e2686 100644 --- a/htdocs/compta/paiement/cheque/list.php +++ b/htdocs/compta/paiement/cheque/list.php @@ -104,7 +104,7 @@ if ($search_ref) { $sql .= natural_search("bc.ref", $search_ref); } if ($search_account > 0) { - $sql .= " AND bc.fk_bank_account=".$search_account; + $sql .= " AND bc.fk_bank_account = ".((int) $search_account); } if ($search_amount) { $sql .= natural_search("bc.amount", price2num($search_amount)); diff --git a/htdocs/compta/paiement/tovalidate.php b/htdocs/compta/paiement/tovalidate.php index 4e464243df6..6b811bc2d13 100644 --- a/htdocs/compta/paiement/tovalidate.php +++ b/htdocs/compta/paiement/tovalidate.php @@ -78,7 +78,7 @@ if ($socid) { } $sql .= " WHERE p.entity IN (".getEntity('invoice').')'; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " AND p.statut = 0"; diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index dbf2d67778a..f69c7b476a2 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -203,7 +203,7 @@ class BonPrelevement extends CommonObject $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes"; $sql .= " WHERE fk_prelevement_bons = ".$this->id; - $sql .= " AND fk_soc =".$client_id; + $sql .= " AND fk_soc =".((int) $client_id); $sql .= " AND code_banque = '".$this->db->escape($code_banque)."'"; $sql .= " AND code_guichet = '".$this->db->escape($code_guichet)."'"; $sql .= " AND number = '".$this->db->escape($number)."'"; diff --git a/htdocs/compta/prelevement/class/rejetprelevement.class.php b/htdocs/compta/prelevement/class/rejetprelevement.class.php index 0faea8a159c..dcf3c1a8bc5 100644 --- a/htdocs/compta/prelevement/class/rejetprelevement.class.php +++ b/htdocs/compta/prelevement/class/rejetprelevement.class.php @@ -329,7 +329,7 @@ class RejetPrelevement $sql = "SELECT pr.date_rejet as dr, motif, afacturer"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_rejet as pr"; - $sql .= " WHERE pr.fk_prelevement_lignes =".$rowid; + $sql .= " WHERE pr.fk_prelevement_lignes =".((int) $rowid); $resql = $this->db->query($sql); if ($resql) { @@ -345,11 +345,11 @@ class RejetPrelevement return 0; } else { - dol_syslog("RejetPrelevement::Fetch Erreur rowid=$rowid numrows=0"); + dol_syslog("RejetPrelevement::Fetch Erreur rowid=".$rowid." numrows=0"); return -1; } } else { - dol_syslog("RejetPrelevement::Fetch Erreur rowid=$rowid"); + dol_syslog("RejetPrelevement::Fetch Erreur rowid=".$rowid); return -2; } } diff --git a/htdocs/compta/prelevement/fiche-rejet.php b/htdocs/compta/prelevement/fiche-rejet.php index 928be9c4245..8711f663d55 100644 --- a/htdocs/compta/prelevement/fiche-rejet.php +++ b/htdocs/compta/prelevement/fiche-rejet.php @@ -170,15 +170,15 @@ $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons as p"; $sql .= " , ".MAIN_DB_PREFIX."prelevement_lignes as pl"; $sql .= " , ".MAIN_DB_PREFIX."societe as s"; $sql .= " , ".MAIN_DB_PREFIX."prelevement_rejet as pr"; -$sql .= " WHERE p.rowid=".$object->id; +$sql .= " WHERE p.rowid=".((int) $object->id); $sql .= " AND pl.fk_prelevement_bons = p.rowid"; $sql .= " AND p.entity = ".$conf->entity; $sql .= " AND pl.fk_soc = s.rowid"; $sql .= " AND pl.statut = 3 "; $sql .= " AND pr.fk_prelevement_lignes = pl.rowid"; -if ($socid) { +/*if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); -} +}*/ $sql .= " ORDER BY pl.amount DESC"; // Count total nb of records diff --git a/htdocs/compta/recap-compta.php b/htdocs/compta/recap-compta.php index 3abdf04ae1b..d98a6aab251 100644 --- a/htdocs/compta/recap-compta.php +++ b/htdocs/compta/recap-compta.php @@ -189,7 +189,7 @@ if ($id > 0) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON p.fk_user_creat = u.rowid"; $sql .= " WHERE pf.fk_paiement = p.rowid"; $sql .= " AND p.entity = ".$conf->entity; - $sql .= " AND pf.fk_facture = ".$fac->id; + $sql .= " AND pf.fk_facture = ".((int) $fac->id); $sql .= " ORDER BY p.datep ASC, p.rowid ASC"; $resqlp = $db->query($sql); diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index bd871fd3ea3..5aca25466a3 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -403,7 +403,7 @@ if ($modecompta == 'BOOKKEEPING') { } $sql .= " AND f.entity IN (".getEntity('invoice').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " GROUP BY name, socid"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/compta/sociales/list.php b/htdocs/compta/sociales/list.php index db754390e5e..a4deec56715 100644 --- a/htdocs/compta/sociales/list.php +++ b/htdocs/compta/sociales/list.php @@ -218,7 +218,7 @@ if ($search_amount) { $sql .= natural_search("cs.amount", $search_amount, 1); } if ($search_status != '' && $search_status >= 0) { - $sql .= " AND cs.paye = ".$db->escape($search_status); + $sql .= " AND cs.paye = ".((int) $search_status); } $sql .= dolSqlDateFilter("cs.periode", $search_day_lim, $search_month_lim, $search_year_lim); //$sql.= dolSqlDateFilter("cs.periode", 0, 0, $year); @@ -230,8 +230,8 @@ if ($year > 0) { $sql .= "OR (cs.periode IS NULL AND date_format(cs.date_ech, '%Y') = '".$db->escape($year)."')"; $sql .= ")"; } -if ($search_typeid) { - $sql .= " AND cs.fk_type=".$db->escape($search_typeid); +if ($search_typeid > 0) { + $sql .= " AND cs.fk_type = ".((int) $search_typeid); } $sql .= " GROUP BY cs.rowid, cs.fk_type, cs.fk_user, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle, cs.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos, pay.code, u.lastname"; if (!empty($conf->projet->enabled)) { diff --git a/htdocs/compta/stats/cabyuser.php b/htdocs/compta/stats/cabyuser.php index 63798baf62f..8e3169f1e8c 100644 --- a/htdocs/compta/stats/cabyuser.php +++ b/htdocs/compta/stats/cabyuser.php @@ -262,7 +262,7 @@ if ($modecompta == 'CREANCES-DETTES') { } $sql .= " AND f.entity IN (".getEntity('invoice').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " GROUP BY u.rowid, u.lastname, u.firstname"; $sql .= " ORDER BY u.rowid"; diff --git a/htdocs/compta/stats/index.php b/htdocs/compta/stats/index.php index 05bbbab99d3..e7ec8c61db7 100644 --- a/htdocs/compta/stats/index.php +++ b/htdocs/compta/stats/index.php @@ -681,7 +681,7 @@ print ''; AND p.facture =0"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " GROUP BY p.rowid"; diff --git a/htdocs/compta/stats/supplier_turnover.php b/htdocs/compta/stats/supplier_turnover.php index 0afcb72da2d..7273e8ed529 100644 --- a/htdocs/compta/stats/supplier_turnover.php +++ b/htdocs/compta/stats/supplier_turnover.php @@ -197,7 +197,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " AND f.type IN (0,2)"; $sql .= " AND f.entity IN (".getEntity('supplier_invoice').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } } elseif ($modecompta == "RECETTES-DEPENSES") { $sql = "SELECT date_format(p.datep,'%Y-%m') as dm, sum(pf.amount) as amount_ttc"; @@ -208,7 +208,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " AND pf.fk_facturefourn = f.rowid"; $sql .= " AND f.entity IN (".getEntity('supplier_invoice').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } } elseif ($modecompta == "BOOKKEEPING") { $pcgverid = $conf->global->CHARTOFACCOUNTS; diff --git a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php index a97e15d1499..0ea8418381d 100644 --- a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php +++ b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php @@ -301,7 +301,7 @@ if ($search_country > 0) { } $sql .= " AND f.entity IN (".getEntity('supplier_invoice').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " GROUP BY s.rowid, s.nom, s.zip, s.town, s.fk_pays"; $sql .= " ORDER BY s.rowid"; diff --git a/htdocs/compta/tva/class/tva.class.php b/htdocs/compta/tva/class/tva.class.php index daed5b19f5e..45d3d2e74b4 100644 --- a/htdocs/compta/tva/class/tva.class.php +++ b/htdocs/compta/tva/class/tva.class.php @@ -207,7 +207,7 @@ class Tva extends CommonObject $sql .= " amount=".price2num($this->amount).","; $sql .= " label='".$this->db->escape($this->label)."',"; $sql .= " note='".$this->db->escape($this->note)."',"; - $sql .= " fk_user_creat=".$this->fk_user_creat.","; + $sql .= " fk_user_creat=".((int) $this->fk_user_creat).","; $sql .= " fk_user_modif=".($this->fk_user_modif > 0 ? $this->fk_user_modif : $user->id).""; $sql .= " WHERE rowid=".((int) $this->id); diff --git a/htdocs/compta/tva/list.php b/htdocs/compta/tva/list.php index 17237732cea..69ce8ae8ae5 100644 --- a/htdocs/compta/tva/list.php +++ b/htdocs/compta/tva/list.php @@ -171,16 +171,16 @@ if (!empty($search_datepayment_end)) { $sql .= ' AND t.datep <= "'.$db->idate($search_datepayment_end).'"'; } if (!empty($search_type) && $search_type > 0) { - $sql .= ' AND t.fk_typepayment='.$search_type; + $sql .= ' AND t.fk_typepayment = '.((int) $search_type); } if (!empty($search_account) && $search_account > 0) { - $sql .= ' AND t.fk_account='.$search_account; + $sql .= ' AND t.fk_account = '.((int) $search_account); } if (!empty($search_amount)) { $sql .= natural_search('t.amount', price2num(trim($search_amount)), 1); } if ($search_status != '' && $search_status >= 0) { - $sql .= " AND t.paye = ".$db->escape($search_status); + $sql .= " AND t.paye = ".((int) $search_status); } $sql .= " GROUP BY t.rowid, t.amount, t.label, t.datev, t.datep, t.paye, t.fk_typepayment, t.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos, t.num_payment, pst.code"; diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 78e4ffae99b..e1f987ac2f4 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -591,11 +591,11 @@ class Contact extends CommonObject if (isset($this->stcomm_id)) { $sql .= ", fk_stcommcontact = ".($this->stcomm_id > 0 || $this->stcomm_id == -1 ? $this->stcomm_id : "0"); } - $sql .= ", statut = ".$this->db->escape($this->statut); + $sql .= ", statut = ".((int) $this->statut); $sql .= ", fk_user_modif=".($user->id > 0 ? "'".$this->db->escape($user->id)."'" : "NULL"); $sql .= ", default_lang=".($this->default_lang ? "'".$this->db->escape($this->default_lang)."'" : "NULL"); - $sql .= ", entity = ".$this->db->escape($this->entity); - $sql .= " WHERE rowid=".$this->db->escape($id); + $sql .= ", entity = ".((int) $this->entity); + $sql .= " WHERE rowid=".((int) $id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); @@ -1221,7 +1221,7 @@ class Contact extends CommonObject $obj = $this->db->fetch_object($resql); $sqldel = "DELETE FROM ".MAIN_DB_PREFIX."element_contact"; - $sqldel .= " WHERE rowid = ".$obj->rowid; + $sqldel .= " WHERE rowid = ".((int) $obj->rowid); dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sqldel); if (!$result) { @@ -1324,7 +1324,7 @@ class Contact extends CommonObject $sql = "SELECT c.rowid, c.datec as datec, c.fk_user_creat,"; $sql .= " c.tms as tms, c.fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as c"; - $sql .= " WHERE c.rowid = ".$this->db->escape($id); + $sql .= " WHERE c.rowid = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { @@ -1770,10 +1770,10 @@ class Contact extends CommonObject $sql = "SELECT sc.fk_socpeople as id, sc.fk_c_type_contact"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_contact tc"; $sql .= ", ".MAIN_DB_PREFIX."societe_contacts sc"; - $sql .= " WHERE sc.fk_soc =".$this->socid; + $sql .= " WHERE sc.fk_soc =".((int) $this->socid); $sql .= " AND sc.fk_c_type_contact=tc.rowid"; - $sql .= " AND tc.element='".$this->db->escape($element)."'"; - $sql .= " AND tc.active=1"; + $sql .= " AND tc.element = '".$this->db->escape($element)."'"; + $sql .= " AND tc.active = 1"; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 74e3c704739..5ef0a10deb5 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -392,7 +392,7 @@ if (!$user->rights->societe->client->voir && !$socid) { //restriction $sql .= " AND (sc.fk_user = ".$user->id." OR p.fk_soc IS NULL)"; } if (!empty($userid)) { // propre au commercial - $sql .= " AND p.fk_user_creat=".$db->escape($userid); + $sql .= " AND p.fk_user_creat=".((int) $userid); } if ($search_level) { $sql .= natural_search("p.fk_prospectcontactlevel", join(',', $search_level), 3); @@ -414,19 +414,19 @@ if ($search_priv != '0' && $search_priv != '1') { } if ($search_categ > 0) { - $sql .= " AND cc.fk_categorie = ".$db->escape($search_categ); + $sql .= " AND cc.fk_categorie = ".((int) $search_categ); } if ($search_categ == -2) { $sql .= " AND cc.fk_categorie IS NULL"; } if ($search_categ_thirdparty > 0) { - $sql .= " AND cs.fk_categorie = ".$db->escape($search_categ_thirdparty); + $sql .= " AND cs.fk_categorie = ".((int) $search_categ_thirdparty); } if ($search_categ_thirdparty == -2) { $sql .= " AND cs.fk_categorie IS NULL"; } if ($search_categ_supplier > 0) { - $sql .= " AND cs2.fk_categorie = ".$db->escape($search_categ_supplier); + $sql .= " AND cs2.fk_categorie = ".((int) $search_categ_supplier); } if ($search_categ_supplier == -2) { $sql .= " AND cs2.fk_categorie IS NULL"; @@ -495,10 +495,10 @@ if (count($search_roles) > 0) { $sql .= " AND p.rowid IN (SELECT sc.fk_socpeople FROM ".MAIN_DB_PREFIX."societe_contacts as sc WHERE sc.fk_c_type_contact IN (".$db->sanitize(implode(',', $search_roles))."))"; } if ($search_no_email != '' && $search_no_email >= 0) { - $sql .= " AND p.no_email = ".$db->escape($search_no_email); + $sql .= " AND p.no_email = ".((int) $search_no_email); } if ($search_status != '' && $search_status >= 0) { - $sql .= " AND p.statut = ".$db->escape($search_status); + $sql .= " AND p.statut = ".((int) $search_status); } if ($search_import_key) { $sql .= natural_search("p.import_key", $search_import_key); diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 186e4ee5761..0275baeb3a9 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -3066,9 +3066,9 @@ class ContratLigne extends CommonObjectLine // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET"; - $sql .= " fk_contrat=".$this->fk_contrat.","; + $sql .= " fk_contrat=".((int) $this->fk_contrat).","; $sql .= " fk_product=".($this->fk_product ? "'".$this->db->escape($this->fk_product)."'" : 'null').","; - $sql .= " statut=".$this->statut.","; + $sql .= " statut=".((int) $this->statut).","; $sql .= " label='".$this->db->escape($this->label)."',"; $sql .= " description='".$this->db->escape($this->description)."',"; $sql .= " date_commande=".($this->date_commande != '' ? "'".$this->db->idate($this->date_commande)."'" : "null").","; @@ -3373,11 +3373,11 @@ class ContratLigne extends CommonObjectLine $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET statut = ".ContratLigne::STATUS_CLOSED.","; + $sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET statut = ".((int) ContratLigne::STATUS_CLOSED).","; $sql .= " date_cloture = '".$this->db->idate($date_end)."',"; $sql .= " fk_user_cloture = ".$user->id.","; $sql .= " commentaire = '".$this->db->escape($comment)."'"; - $sql .= " WHERE rowid = ".$this->id." AND statut = ".ContratLigne::STATUS_OPEN; + $sql .= " WHERE rowid = ".$this->id." AND statut = ".((int) ContratLigne::STATUS_OPEN); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index aed4cba2fe1..a5e3da943b7 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -250,7 +250,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $resql = $db->query($sql); diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index cf19f1178f6..ccb36830844 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -265,10 +265,10 @@ if ($search_type_thirdparty != '' && $search_type_thirdparty > 0) { $sql .= " AND s.fk_typent IN (".$db->sanitize($db->escape($search_type_thirdparty)).')'; } if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$search_product_category; + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } if ($socid) { - $sql .= " AND s.rowid = ".$db->escape($socid); + $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -296,13 +296,13 @@ if ($search_town) { $sql .= natural_search(array('s.town'), $search_town); } if ($search_sale > 0) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$search_sale; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($sall) { $sql .= natural_search(array_keys($fieldstosearchall), $sall); } if ($search_user > 0) { - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='contrat' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".$search_user; + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='contrat' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".((int) $search_user); } // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/htdocs/contrat/services_list.php b/htdocs/contrat/services_list.php index a0ecc6b4be8..8368bffbab2 100644 --- a/htdocs/contrat/services_list.php +++ b/htdocs/contrat/services_list.php @@ -257,7 +257,7 @@ if ($search_product_category > 0) { $sql .= " WHERE c.entity = ".$conf->entity; $sql .= " AND c.rowid = cd.fk_contrat"; if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$search_product_category; + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 9e312bee679..f3c68711edd 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -531,7 +531,7 @@ abstract class CommonObject $sql .= " WHERE entity IN (".getEntity($element).")"; if ($id > 0) { - $sql .= " AND rowid = ".$db->escape($id); + $sql .= " AND rowid = ".((int) $id); } elseif ($ref) { $sql .= " AND ref = '".$db->escape($ref)."'"; } elseif ($ref_ext) { @@ -542,7 +542,7 @@ abstract class CommonObject return -1; } if ($ref || $ref_ext) { - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); } dol_syslog(get_class()."::isExistingObject", LOG_DEBUG); @@ -1278,7 +1278,7 @@ abstract class CommonObject } $sql .= " AND tc.active=1"; if ($status >= 0) { - $sql .= " AND ec.statut = ".$status; + $sql .= " AND ec.statut = ".((int) $status); } $sql .= " ORDER BY t.lastname ASC"; @@ -1926,7 +1926,7 @@ abstract class CommonObject if ($format == 'text') { $sql .= $field." = '".$this->db->escape($value)."'"; } elseif ($format == 'int') { - $sql .= $field." = ".$this->db->escape($value); + $sql .= $field." = ".((int) $value); } elseif ($format == 'date') { $sql .= $field." = ".($value ? "'".$this->db->idate($value)."'" : "null"); } @@ -3709,19 +3709,19 @@ abstract class CommonObject $sql .= " WHERE "; if ($justsource || $justtarget) { if ($justsource) { - $sql .= "fk_source = ".$sourceid." AND sourcetype = '".$this->db->escape($sourcetype)."'"; + $sql .= "fk_source = ".((int) $sourceid)." AND sourcetype = '".$this->db->escape($sourcetype)."'"; if ($withtargettype) { $sql .= " AND targettype = '".$this->db->escape($targettype)."'"; } } elseif ($justtarget) { - $sql .= "fk_target = ".$targetid." AND targettype = '".$this->db->escape($targettype)."'"; + $sql .= "fk_target = ".((int) $targetid)." AND targettype = '".$this->db->escape($targettype)."'"; if ($withsourcetype) { $sql .= " AND sourcetype = '".$this->db->escape($sourcetype)."'"; } } } else { - $sql .= "(fk_source = ".$sourceid." AND sourcetype = '".$this->db->escape($sourcetype)."')"; - $sql .= " ".$clause." (fk_target = ".$targetid." AND targettype = '".$this->db->escape($targettype)."')"; + $sql .= "(fk_source = ".((int) $sourceid)." AND sourcetype = '".$this->db->escape($sourcetype)."')"; + $sql .= " ".$clause." (fk_target = ".((int) $targetid)." AND targettype = '".$this->db->escape($targettype)."')"; } $sql .= ' ORDER BY '.$orderby; @@ -4106,12 +4106,12 @@ abstract class CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX.$elementTable; - $sql .= " SET ".$fieldstatus." = ".$status; + $sql .= " SET ".$fieldstatus." = ".((int) $status); // If status = 1 = validated, update also fk_user_valid if ($status == 1 && $elementTable == 'expensereport') { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid=".$elementId; + $sql .= " WHERE rowid=".((int) $elementId); dol_syslog(get_class($this)."::setStatut", LOG_DEBUG); if ($this->db->query($sql)) { @@ -7122,11 +7122,11 @@ abstract class CommonObject $sql .= ' as main'; } if ($selectkey == 'rowid' && empty($value)) { - $sql .= " WHERE ".$selectkey."=0"; + $sql .= " WHERE ".$selectkey." = 0"; } elseif ($selectkey == 'rowid') { - $sql .= " WHERE ".$selectkey."=".$this->db->escape($value); + $sql .= " WHERE ".$selectkey." = ".((int) $value); } else { - $sql .= " WHERE ".$selectkey."='".$this->db->escape($value)."'"; + $sql .= " WHERE ".$selectkey." = '".$this->db->escape($value)."'"; } //$sql.= ' AND entity = '.$conf->entity; diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 32d7faa1557..aaf0f315c1b 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -292,7 +292,7 @@ class DiscountAbsolute $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except"; $sql .= " WHERE (fk_facture_line IS NOT NULL"; // Not used as absolute simple discount $sql .= " OR fk_facture IS NOT NULL)"; // Not used as credit note and not used as deposit - $sql .= " AND fk_facture_source = ".$this->fk_facture_source; + $sql .= " AND fk_facture_source = ".((int) $this->fk_facture_source); //$sql.=" AND rowid != ".$this->id; dol_syslog(get_class($this)."::delete Check if we can remove discount", LOG_DEBUG); diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index dc3726f2634..2f8b0871a83 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1722,11 +1722,11 @@ class ExtraFields $sql .= ' as main'; } if ($selectkey == 'rowid' && empty($value)) { - $sql .= " WHERE ".$selectkey."=0"; + $sql .= " WHERE ".$selectkey." = 0"; } elseif ($selectkey == 'rowid') { - $sql .= " WHERE ".$selectkey."=".$this->db->escape($value); + $sql .= " WHERE ".$selectkey." = ".((int) $value); } else { - $sql .= " WHERE ".$selectkey."='".$this->db->escape($value)."'"; + $sql .= " WHERE ".$selectkey." = '".$this->db->escape($value)."'"; } //$sql.= ' AND entity = '.$conf->entity; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 1dd6712dba6..e084757fe28 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -2497,18 +2497,18 @@ class Form } if ($finished == 0) { - $sql .= " AND p.finished = ".$finished; + $sql .= " AND p.finished = ".((int) $finished); } elseif ($finished == 1) { - $sql .= " AND p.finished = ".$finished; + $sql .= " AND p.finished = ".((int) $finished); if ($status >= 0) { - $sql .= " AND p.tosell = ".$status; + $sql .= " AND p.tosell = ".((int) $status); } } elseif ($status >= 0) { - $sql .= " AND p.tosell = ".$status; + $sql .= " AND p.tosell = ".((int) $status); } // Filter by product type if (strval($filtertype) != '') { - $sql .= " AND p.fk_product_type = ".$filtertype; + $sql .= " AND p.fk_product_type = ".((int) $filtertype); } elseif (empty($conf->product->enabled)) { // when product module is disabled, show services only $sql .= " AND p.fk_product_type = 1"; } elseif (empty($conf->service->enabled)) { // when service module is disabled, show products only @@ -3828,7 +3828,6 @@ class Form $sql = "SELECT id, code, libelle as label, type, active"; $sql .= " FROM ".MAIN_DB_PREFIX."c_paiement"; $sql .= " WHERE entity IN (".getEntity('c_paiement').")"; - //if ($active >= 0) $sql.= " AND active = ".$active; $resql = $this->db->query($sql); if ($resql) { @@ -4061,7 +4060,6 @@ class Form $sql = "SELECT rowid, code, label, active"; $sql .= " FROM ".MAIN_DB_PREFIX."c_transport_mode"; $sql .= " WHERE entity IN (".getEntity('c_transport_mode').")"; - //if ($active >= 0) $sql.= " AND active = ".$active; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/class/html.formaccounting.class.php b/htdocs/core/class/html.formaccounting.class.php index a57e39f1779..fbfde88198b 100644 --- a/htdocs/core/class/html.formaccounting.class.php +++ b/htdocs/core/class/html.formaccounting.class.php @@ -242,7 +242,7 @@ class FormAccounting extends Form $sql .= " WHERE c.active = 1"; $sql .= " AND c.category_type = 0"; if (empty($allcountries)) { - $sql .= " AND c.fk_country = ".$mysoc->country_id; + $sql .= " AND c.fk_country = ".((int) $mysoc->country_id); } $sql .= " ORDER BY c.label ASC"; } else { diff --git a/htdocs/core/class/html.formintervention.class.php b/htdocs/core/class/html.formintervention.class.php index aa0259ba288..7058e80b1d7 100644 --- a/htdocs/core/class/html.formintervention.class.php +++ b/htdocs/core/class/html.formintervention.class.php @@ -77,14 +77,14 @@ class FormIntervention if ($socid == '0') { $sql .= " AND (f.fk_soc = 0 OR f.fk_soc IS NULL)"; } else { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } } dol_syslog(get_class($this)."::select_intervention", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { - $out .= ''; if ($showempty) { $out .= ''; } diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index a9da488907d..00c1c4236c4 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -1275,10 +1275,10 @@ class FormMail extends Form $sql .= " AND entity IN (".getEntity('c_email_templates').")"; $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // Get all public or private owned if ($active >= 0) { - $sql .= " AND active = ".$active; + $sql .= " AND active = ".((int) $active); } if ($label) { - $sql .= " AND label ='".$db->escape($label)."'"; + $sql .= " AND label = '".$db->escape($label)."'"; } if (!($id > 0) && $languagetosearch) { $sql .= " AND (lang = '".$db->escape($languagetosearch)."'".($languagetosearchmain ? " OR lang = '".$db->escape($languagetosearchmain)."'" : "")." OR lang IS NULL OR lang = '')"; @@ -1434,7 +1434,7 @@ class FormMail extends Form $sql .= " AND entity IN (".getEntity('c_email_templates').")"; $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // See all public templates or templates I own. if ($active >= 0) { - $sql .= " AND active = ".$active; + $sql .= " AND active = ".((int) $active); } //if (is_object($outputlangs)) $sql.= " AND (lang = '".$this->db->escape($outputlangs->defaultlang)."' OR lang IS NULL OR lang = '')"; // Return all languages $sql .= $this->db->order("position,lang,label", "ASC"); diff --git a/htdocs/core/class/html.formsocialcontrib.class.php b/htdocs/core/class/html.formsocialcontrib.class.php index 8a40eed9da8..3455b572888 100644 --- a/htdocs/core/class/html.formsocialcontrib.class.php +++ b/htdocs/core/class/html.formsocialcontrib.class.php @@ -76,7 +76,7 @@ class FormSocialContrib $sql = "SELECT c.id, c.libelle as type"; $sql .= " FROM ".MAIN_DB_PREFIX."c_chargesociales as c"; $sql .= " WHERE c.active = 1"; - $sql .= " AND c.fk_pays = ".$mysoc->country_id; + $sql .= " AND c.fk_pays = ".((int) $mysoc->country_id); $sql .= " ORDER BY c.libelle ASC"; } else { $sql = "SELECT c.id, c.libelle as type"; diff --git a/htdocs/core/class/infobox.class.php b/htdocs/core/class/infobox.class.php index 076dace54f0..545d3c12274 100644 --- a/htdocs/core/class/infobox.class.php +++ b/htdocs/core/class/infobox.class.php @@ -105,7 +105,7 @@ class InfoBox $sql .= " WHERE b.box_id = d.rowid"; $sql .= " AND b.entity IN (0,".$conf->entity.")"; if ($zone >= 0) { - $sql .= " AND b.position = ".$zone; + $sql .= " AND b.position = ".((int) $zone); } if (is_object($user)) { $sql .= " AND b.fk_user IN (0,".$user->id.")"; @@ -116,7 +116,7 @@ class InfoBox } else { // available $sql = "SELECT d.rowid as box_id, d.file, d.note, d.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."boxes_def as d"; - $sql .= " WHERE d.entity IN (0,".$conf->entity.")"; + $sql .= " WHERE d.entity IN (0, ".$conf->entity.")"; } dol_syslog(get_class()."::listBoxes get default box list for mode=".$mode." userid=".(is_object($user) ? $user->id : '')."", LOG_DEBUG); @@ -254,8 +254,8 @@ class InfoBox // Delete all lines $sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes"; $sql .= " WHERE entity = ".$conf->entity; - $sql .= " AND fk_user = ".$userid; - $sql .= " AND position = ".$zone; + $sql .= " AND fk_user = ".((int) $userid); + $sql .= " AND position = ".((int) $zone); dol_syslog(get_class()."::saveboxorder", LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/core/class/menubase.class.php b/htdocs/core/class/menubase.class.php index 65fdaff9645..6f024c91b0b 100644 --- a/htdocs/core/class/menubase.class.php +++ b/htdocs/core/class/menubase.class.php @@ -352,10 +352,10 @@ class Menubase $sql .= " type='".$this->db->escape($this->type)."',"; $sql .= " mainmenu='".$this->db->escape($this->mainmenu)."',"; $sql .= " leftmenu='".$this->db->escape($this->leftmenu)."',"; - $sql .= " fk_menu=".$this->fk_menu.","; + $sql .= " fk_menu=".((int) $this->fk_menu).","; $sql .= " fk_mainmenu=".($this->fk_mainmenu ? "'".$this->db->escape($this->fk_mainmenu)."'" : "null").","; $sql .= " fk_leftmenu=".($this->fk_leftmenu ? "'".$this->db->escape($this->fk_leftmenu)."'" : "null").","; - $sql .= " position=".($this->position > 0 ? $this->position : 0).","; + $sql .= " position=".($this->position > 0 ? ((int) $this->position) : 0).","; $sql .= " url='".$this->db->escape($this->url)."',"; $sql .= " target='".$this->db->escape($this->target)."',"; $sql .= " titre='".$this->db->escape($this->title)."',"; diff --git a/htdocs/core/class/notify.class.php b/htdocs/core/class/notify.class.php index 345ec5b38e3..6b32799bc89 100644 --- a/htdocs/core/class/notify.class.php +++ b/htdocs/core/class/notify.class.php @@ -176,7 +176,7 @@ class Notify $sqlnotifcode = ''; if ($notifcode) { if (is_numeric($notifcode)) { - $sqlnotifcode = " AND n.fk_action = ".$notifcode; // Old usage + $sqlnotifcode = " AND n.fk_action = ".((int) $notifcode); // Old usage } else { $sqlnotifcode = " AND a.code = '".$this->db->escape($notifcode)."'"; // New usage } @@ -195,7 +195,7 @@ class Notify $sql .= $sqlnotifcode; $sql .= " AND s.entity IN (".getEntity('societe').")"; if ($socid > 0) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } dol_syslog(__METHOD__." ".$notifcode.", ".$socid."", LOG_DEBUG); @@ -233,7 +233,7 @@ class Notify $sql .= $sqlnotifcode; $sql .= " AND c.entity IN (".getEntity('user').")"; if ($userid > 0) { - $sql .= " AND c.rowid = ".$userid; + $sql .= " AND c.rowid = ".((int) $userid); } dol_syslog(__METHOD__." ".$notifcode.", ".$socid."", LOG_DEBUG); @@ -380,11 +380,11 @@ class Notify $sql .= " AND n.fk_soc = s.rowid"; $sql .= " AND c.statut = 1"; if (is_numeric($notifcode)) { - $sql .= " AND n.fk_action = ".$notifcode; // Old usage + $sql .= " AND n.fk_action = ".((int) $notifcode); // Old usage } else { $sql .= " AND a.code = '".$this->db->escape($notifcode)."'"; // New usage } - $sql .= " AND s.rowid = ".$object->socid; + $sql .= " AND s.rowid = ".((int) $object->socid); $sql .= "\nUNION\n"; } diff --git a/htdocs/core/lib/agenda.lib.php b/htdocs/core/lib/agenda.lib.php index 939e6514c13..ef635b259ff 100644 --- a/htdocs/core/lib/agenda.lib.php +++ b/htdocs/core/lib/agenda.lib.php @@ -168,7 +168,7 @@ function show_array_actions_to_do($max = 5) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } $sql .= " ORDER BY a.datep DESC, a.id DESC"; $sql .= $db->plimit($max, 0); @@ -284,7 +284,7 @@ function show_array_last_actions_done($max = 5) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } $sql .= " ORDER BY a.datep2 DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 61332d8041b..5abc6bfc2ac 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -227,7 +227,7 @@ function societe_prepare_head(Societe $object) if (empty($conf->stripe->enabled)) { $sql .= " AND n.stripe_card_ref IS NULL"; } else { - $sql .= " AND (n.stripe_card_ref IS NULL OR (n.stripe_card_ref IS NOT NULL AND n.status = ".$servicestatus."))"; + $sql .= " AND (n.stripe_card_ref IS NULL OR (n.stripe_card_ref IS NOT NULL AND n.status = ".((int) $servicestatus)."))"; } $resql = $db->query($sql); @@ -1448,7 +1448,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin if (is_object($objcon) && $objcon->id > 0) { $force_filter_contact = true; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm_resources as r ON a.id = r.fk_actioncomm"; - $sql .= " AND r.element_type = '".$db->escape($objcon->table_element)."' AND r.fk_element = ".$objcon->id; + $sql .= " AND r.element_type = '".$db->escape($objcon->table_element)."' AND r.fk_element = ".((int) $objcon->id); } if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur'))) { @@ -1457,7 +1457,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin $sql .= " INNER JOIN ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " ON er.resource_type = 'dolresource'"; $sql .= " AND er.element_id = a.id"; - $sql .= " AND er.resource_id = ".$filterobj->id; + $sql .= " AND er.resource_id = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Project') { /* Nothing */ } elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') { @@ -1940,7 +1940,7 @@ function show_subsidiaries($conf, $langs, $db, $object) $sql = "SELECT s.rowid, s.client, s.fournisseur, s.nom as name, s.name_alias, s.email, s.address, s.zip, s.town, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur, s.canvas"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sql .= " WHERE s.parent = ".$object->id; + $sql .= " WHERE s.parent = ".((int) $object->id); $sql .= " AND s.entity IN (".getEntity('societe').")"; $sql .= " ORDER BY s.nom"; diff --git a/htdocs/core/lib/fourn.lib.php b/htdocs/core/lib/fourn.lib.php index 68910357269..efc9f60147c 100644 --- a/htdocs/core/lib/fourn.lib.php +++ b/htdocs/core/lib/fourn.lib.php @@ -59,7 +59,7 @@ function facturefourn_prepare_head($object) $nbStandingOrders = 0; $sql = "SELECT COUNT(pfd.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; - $sql .= " WHERE pfd.fk_facture_fourn = ".$object->id; + $sql .= " WHERE pfd.fk_facture_fourn = ".((int) $object->id); $sql .= " AND pfd.ext_payment_id IS NULL"; $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php index 16891214ca5..0cbb89ae47b 100644 --- a/htdocs/core/lib/invoice.lib.php +++ b/htdocs/core/lib/invoice.lib.php @@ -734,7 +734,7 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } // Add where from hooks $parameters = array(); @@ -950,7 +950,7 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0) $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -1062,7 +1062,7 @@ function getCustomerInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } // Add where from hooks $parameters = array(); @@ -1250,7 +1250,7 @@ function getPurchaseInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND ff.fk_soc = ".$socid; + $sql .= " AND ff.fk_soc = ".((int) $socid); } // Add where from hooks $parameters = array(); diff --git a/htdocs/core/lib/sendings.lib.php b/htdocs/core/lib/sendings.lib.php index 880019d7b97..0814c0f4825 100644 --- a/htdocs/core/lib/sendings.lib.php +++ b/htdocs/core/lib/sendings.lib.php @@ -246,7 +246,7 @@ function show_list_sending_receive($origin, $origin_id, $filter = '') $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON obj.fk_product = p.rowid"; //TODO Add link to expeditiondet_batch $sql .= " WHERE e.entity IN (".getEntity('expedition').")"; - $sql .= " AND obj.fk_".$origin." = ".$origin_id; + $sql .= " AND obj.fk_".$origin." = ".((int) $origin_id); $sql .= " AND obj.rowid = ed.fk_origin_line"; $sql .= " AND ed.fk_expedition = e.rowid"; if ($filter) { diff --git a/htdocs/core/lib/ticket.lib.php b/htdocs/core/lib/ticket.lib.php index 4d9d4bb2fa2..0ba7f56c615 100644 --- a/htdocs/core/lib/ticket.lib.php +++ b/htdocs/core/lib/ticket.lib.php @@ -336,7 +336,7 @@ function show_ticket_messaging($conf, $langs, $db, $filterobj, $objcon = '', $no if (is_object($objcon) && $objcon->id > 0) { $force_filter_contact = true; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm_resources as r ON a.id = r.fk_actioncomm"; - $sql .= " AND r.element_type = '".$db->escape($objcon->table_element)."' AND r.fk_element = ".$objcon->id; + $sql .= " AND r.element_type = '".$db->escape($objcon->table_element)."' AND r.fk_element = ".((int) $objcon->id); } if (is_object($filterobj) && get_class($filterobj) == 'Societe') { diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php index 6d01fcfee0a..cd9ae5ad297 100644 --- a/htdocs/core/lib/usergroups.lib.php +++ b/htdocs/core/lib/usergroups.lib.php @@ -110,7 +110,7 @@ function user_prepare_head($object) $nbNote = 0; $sql = "SELECT COUNT(n.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."notify_def as n"; - $sql .= " WHERE fk_user = ".$object->id; + $sql .= " WHERE fk_user = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index 5fbfc05a9fb..3b7cc0d1184 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -1371,7 +1371,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it if ($command) { $sql .= " AND command = '".$this->db->escape($command)."'"; } - $sql .= " AND entity = ".$entity; // Must be exact entity + $sql .= " AND entity = ".((int) $entity); // Must be exact entity $now = dol_now(); @@ -1612,7 +1612,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it $sql = "SELECT count(*)"; $sql .= " FROM ".MAIN_DB_PREFIX."const"; $sql .= " WHERE ".$this->db->decrypt('name')." = '".$this->db->escape($name)."'"; - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); if ($result) { @@ -2197,7 +2197,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it $sql = "DELETE FROM ".MAIN_DB_PREFIX."const"; $sql .= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->db->escape($this->const_name)."_".strtoupper($key)."'"; - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); dol_syslog(get_class($this)."::delete_const_".$key."", LOG_DEBUG); if (!$this->db->query($sql)) { diff --git a/htdocs/core/modules/mailings/pomme.modules.php b/htdocs/core/modules/mailings/pomme.modules.php index 03334e62322..a2a54c02c55 100644 --- a/htdocs/core/modules/mailings/pomme.modules.php +++ b/htdocs/core/modules/mailings/pomme.modules.php @@ -171,7 +171,7 @@ class mailing_pomme extends MailingTargets $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; $sql .= " WHERE u.email <> ''"; // u.email IS NOT NULL est implicite dans ce test $sql .= " AND u.entity IN (0,".$conf->entity.")"; - $sql .= " AND u.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")"; + $sql .= " AND u.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")"; if (GETPOSTISSET("filter") && GETPOST("filter") == '1') { $sql .= " AND u.statut=1"; } diff --git a/htdocs/core/modules/mailings/thirdparties.modules.php b/htdocs/core/modules/mailings/thirdparties.modules.php index b3b88224df6..f764c3f5f71 100644 --- a/htdocs/core/modules/mailings/thirdparties.modules.php +++ b/htdocs/core/modules/mailings/thirdparties.modules.php @@ -77,7 +77,7 @@ class mailing_thirdparties extends MailingTargets $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= " WHERE s.email <> ''"; $sql .= " AND s.entity IN (".getEntity('societe').")"; - $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")"; + $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")"; } else { $addFilter = ""; if (GETPOSTISSET("filter_client") && GETPOST("filter_client") <> '-1') { @@ -112,7 +112,7 @@ class mailing_thirdparties extends MailingTargets $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."categorie_societe as cs, ".MAIN_DB_PREFIX."categorie as c"; $sql .= " WHERE s.email <> ''"; $sql .= " AND s.entity IN (".getEntity('societe').")"; - $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")"; + $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")"; $sql .= " AND cs.fk_soc = s.rowid"; $sql .= " AND c.rowid = cs.fk_categorie"; $sql .= " AND c.rowid=".((int) GETPOST('filter', 'int')); @@ -122,7 +122,7 @@ class mailing_thirdparties extends MailingTargets $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."categorie_fournisseur as cs, ".MAIN_DB_PREFIX."categorie as c"; $sql .= " WHERE s.email <> ''"; $sql .= " AND s.entity IN (".getEntity('societe').")"; - $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")"; + $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")"; $sql .= " AND cs.fk_soc = s.rowid"; $sql .= " AND c.rowid = cs.fk_categorie"; $sql .= " AND c.rowid=".((int) GETPOST('filter', 'int')); diff --git a/htdocs/core/modules/mailings/thirdparties_services_expired.modules.php b/htdocs/core/modules/mailings/thirdparties_services_expired.modules.php index 7b5d4f38737..4c848b69ac0 100644 --- a/htdocs/core/modules/mailings/thirdparties_services_expired.modules.php +++ b/htdocs/core/modules/mailings/thirdparties_services_expired.modules.php @@ -110,7 +110,7 @@ class mailing_thirdparties_services_expired extends MailingTargets $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c"; $sql .= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."product as p"; $sql .= " WHERE s.entity IN (".getEntity('societe').")"; - $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")"; + $sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")"; $sql .= " AND s.rowid = c.fk_soc AND cd.fk_contrat = c.rowid AND s.email != ''"; $sql .= " AND cd.statut= 4 AND cd.fk_product=p.rowid AND p.ref = '".$this->db->escape($product)."'"; $sql .= " AND cd.date_fin_validite < '".$this->db->idate($now)."'"; diff --git a/htdocs/core/modules/movement/doc/pdf_standard.modules.php b/htdocs/core/modules/movement/doc/pdf_standard.modules.php index 82d930a1aac..872890958ff 100644 --- a/htdocs/core/modules/movement/doc/pdf_standard.modules.php +++ b/htdocs/core/modules/movement/doc/pdf_standard.modules.php @@ -529,8 +529,8 @@ class pdf_stdandard extends ModelePDFMovement if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sql = "SELECT label"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$objp->rowid; - $sql .= " AND lang='".$this->db->escape($langs->getDefaultLang())."'"; + $sql .= " WHERE fk_product = ".((int) $objp->rowid); + $sql .= " AND lang = '".$this->db->escape($langs->getDefaultLang())."'"; $sql .= " LIMIT 1"; $result = $this->db->query($sql); diff --git a/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php b/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php index d007b421fd7..da95e841728 100644 --- a/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php +++ b/htdocs/core/modules/project/doc/doc_generic_project_odt.modules.php @@ -742,7 +742,7 @@ class doc_generic_project_odt extends ModelePDFProjects $sql .= ", u.lastname, u.firstname, t.thm"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t"; $sql .= " , ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE t.fk_task =".$task->id; + $sql .= " WHERE t.fk_task =".((int) $task->id); $sql .= " AND t.fk_user = u.rowid"; $sql .= " ORDER BY t.task_date DESC"; diff --git a/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php b/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php index 2d263aae6c0..0662e1a5a76 100644 --- a/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php +++ b/htdocs/core/modules/project/task/doc/doc_generic_task_odt.modules.php @@ -657,7 +657,7 @@ class doc_generic_task_odt extends ModelePDFTask $sql .= ", u.lastname, u.firstname"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t"; $sql .= " , ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE t.fk_task =".$object->id; + $sql .= " WHERE t.fk_task =".((int) $object->id); $sql .= " AND t.fk_user = u.rowid"; $sql .= " ORDER BY t.task_date DESC"; diff --git a/htdocs/core/modules/rapport/pdf_paiement.class.php b/htdocs/core/modules/rapport/pdf_paiement.class.php index b69ebdeb828..9f85aca1aff 100644 --- a/htdocs/core/modules/rapport/pdf_paiement.class.php +++ b/htdocs/core/modules/rapport/pdf_paiement.class.php @@ -209,7 +209,7 @@ class pdf_paiement $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if (!empty($socid)) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } // If global param PAYMENTS_REPORT_GROUP_BY_MOD is set, payement are ordered by paiement_code if (!empty($conf->global->PAYMENTS_REPORT_GROUP_BY_MOD)) { diff --git a/htdocs/core/modules/stock/doc/pdf_standard.modules.php b/htdocs/core/modules/stock/doc/pdf_standard.modules.php index a57b996086b..b0cc07dcb62 100644 --- a/htdocs/core/modules/stock/doc/pdf_standard.modules.php +++ b/htdocs/core/modules/stock/doc/pdf_standard.modules.php @@ -315,7 +315,7 @@ class pdf_standard extends ModelePDFStock $sql .= " FROM ".MAIN_DB_PREFIX."product_stock as ps, ".MAIN_DB_PREFIX."product as p"; $sql .= " WHERE ps.fk_product = p.rowid"; $sql .= " AND ps.reel <> 0"; // We do not show if stock is 0 (no product in this warehouse) - $sql .= " AND ps.fk_entrepot = ".$object->id; + $sql .= " AND ps.fk_entrepot = ".((int) $object->id); $sql .= $this->db->order($sortfield, $sortorder); //dol_syslog('List products', LOG_DEBUG); diff --git a/htdocs/datapolicy/class/actions_datapolicy.class.php b/htdocs/datapolicy/class/actions_datapolicy.class.php index cbcaceec743..7a3ba77fb5a 100644 --- a/htdocs/datapolicy/class/actions_datapolicy.class.php +++ b/htdocs/datapolicy/class/actions_datapolicy.class.php @@ -121,7 +121,7 @@ class ActionsDatapolicy if ($object->update($object->id, $user, 0)) { // On supprime les contacts associé - $sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".$object->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".((int) $object->id); $this->db->query($sql); setEventMessages($langs->trans('ANONYMISER_SUCCESS'), array()); diff --git a/htdocs/don/class/api_donations.class.php b/htdocs/don/class/api_donations.class.php index 3ae04c64833..cfd9e8ccd8b 100644 --- a/htdocs/don/class/api_donations.class.php +++ b/htdocs/don/class/api_donations.class.php @@ -123,7 +123,7 @@ class Donations extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($thirdparty_ids) { - $sql .= " AND t.fk_soc = ".$thirdparty_ids." "; + $sql .= " AND t.fk_soc = ".((int) $thirdparty_ids)." "; } // Add sql filters diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php index 56062868d86..181b3fc0ca3 100644 --- a/htdocs/don/class/don.class.php +++ b/htdocs/don/class/don.class.php @@ -476,8 +476,8 @@ class Don extends CommonObject $sql .= ",address='".$this->db->escape($this->address)."'"; $sql .= ",zip='".$this->db->escape($this->zip)."'"; $sql .= ",town='".$this->db->escape($this->town)."'"; - $sql .= ",fk_country = ".($this->country_id > 0 ? $this->country_id : '0'); - $sql .= ",public=".$this->public; + $sql .= ",fk_country = ".($this->country_id > 0 ? ((int) $this->country_id) : '0'); + $sql .= ",public=".((int) $this->public); $sql .= ",fk_projet=".($this->fk_project > 0 ? $this->fk_project : 'null'); $sql .= ",note_private=".(!empty($this->note_private) ? ("'".$this->db->escape($this->note_private)."'") : "NULL"); $sql .= ",note_public=".(!empty($this->note_public) ? ("'".$this->db->escape($this->note_public)."'") : "NULL"); @@ -486,8 +486,8 @@ class Don extends CommonObject $sql .= ",email='".$this->db->escape(trim($this->email))."'"; $sql .= ",phone='".$this->db->escape(trim($this->phone))."'"; $sql .= ",phone_mobile='".$this->db->escape(trim($this->phone_mobile))."'"; - $sql .= ",fk_statut=".$this->statut; - $sql .= " WHERE rowid = ".$this->id; + $sql .= ",fk_statut=".((int) $this->statut); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::Update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php index b292dd33429..035a7aee9c6 100644 --- a/htdocs/ecm/class/ecmfiles.class.php +++ b/htdocs/ecm/class/ecmfiles.class.php @@ -425,7 +425,7 @@ class EcmFiles extends CommonObject //$sql .= " AND t.entity = ".$conf->entity; // hashforshare already unique } elseif ($src_object_type && $src_object_id) { // Warning: May return several record, and only first one is returned ! - $sql .= " AND t.src_object_type ='".$this->db->escape($src_object_type)."' AND t.src_object_id = ".$this->db->escape($src_object_id); + $sql .= " AND t.src_object_type = '".$this->db->escape($src_object_type)."' AND t.src_object_id = ".((int) $src_object_id); $sql .= " AND t.entity = ".$conf->entity; } else { $sql .= ' AND t.rowid = '.((int) $id); // rowid already unique diff --git a/htdocs/eventorganization/conferenceorboothattendee_list.php b/htdocs/eventorganization/conferenceorboothattendee_list.php index e282da6a4d9..6ece0bc115e 100644 --- a/htdocs/eventorganization/conferenceorboothattendee_list.php +++ b/htdocs/eventorganization/conferenceorboothattendee_list.php @@ -234,7 +234,7 @@ $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters, $obje $sql .= preg_replace('/^,/', '', $hookmanager->resPrint); $sql = preg_replace('/,\s*$/', '', $sql); $sql .= " FROM ".MAIN_DB_PREFIX.$object->table_element." as t"; -$sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as a on a.id=t.fk_actioncomm AND a.id=".$confOrBooth->id; +$sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as a on a.id=t.fk_actioncomm AND a.id=".((int) $confOrBooth->id); if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as ef on (t.rowid = ef.fk_object)"; } diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index ae643ee688a..02ac007d30f 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -1982,7 +1982,7 @@ if ($action == 'create') { //if ($conf->delivery_note->enabled) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."delivery as l ON l.fk_expedition = e.rowid LEFT JOIN ".MAIN_DB_PREFIX."deliverydet as ld ON ld.fk_delivery = l.rowid AND obj.rowid = ld.fk_origin_line"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON obj.fk_product = p.rowid"; $sql .= " WHERE e.entity IN (".getEntity('expedition').")"; - $sql .= " AND obj.fk_".$origin." = ".$origin_id; + $sql .= " AND obj.fk_".$origin." = ".((int) $origin_id); $sql .= " AND obj.rowid = ed.fk_origin_line"; $sql .= " AND ed.fk_expedition = e.rowid"; //if ($filter) $sql.= $filter; diff --git a/htdocs/expedition/class/api_shipments.class.php b/htdocs/expedition/class/api_shipments.class.php index dcd619da76e..2a4b6765b4e 100644 --- a/htdocs/expedition/class/api_shipments.class.php +++ b/htdocs/expedition/class/api_shipments.class.php @@ -140,7 +140,7 @@ class Shipments extends DolibarrApi } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index ea5bd17fdfb..ee7324a22c4 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -2125,7 +2125,7 @@ class Expedition extends CommonObject if (!empty($this->shipping_method_id)) { $sql = "SELECT em.code, em.tracking"; $sql .= " FROM ".MAIN_DB_PREFIX."c_shipment_mode as em"; - $sql .= " WHERE em.rowid = ".$this->shipping_method_id; + $sql .= " WHERE em.rowid = ".((int) $this->shipping_method_id); $resql = $this->db->query($sql); if ($resql) { @@ -2981,8 +2981,8 @@ class ExpeditionLigne extends CommonObjectLine // update line $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; $sql .= " fk_entrepot = ".($this->entrepot_id > 0 ? $this->entrepot_id : 'null'); - $sql .= " , qty = ".$qty; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " , qty = ".((float) price2num($qty, 'MS')); + $sql .= " WHERE rowid = ".((int) $this->id); if (!$this->db->query($sql)) { $this->errors[] = $this->db->lasterror()." - sql=$sql"; diff --git a/htdocs/expedition/class/expeditionbatch.class.php b/htdocs/expedition/class/expeditionbatch.class.php index 736cfba6e42..03066869450 100644 --- a/htdocs/expedition/class/expeditionbatch.class.php +++ b/htdocs/expedition/class/expeditionbatch.class.php @@ -186,7 +186,7 @@ class ExpeditionLineBatch extends CommonObject } $sql .= " FROM ".MAIN_DB_PREFIX.self::$_table_element." as eb"; if ($fk_product > 0) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON pl.batch = eb.batch AND pl.fk_product = ".$fk_product; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON pl.batch = eb.batch AND pl.fk_product = ".((int) $fk_product); } $sql .= " WHERE fk_expeditiondet=".(int) $id_line_expdet; diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index a1070d02ef1..5a110d33f2a 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -282,7 +282,7 @@ if ($search_user > 0) { } $sql .= " WHERE e.entity IN (".getEntity('expedition').")"; if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$search_product_category; + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } if ($socid > 0) { $sql .= ' AND s.rowid = '.$socid; @@ -292,7 +292,7 @@ if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no $sql .= " AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND e.fk_soc = ".$socid; + $sql .= " AND e.fk_soc = ".((int) $socid); } if ($search_status <> '' && $search_status >= 0) { $sql .= " AND e.fk_statut = ".((int) $search_status); @@ -322,7 +322,7 @@ if ($search_type_thirdparty != '' && $search_type_thirdparty > 0) { $sql .= " AND s.fk_typent IN (".$db->sanitize($search_type_thirdparty).')'; } if ($search_sale > 0) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$search_sale; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { // The contact on a shipment is also the contact of the order. @@ -353,7 +353,7 @@ if ($sall) { $sql .= natural_search(array_keys($fieldstosearchall), $sall); } if ($search_categ_cus > 0) { - $sql .= " AND cc.fk_categorie = ".$db->escape($search_categ_cus); + $sql .= " AND cc.fk_categorie = ".((int) $search_categ_cus); } if ($search_categ_cus == -2) { $sql .= " AND cc.fk_categorie IS NULL"; diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php index 8f5903dd988..42b8630bd3c 100644 --- a/htdocs/expedition/shipment.php +++ b/htdocs/expedition/shipment.php @@ -626,7 +626,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' p.surface, p.surface_units, p.volume, p.volume_units'; $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid"; - $sql .= " WHERE cd.fk_commande = ".$object->id; + $sql .= " WHERE cd.fk_commande = ".((int) $object->id); $sql .= " ORDER BY cd.rang, cd.rowid"; //print $sql; diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index 34bef81e5a2..6cd3531f82d 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -990,9 +990,9 @@ class ExpenseReport extends CommonObject $total_ttc = $total_ht + $total_tva; $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; - $sql .= " total_ht = ".$total_ht; - $sql .= " , total_ttc = ".$total_ttc; - $sql .= " , total_tva = ".$total_tva; + $sql .= " total_ht = ".price2num($total_ht, 'MT'); + $sql .= " , total_ttc = ".price2num($total_ttc, 'MT'); + $sql .= " , total_tva = ".price2num($total_tva, 'MT'); $sql .= " WHERE rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) : @@ -2811,30 +2811,30 @@ class ExpenseReportLine // Update line in database $sql = "UPDATE ".MAIN_DB_PREFIX."expensereport_det SET"; $sql .= " comments='".$this->db->escape($this->comments)."'"; - $sql .= ",value_unit=".$this->db->escape($this->value_unit); - $sql .= ",qty=".$this->db->escape($this->qty); + $sql .= ",value_unit = ".((float) $this->value_unit); + $sql .= ",qty=".((float) $this->qty); $sql .= ",date='".$this->db->idate($this->date)."'"; - $sql .= ",total_ht=".$this->db->escape($this->total_ht).""; - $sql .= ",total_tva=".$this->db->escape($this->total_tva).""; - $sql .= ",total_ttc=".$this->db->escape($this->total_ttc).""; - $sql .= ",tva_tx=".$this->db->escape($this->vatrate); + $sql .= ",total_ht=".((float) price2num($this->total_ht, 'MT')).""; + $sql .= ",total_tva=".((float) price2num($this->total_tva, 'MT')).""; + $sql .= ",total_ttc=".((float) price2num($this->total_ttc, 'MT')).""; + $sql .= ",tva_tx=".((float) $this->vatrate); $sql .= ",vat_src_code='".$this->db->escape($this->vat_src_code)."'"; $sql .= ",rule_warning_message='".$this->db->escape($this->rule_warning_message)."'"; $sql .= ",fk_c_exp_tax_cat=".$this->db->escape($this->fk_c_exp_tax_cat); - $sql .= ",fk_ecm_files=".($this->fk_ecm_files > 0 ? $this->fk_ecm_files : 'null'); + $sql .= ",fk_ecm_files=".($this->fk_ecm_files > 0 ? ((int) $this->fk_ecm_files) : 'null'); if ($this->fk_c_type_fees) { - $sql .= ",fk_c_type_fees=".$this->db->escape($this->fk_c_type_fees); + $sql .= ",fk_c_type_fees = ".((int) $this->fk_c_type_fees); } else { $sql .= ",fk_c_type_fees=null"; } if ($this->fk_project > 0) { - $sql .= ",fk_projet=".$this->db->escape($this->fk_project); + $sql .= ",fk_projet=".((int) $this->fk_project); } else { $sql .= ",fk_projet=null"; } - $sql .= " WHERE rowid = ".$this->db->escape($this->rowid ? $this->rowid : $this->id); + $sql .= " WHERE rowid = ".((int) ($this->rowid ? $this->rowid : $this->id)); - dol_syslog("ExpenseReportLine::update sql=".$sql); + dol_syslog("ExpenseReportLine::update"); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php index fb031d81583..44ff46b233c 100644 --- a/htdocs/fichinter/card-rec.php +++ b/htdocs/fichinter/card-rec.php @@ -388,7 +388,7 @@ if ($action == 'create') { $sql = 'SELECT l.rowid, l.description, l.duree'; $sql .= " FROM ".MAIN_DB_PREFIX."fichinterdet as l"; - $sql .= " WHERE l.fk_fichinter= ".$object->id; + $sql .= " WHERE l.fk_fichinter= ".((int) $object->id); //$sql.= " AND l.fk_product is null "; $sql .= " ORDER BY l.rang"; diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index e2ac86f55bd..2e9d8a4a9b1 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -379,8 +379,8 @@ class Fichinter extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter SET "; $sql .= "description = '".$this->db->escape($this->description)."'"; - $sql .= ", duree = ".$this->duration; - $sql .= ", fk_projet = ".$this->fk_project; + $sql .= ", duree = ".((int) $this->duration); + $sql .= ", fk_projet = ".((int) $this->fk_project); $sql .= ", note_private = ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : "null"); $sql .= ", note_public = ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : "null"); $sql .= ", fk_user_modif = ".$user->id; diff --git a/htdocs/fourn/class/api_supplier_invoices.class.php b/htdocs/fourn/class/api_supplier_invoices.class.php index 34939bb599a..df1bf36b723 100644 --- a/htdocs/fourn/class/api_supplier_invoices.class.php +++ b/htdocs/fourn/class/api_supplier_invoices.class.php @@ -155,7 +155,7 @@ class SupplierInvoices extends DolibarrApi } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/fourn/class/api_supplier_orders.class.php b/htdocs/fourn/class/api_supplier_orders.class.php index 09c9209629f..d4eedcd0fd9 100644 --- a/htdocs/fourn/class/api_supplier_orders.class.php +++ b/htdocs/fourn/class/api_supplier_orders.class.php @@ -171,7 +171,7 @@ class SupplierOrders extends DolibarrApi } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index e2196d5595d..d9ca371c133 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -3058,7 +3058,7 @@ class CommandeFournisseur extends CommonOrder if ($this->methode_commande_id > 0) { $sql = "SELECT rowid, code, libelle as label"; $sql .= " FROM ".MAIN_DB_PREFIX.'c_input_method'; - $sql .= " WHERE active=1 AND rowid = ".$this->db->escape($this->methode_commande_id); + $sql .= " WHERE active=1 AND rowid = ".((int) $this->methode_commande_id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 81533dae324..a48d00c820b 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -3401,7 +3401,7 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= ", pu_ttc = ".price2num($this->pu_ttc); $sql .= ", qty = ".price2num($this->qty); $sql .= ", remise_percent = ".price2num($this->remise_percent); - if ($this->fk_remise_except) $sql.= ", fk_remise_except=".$this->fk_remise_except; + if ($this->fk_remise_except) $sql.= ", fk_remise_except=".((int) $this->fk_remise_except); else $sql.= ", fk_remise_except=null"; $sql .= ", vat_src_code = '".$this->db->escape(empty($this->vat_src_code) ? '' : $this->vat_src_code)."'"; $sql .= ", tva_tx = ".price2num($this->tva_tx); @@ -3414,10 +3414,10 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= ", total_localtax1= ".price2num($this->total_localtax1); $sql .= ", total_localtax2= ".price2num($this->total_localtax2); $sql .= ", total_ttc = ".price2num($this->total_ttc); - $sql .= ", fk_product = ".$fk_product; - $sql .= ", product_type = ".$this->product_type; - $sql .= ", info_bits = ".$this->info_bits; - $sql .= ", fk_unit = ".$fk_unit; + $sql .= ", fk_product = ".((int) $fk_product); + $sql .= ", product_type = ".((int) $this->product_type); + $sql .= ", info_bits = ".((int) $this->info_bits); + $sql .= ", fk_unit = ".((int) $fk_unit); // Multicurrency $sql .= " , multicurrency_subprice=".price2num($this->multicurrency_subprice).""; @@ -3425,7 +3425,7 @@ class SupplierInvoiceLine extends CommonObjectLine $sql .= " , multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= " , multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php index 21b4ec377a2..2172af578e9 100644 --- a/htdocs/fourn/class/fournisseur.product.class.php +++ b/htdocs/fourn/class/fournisseur.product.class.php @@ -789,14 +789,14 @@ class ProductFournisseur extends Product $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; $sql .= " WHERE s.entity IN (".getEntity('societe').")"; $sql .= " AND pfp.entity = ".$conf->entity; // only current entity - $sql .= " AND pfp.fk_product = ".$prodid; + $sql .= " AND pfp.fk_product = ".((int) $prodid); $sql .= " AND pfp.fk_soc = s.rowid"; $sql .= " AND s.status = 1"; // only enabled society if ($qty > 0) { - $sql .= " AND pfp.quantity <= ".$qty; + $sql .= " AND pfp.quantity <= ".((float) $qty); } if ($socid > 0) { - $sql .= ' AND pfp.fk_soc = '.$socid; + $sql .= ' AND pfp.fk_soc = '.((int) $socid); } dol_syslog(get_class($this)."::find_min_price_product_fournisseur", LOG_DEBUG); @@ -1001,7 +1001,7 @@ class ProductFournisseur extends Product $sql .= " WHERE pfp.entity IN (".getEntity('productprice').")"; $sql .= " AND pfpl.fk_user = u.rowid"; $sql .= " AND pfp.rowid = pfpl.fk_product_fournisseur"; - $sql .= " AND pfpl.fk_product_fournisseur = ".$product_fourn_price_id; + $sql .= " AND pfpl.fk_product_fournisseur = ".((int) $product_fourn_price_id); if (empty($sortfield)) { $sql .= " ORDER BY pfpl.datec"; } else { diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php index eef851c6d73..1ea5db20b59 100644 --- a/htdocs/fourn/commande/index.php +++ b/htdocs/fourn/commande/index.php @@ -183,7 +183,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " AND c.entity IN (".getEntity("supplier_order").")"; // Thirdparty sharing is mandatory with supplier order sharing $sql .= " AND c.fk_statut = 0"; if (!empty($socid)) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -290,7 +290,7 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; //$sql.= " AND c.fk_statut > 2"; if (!empty($socid)) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -359,7 +359,7 @@ if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX $sql.= " WHERE c.fk_soc = s.rowid"; $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 1"; -if ($socid) $sql.= " AND c.fk_soc = ".$socid; +if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " ORDER BY c.rowid DESC"; diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index d8959ada7c0..25f71f85eb4 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -651,7 +651,7 @@ $sql .= $hookmanager->resPrint; $sql .= ' WHERE cf.fk_soc = s.rowid'; $sql .= ' AND cf.entity IN ('.getEntity('supplier_order').')'; if ($socid > 0) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -672,10 +672,10 @@ if ($search_request_author) { $sql .= natural_search(array('u.lastname', 'u.firstname', 'u.login'), $search_request_author); } if ($search_billed != '' && $search_billed >= 0) { - $sql .= " AND cf.billed = ".$db->escape($search_billed); + $sql .= " AND cf.billed = ".((int) $search_billed); } if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$search_product_category; + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } //Required triple check because statut=0 means draft filter if (GETPOST('statut', 'intcomma') !== '') { @@ -705,7 +705,7 @@ if ($search_company) { $sql .= natural_search('s.nom', $search_company); } if ($search_sale > 0) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$db->escape($search_sale); + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='supplier_order' AND tc.source='internal' AND ec.element_id = cf.rowid AND ec.fk_socpeople = ".$db->escape($search_user); diff --git a/htdocs/fourn/contact.php b/htdocs/fourn/contact.php index 82c8df6ac66..3196ffed7ac 100644 --- a/htdocs/fourn/contact.php +++ b/htdocs/fourn/contact.php @@ -94,7 +94,7 @@ if ($contactname) { } if ($socid) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } $sql .= " ORDER BY $sortfield $sortorder "; diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 0c4f21ae4be..8578f82137d 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -451,10 +451,10 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($search_product_category > 0) { - $sql .= " AND cp.fk_categorie = ".$search_product_category; + $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } if ($socid > 0) { - $sql .= ' AND s.rowid = '.$socid; + $sql .= ' AND s.rowid = '.((int) $socid); } if ($search_ref) { if (is_numeric($search_ref)) { diff --git a/htdocs/fourn/index.php b/htdocs/fourn/index.php index 4a761ea8b70..8d124f46350 100644 --- a/htdocs/fourn/index.php +++ b/htdocs/fourn/index.php @@ -172,7 +172,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S $sql .= " AND ff.entity = ".$conf->entity; $sql .= " AND ff.fk_statut = 0"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -243,7 +243,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } $sql .= " ORDER BY s.tms DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/fourn/product/list.php b/htdocs/fourn/product/list.php index ed137fd5d86..5ecec959614 100644 --- a/htdocs/fourn/product/list.php +++ b/htdocs/fourn/product/list.php @@ -174,10 +174,10 @@ if ($snom) { $sql .= natural_search('p.label', $snom); } if ($catid) { - $sql .= " AND cp.fk_categorie = ".$catid; + $sql .= " AND cp.fk_categorie = ".((int) $catid); } if ($fourn_id > 0) { - $sql .= " AND ppf.fk_soc = ".$fourn_id; + $sql .= " AND ppf.fk_soc = ".((int) $fourn_id); } // Add WHERE filters from hooks diff --git a/htdocs/fourn/recap-fourn.php b/htdocs/fourn/recap-fourn.php index adeaf7b1447..353083bd717 100644 --- a/htdocs/fourn/recap-fourn.php +++ b/htdocs/fourn/recap-fourn.php @@ -134,7 +134,7 @@ if ($socid > 0) { $sql .= " ".MAIN_DB_PREFIX."paiementfourn as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON p.fk_user_author = u.rowid"; $sql .= " WHERE pf.fk_paiementfourn = p.rowid"; - $sql .= " AND pf.fk_facturefourn = ".$fac->id; + $sql .= " AND pf.fk_facturefourn = ".((int) $fac->id); $resqlp = $db->query($sql); if ($resqlp) { diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 55dd1c4bafb..7e3585bd5bc 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -1477,7 +1477,7 @@ class Holiday extends CommonObject if ($num > 0) { // Update for user $sql = "UPDATE ".MAIN_DB_PREFIX."holiday_users SET"; - $sql .= " nb_holiday = ".$nbHoliday; + $sql .= " nb_holiday = ".((int) $nbHoliday); $sql .= " WHERE fk_user = ".(int) $userID." AND fk_type = ".(int) $fk_type; $result = $this->db->query($sql); if (!$result) { @@ -1487,7 +1487,7 @@ class Holiday extends CommonObject } else { // Insert for user $sql = "INSERT INTO ".MAIN_DB_PREFIX."holiday_users(nb_holiday, fk_user, fk_type) VALUES ("; - $sql .= $nbHoliday; + $sql .= ((int) $nbHoliday); $sql .= ", ".(int) $userID.", ".(int) $fk_type.")"; $result = $this->db->query($sql); if (!$result) { diff --git a/htdocs/hrm/class/establishment.class.php b/htdocs/hrm/class/establishment.class.php index c2fa520442b..2cac4a1352b 100644 --- a/htdocs/hrm/class/establishment.class.php +++ b/htdocs/hrm/class/establishment.class.php @@ -264,10 +264,10 @@ class Establishment extends CommonObject $sql .= ", zip = '".$this->db->escape($this->zip)."'"; $sql .= ", town = '".$this->db->escape($this->town)."'"; $sql .= ", fk_country = ".($this->country_id > 0 ? $this->country_id : 'null'); - $sql .= ", status = ".$this->db->escape($this->status); - $sql .= ", fk_user_mod = ".$user->id; - $sql .= ", entity = ".$this->entity; - $sql .= " WHERE rowid = ".$this->id; + $sql .= ", status = ".((int) $this->status); + $sql .= ", fk_user_mod = ".((int) $user->id); + $sql .= ", entity = ".((int) $this->entity); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/hrm/index.php b/htdocs/hrm/index.php index 50fd4c3f521..2315edc100c 100644 --- a/htdocs/hrm/index.php +++ b/htdocs/hrm/index.php @@ -190,7 +190,7 @@ if (!empty($conf->holiday->enabled) && $user->rights->holiday->read) { $sql .= ' AND x.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - //if (!empty($socid)) $sql.= " AND x.fk_soc = ".$socid; + //if (!empty($socid)) $sql.= " AND x.fk_soc = ".((int) $socid); $sql .= $db->order("x.tms", "DESC"); $sql .= $db->plimit($max, 0); @@ -271,7 +271,7 @@ if (!empty($conf->expensereport->enabled) && $user->rights->expensereport->lire) $sql .= ' AND x.fk_user_author IN ('.$db->sanitize(join(',', $childids)).')'; } //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - //if (!empty($socid)) $sql.= " AND x.fk_soc = ".$socid; + //if (!empty($socid)) $sql.= " AND x.fk_soc = ".((int) $socid); $sql .= $db->order("x.tms", "DESC"); $sql .= $db->plimit($max, 0); diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index f94e461398b..23acc7d4a1b 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -1183,7 +1183,7 @@ function migrate_contracts_date2($db, $langs, $conf) print $langs->trans('MigrationContractsInvalidDateFix', $obj->cref, $obj->date_contrat, $obj->datemin)."
\n"; $sql = "UPDATE ".MAIN_DB_PREFIX."contrat"; $sql .= " SET date_contrat='".$db->idate($datemin)."'"; - $sql .= " WHERE rowid=".$obj->cref; + $sql .= " WHERE rowid = ".((int) $obj->cref); $resql2 = $db->query($sql); if (!$resql2) { dol_print_error($db); @@ -1275,8 +1275,8 @@ function migrate_contracts_open($db, $langs, $conf) print $langs->trans('MigrationReopenThisContract', $obj->cref)."
\n"; $sql = "UPDATE ".MAIN_DB_PREFIX."contrat"; - $sql .= " SET statut=1"; - $sql .= " WHERE rowid=".$obj->cref; + $sql .= " SET statut = 1"; + $sql .= " WHERE rowid = ".((int) $obj->cref); $resql2 = $db->query($sql); if (!$resql2) { dol_print_error($db); @@ -2835,8 +2835,8 @@ function migrate_project_task_time($db, $langs, $conf) $newtime = $hour + $min; $sql2 = "UPDATE ".MAIN_DB_PREFIX."projet_task_time SET"; - $sql2 .= " task_duration = ".$newtime; - $sql2 .= " WHERE rowid = ".$obj->rowid; + $sql2 .= " task_duration = ".((int) $newtime); + $sql2 .= " WHERE rowid = ".((int) $obj->rowid); $resql2 = $db->query($sql2); if (!$resql2) { @@ -2865,7 +2865,7 @@ function migrate_project_task_time($db, $langs, $conf) if ($oldtime > 0) { foreach ($totaltime as $taskid => $total_duration) { $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET"; - $sql .= " duration_effective = ".$total_duration; + $sql .= " duration_effective = ".((int) $total_duration); $sql .= " WHERE rowid = ".((int) $taskid); $resql = $db->query($sql); @@ -2945,7 +2945,7 @@ function migrate_customerorder_shipping($db, $langs, $conf) $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."expedition SET"; $sqlUpdate .= " ref_customer = '".$db->escape($obj->ref_client)."'"; $sqlUpdate .= ", date_delivery = '".$db->escape($obj->delivery_date ? $obj->delivery_date : 'null')."'"; - $sqlUpdate .= " WHERE rowid = ".$obj->shipping_id; + $sqlUpdate .= " WHERE rowid = ".((int) $obj->shipping_id); $result = $db->query($sqlUpdate); if (!$result) { @@ -3407,8 +3407,8 @@ function migrate_categorie_association($db, $langs, $conf) $obj = $db->fetch_object($resql); $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."categorie SET "; - $sqlUpdate .= "fk_parent = ".$obj->fk_categorie_mere; - $sqlUpdate .= " WHERE rowid = ".$obj->fk_categorie_fille; + $sqlUpdate .= "fk_parent = ".((int) $obj->fk_categorie_mere); + $sqlUpdate .= " WHERE rowid = ".((int) $obj->fk_categorie_fille); $result = $db->query($sqlUpdate); if (!$result) { diff --git a/htdocs/intracommreport/list.php b/htdocs/intracommreport/list.php index 1ba796026c6..686bd16d5de 100644 --- a/htdocs/intracommreport/list.php +++ b/htdocs/intracommreport/list.php @@ -237,8 +237,8 @@ if (dol_strlen($search_type) && $search_type != '-1') { if ($search_ref) $sql .= natural_search('i.ref', $search_ref); if ($search_label) $sql .= natural_search('i.label', $search_label); if ($search_barcode) $sql .= natural_search('i.barcode', $search_barcode); -if (isset($search_tosell) && dol_strlen($search_tosell) > 0 && $search_tosell!=-1) $sql.= " AND i.tosell = ".$db->escape($search_tosell); -if (isset($search_tobuy) && dol_strlen($search_tobuy) > 0 && $search_tobuy!=-1) $sql.= " AND i.tobuy = ".$db->escape($search_tobuy); +if (isset($search_tosell) && dol_strlen($search_tosell) > 0 && $search_tosell!=-1) $sql.= " AND i.tosell = ".((int) $search_tosell); +if (isset($search_tobuy) && dol_strlen($search_tobuy) > 0 && $search_tobuy!=-1) $sql.= " AND i.tobuy = ".((int) $search_tobuy); if (dol_strlen($canvas) > 0) $sql.= " AND i.canvas = '".$db->escape($canvas)."'"; */ diff --git a/htdocs/knowledgemanagement/knowledgemanagementindex.php b/htdocs/knowledgemanagement/knowledgemanagementindex.php index 86ea3f10e08..0402ab07710 100644 --- a/htdocs/knowledgemanagement/knowledgemanagementindex.php +++ b/htdocs/knowledgemanagement/knowledgemanagementindex.php @@ -113,7 +113,7 @@ if (! empty($conf->knowledgemanagement->enabled) && $user->rights->knowledgemana $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); if ($resql) diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php index b628de1b68b..b5c0ffc0add 100644 --- a/htdocs/loan/class/loan.class.php +++ b/htdocs/loan/class/loan.class.php @@ -356,12 +356,12 @@ class Loan extends CommonObject $sql .= " capital='".price2num($this->db->escape($this->capital))."',"; $sql .= " datestart='".$this->db->idate($this->datestart)."',"; $sql .= " dateend='".$this->db->idate($this->dateend)."',"; - $sql .= " nbterm=".$this->nbterm.","; - $sql .= " rate=".$this->db->escape($this->rate).","; + $sql .= " nbterm=".((float) $this->nbterm).","; + $sql .= " rate=".((float) $this->rate).","; $sql .= " accountancy_account_capital = '".$this->db->escape($this->account_capital)."',"; $sql .= " accountancy_account_insurance = '".$this->db->escape($this->account_insurance)."',"; $sql .= " accountancy_account_interest = '".$this->db->escape($this->account_interest)."',"; - $sql .= " fk_projet=".(empty($this->fk_project) ? 'NULL' : $this->fk_project).","; + $sql .= " fk_projet=".(empty($this->fk_project) ? 'NULL' : ((int) $this->fk_project)).","; $sql .= " fk_user_modif = ".$user->id.","; $sql .= " insurance_amount = '".price2num($this->db->escape($this->insurance_amount))."'"; $sql .= " WHERE rowid=".((int) $this->id); diff --git a/htdocs/margin/agentMargins.php b/htdocs/margin/agentMargins.php index 1ac670c4a7f..5f8c7320cd1 100644 --- a/htdocs/margin/agentMargins.php +++ b/htdocs/margin/agentMargins.php @@ -171,9 +171,9 @@ $sql .= ' AND s.entity IN ('.getEntity('societe').')'; $sql .= " AND d.fk_facture = f.rowid"; if ($agentid > 0) { if (!empty($conf->global->AGENT_CONTACT_TYPE)) { - $sql .= " AND ((e.fk_socpeople IS NULL AND sc.fk_user = ".$agentid.") OR (e.fk_socpeople IS NOT NULL AND e.fk_socpeople = ".$agentid."))"; + $sql .= " AND ((e.fk_socpeople IS NULL AND sc.fk_user = ".((int) $agentid).") OR (e.fk_socpeople IS NOT NULL AND e.fk_socpeople = ".((int) $agentid)."))"; } else { - $sql .= " AND sc.fk_user = ".$agentid; + $sql .= " AND sc.fk_user = ".((int) $agentid); } } if (!empty($startdate)) { diff --git a/htdocs/margin/tabs/productMargins.php b/htdocs/margin/tabs/productMargins.php index 6f2337d1baf..a5e6e6af6e9 100644 --- a/htdocs/margin/tabs/productMargins.php +++ b/htdocs/margin/tabs/productMargins.php @@ -158,7 +158,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND f.fk_statut > 0"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND d.fk_facture = f.rowid"; - $sql .= " AND d.fk_product =".$object->id; + $sql .= " AND d.fk_product = ".((int) $object->id); if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } diff --git a/htdocs/modulebuilder/template/class/api_mymodule.class.php b/htdocs/modulebuilder/template/class/api_mymodule.class.php index bc52cf7378f..faeb22a095b 100644 --- a/htdocs/modulebuilder/template/class/api_mymodule.class.php +++ b/htdocs/modulebuilder/template/class/api_mymodule.class.php @@ -145,14 +145,14 @@ class MyModuleApi extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($restrictonsocid && $socid) { - $sql .= " AND t.fk_soc = ".$socid; + $sql .= " AND t.fk_soc = ".((int) $socid); } if ($restrictonsocid && $search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale } // Insert sale filter if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { diff --git a/htdocs/modulebuilder/template/mymoduleindex.php b/htdocs/modulebuilder/template/mymoduleindex.php index 2d262aeeb36..990a6d91bfa 100644 --- a/htdocs/modulebuilder/template/mymoduleindex.php +++ b/htdocs/modulebuilder/template/mymoduleindex.php @@ -113,7 +113,7 @@ if (! empty($conf->mymodule->enabled) && $user->rights->mymodule->read) $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); if ($resql) diff --git a/htdocs/mrp/class/api_mos.class.php b/htdocs/mrp/class/api_mos.class.php index a2558fe6252..0ece243dc39 100644 --- a/htdocs/mrp/class/api_mos.class.php +++ b/htdocs/mrp/class/api_mos.class.php @@ -137,14 +137,14 @@ class Mos extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($restrictonsocid && $socid) { - $sql .= " AND t.fk_soc = ".$socid; + $sql .= " AND t.fk_soc = ".((int) $socid); } if ($restrictonsocid && $search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale } // Insert sale filter if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { diff --git a/htdocs/opensurvey/class/opensurveysondage.class.php b/htdocs/opensurvey/class/opensurveysondage.class.php index e11fb65184a..e35abff84bb 100644 --- a/htdocs/opensurvey/class/opensurveysondage.class.php +++ b/htdocs/opensurvey/class/opensurveysondage.class.php @@ -321,9 +321,9 @@ class Opensurveysondage extends CommonObject $sql .= " date_fin=".(dol_strlen($this->date_fin) != 0 ? "'".$this->db->idate($this->date_fin)."'" : 'null').","; $sql .= " status=".(isset($this->status) ? "'".$this->db->escape($this->status)."'" : "null").","; $sql .= " format=".(isset($this->format) ? "'".$this->db->escape($this->format)."'" : "null").","; - $sql .= " mailsonde=".(isset($this->mailsonde) ? $this->db->escape($this->mailsonde) : "null").","; - $sql .= " allow_comments=".$this->db->escape($this->allow_comments).","; - $sql .= " allow_spy=".$this->db->escape($this->allow_spy); + $sql .= " mailsonde=".(isset($this->mailsonde) ? ((int) $this->mailsonde) : "null").","; + $sql .= " allow_comments=".((int) $this->allow_comments).","; + $sql .= " allow_spy=".((int) $this->allow_spy); $sql .= " WHERE id_sondage='".$this->db->escape($this->id_sondage)."'"; $this->db->begin(); diff --git a/htdocs/partnership/class/partnershiputils.class.php b/htdocs/partnership/class/partnershiputils.class.php index 992fca2703e..04f5db251e5 100644 --- a/htdocs/partnership/class/partnershiputils.class.php +++ b/htdocs/partnership/class/partnershiputils.class.php @@ -102,7 +102,7 @@ class PartnershipUtils $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."adherent_type as dty on (dty.rowid = d.fk_adherent_type)"; $sql .= " WHERE fk_member > 0"; $sql .= " AND (d.datefin < '".$this->db->idate($datetotest)."' AND dty.subscription = 1)"; - $sql .= " AND p.status = ".$partnership::STATUS_ACCEPTED; // Only accepted not yet canceled + $sql .= " AND p.status = ".((int) $partnership::STATUS_ACCEPTED); // Only accepted not yet canceled $sql .= $this->db->order('d.rowid', 'ASC'); // Limit is managed into loop later @@ -263,7 +263,7 @@ class PartnershipUtils $sql .= " WHERE 1 = 1"; $sql .= " AND p.".$fk_partner." > 0"; - $sql .= " AND p.status = ".$partnership::STATUS_ACCEPTED; // Only accepted not yet canceled + $sql .= " AND p.status = ".((int) $partnership::STATUS_ACCEPTED); // Only accepted not yet canceled $sql .= " AND (p.last_check_backlink IS NULL OR p.last_check_backlink <= '".$this->db->idate($now - 7 * 24 * 3600)."')"; // Every week, check that website contains a link to dolibarr. $sql .= $this->db->order('p.rowid', 'ASC'); // Limit is managed into loop later diff --git a/htdocs/partnership/partnershipindex.php b/htdocs/partnership/partnershipindex.php index 8076f105dbb..ce7a17b8fce 100644 --- a/htdocs/partnership/partnershipindex.php +++ b/htdocs/partnership/partnershipindex.php @@ -113,7 +113,7 @@ if (! empty($conf->partnership->enabled) && $user->rights->partnership->read) $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); if ($resql) diff --git a/htdocs/product/ajax/products.php b/htdocs/product/ajax/products.php index 901e2b387e3..ac2e70e3287 100644 --- a/htdocs/product/ajax/products.php +++ b/htdocs/product/ajax/products.php @@ -122,8 +122,8 @@ if (!empty($action) && $action == 'fetch' && !empty($id)) { // Price by qty if (!empty($price_by_qty_rowid) && $price_by_qty_rowid >= 1 && (!empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY) || !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES))) { // If we need a particular price related to qty $sql = "SELECT price, unitprice, quantity, remise_percent"; - $sql .= " FROM ".MAIN_DB_PREFIX."product_price_by_qty "; - $sql .= " WHERE rowid=".$price_by_qty_rowid.""; + $sql .= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; + $sql .= " WHERE rowid = ".((int) $price_by_qty_rowid); $result = $db->query($sql); if ($result) { diff --git a/htdocs/product/canvas/product/actions_card_product.class.php b/htdocs/product/canvas/product/actions_card_product.class.php index 3bda877af62..d155abdc2c2 100644 --- a/htdocs/product/canvas/product/actions_card_product.class.php +++ b/htdocs/product/canvas/product/actions_card_product.class.php @@ -349,11 +349,11 @@ class ActionsCardProduct } } - if (isset($_GET["tosell"]) && dol_strlen($_GET["tosell"]) > 0) { - $sql .= " AND p.tosell = ".$this->db->escape($_GET["tosell"]); + if (GETPOSTISSET("tosell")) { + $sql .= " AND p.tosell = ".((int) GETPOST("tosell", "int")); } - if (isset($_GET["canvas"]) && dol_strlen($_GET["canvas"]) > 0) { - $sql .= " AND p.canvas = '".$this->db->escape($_GET["canvas"])."'"; + if (GETPOSTISSET("canvas")) { + $sql .= " AND p.canvas = '".$this->db->escape(GETPOST("canvas"))."'"; } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit + 1, $offset); diff --git a/htdocs/product/canvas/service/actions_card_service.class.php b/htdocs/product/canvas/service/actions_card_service.class.php index 53e0df73212..c4296dc63a8 100644 --- a/htdocs/product/canvas/service/actions_card_service.class.php +++ b/htdocs/product/canvas/service/actions_card_service.class.php @@ -298,29 +298,29 @@ class ActionsCardService $sql .= " AND (p.ref LIKE '%".$this->db->escape($sall)."%' OR p.label LIKE '%".$this->db->escape($sall)."%' OR p.description LIKE '%".$this->db->escape($sall)."%' OR p.note LIKE '%".$this->db->escape($sall)."%')"; } if ($sref) { - $sql .= " AND p.ref LIKE '%".$sref."%'"; + $sql .= " AND p.ref LIKE '%".$this->db->escape($sref)."%'"; } if ($search_barcode) { - $sql .= " AND p.barcode LIKE '%".$search_barcode."%'"; + $sql .= " AND p.barcode LIKE '%".$this->db->escape($search_barcode)."%'"; } if ($snom) { $sql .= " AND p.label LIKE '%".$this->db->escape($snom)."%'"; } - if (isset($_GET["tosell"]) && dol_strlen($_GET["tosell"]) > 0) { - $sql .= " AND p.tosell = ".$this->db->escape($_GET["tosell"]); + if (GETPOSTISSET("tosell")) { + $sql .= " AND p.tosell = ".((int) GETPOST("tosell", 'int')); } - if (isset($_GET["canvas"]) && dol_strlen($_GET["canvas"]) > 0) { - $sql .= " AND p.canvas = '".$this->db->escape($_GET["canvas"])."'"; + if (GETPOSTISSET("canvas")) { + $sql .= " AND p.canvas = '".$this->db->escape(GETPOST("canvas"))."'"; } if ($catid) { - $sql .= " AND cp.fk_categorie = ".$catid; + $sql .= " AND cp.fk_categorie = ".((int) $catid); } if ($fourn_id > 0) { - $sql .= " AND p.rowid = pfp.fk_product AND pfp.fk_soc = ".$fourn_id; + $sql .= " AND p.rowid = pfp.fk_product AND pfp.fk_soc = ".((int) $fourn_id); } // Insert categ filter if ($search_categ) { - $sql .= " AND cp.fk_categorie = ".$this->db->escape($search_categ); + $sql .= " AND cp.fk_categorie = ".((int) $search_categ); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit + 1, $offset); diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php index b4e860a1069..2e0d21b0456 100644 --- a/htdocs/product/class/api_products.class.php +++ b/htdocs/product/class/api_products.class.php @@ -206,8 +206,8 @@ class Products extends DolibarrApi // Select products of given category if ($category > 0) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category); - $sql .= " AND c.fk_product = t.rowid "; + $sql .= " AND c.fk_categorie = ".((int) $category); + $sql .= " AND c.fk_product = t.rowid"; } if ($mode == 1) { // Show only products diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 6aee9af9c60..1afd1e74e23 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1055,16 +1055,16 @@ class Product extends CommonObject $sql .= " SET label = '".$this->db->escape($this->label)."'"; if ($updatetype && ($this->isProduct() || $this->isService())) { - $sql .= ", fk_product_type = ".$this->type; + $sql .= ", fk_product_type = ".((int) $this->type); } $sql .= ", ref = '".$this->db->escape($this->ref)."'"; $sql .= ", ref_ext = ".(!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null"); $sql .= ", default_vat_code = ".($this->default_vat_code ? "'".$this->db->escape($this->default_vat_code)."'" : "null"); - $sql .= ", tva_tx = ".$this->tva_tx; - $sql .= ", recuperableonly = ".$this->tva_npr; - $sql .= ", localtax1_tx = ".$this->localtax1_tx; - $sql .= ", localtax2_tx = ".$this->localtax2_tx; + $sql .= ", tva_tx = ".((float) $this->tva_tx); + $sql .= ", recuperableonly = ".((int) $this->tva_npr); + $sql .= ", localtax1_tx = ".((float) $this->localtax1_tx); + $sql .= ", localtax2_tx = ".((float) $this->localtax2_tx); $sql .= ", localtax1_type = ".($this->localtax1_type != '' ? "'".$this->db->escape($this->localtax1_type)."'" : "'0'"); $sql .= ", localtax2_type = ".($this->localtax2_type != '' ? "'".$this->db->escape($this->localtax2_type)."'" : "'0'"); @@ -2391,8 +2391,8 @@ class Product extends CommonObject $sql .= " price_base_type, tva_tx, default_vat_code, tosell, price_by_qty, rowid, recuperableonly"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price"; $sql .= " WHERE entity IN (".getEntity('productprice').")"; - $sql .= " AND price_level=".$i; - $sql .= " AND fk_product = ".$this->id; + $sql .= " AND price_level=".((int) $i); + $sql .= " AND fk_product = ".((int) $this->id); $sql .= " ORDER BY date_price DESC, rowid DESC"; $sql .= " LIMIT 1"; $resql = $this->db->query($sql); @@ -2501,7 +2501,7 @@ class Product extends CommonObject $sql .= " price_base_type, tva_tx, default_vat_code, tosell, price_by_qty, rowid, recuperableonly"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price"; $sql .= " WHERE entity IN (".getEntity('productprice').")"; - $sql .= " AND price_level=".$i; + $sql .= " AND price_level=".((int) $i); $sql .= " AND fk_product = ".$this->id; $sql .= " ORDER BY date_price DESC, rowid DESC"; $sql .= " LIMIT 1"; @@ -2613,7 +2613,7 @@ class Product extends CommonObject $sql .= " AND mp.fk_product =".$this->id; $sql .= " AND mp.role ='".$this->db->escape($role)."'"; if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $result = $this->db->query($sql); @@ -2739,7 +2739,7 @@ class Product extends CommonObject } //$sql.= " AND pr.fk_statut != 0"; if ($socid > 0) { - $sql .= " AND p.fk_soc = ".$socid; + $sql .= " AND p.fk_soc = ".((int) $socid); } $result = $this->db->query($sql); @@ -2814,7 +2814,7 @@ class Product extends CommonObject } //$sql.= " AND pr.fk_statut != 0"; if ($socid > 0) { - $sql .= " AND p.fk_soc = ".$socid; + $sql .= " AND p.fk_soc = ".((int) $socid); } $result = $this->db->query($sql); @@ -2869,7 +2869,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if ($filtrestatut <> '') { $sql .= " AND c.fk_statut in (".$this->db->sanitize($filtrestatut).")"; @@ -2971,7 +2971,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if ($filtrestatut != '') { $sql .= " AND c.fk_statut in (".$this->db->sanitize($filtrestatut).")"; // Peut valoir 0 @@ -3033,7 +3033,7 @@ class Product extends CommonObject $sql .= " AND e.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND e.fk_soc = ".$socid; + $sql .= " AND e.fk_soc = ".((int) $socid); } if ($filtrestatut <> '') { $sql .= " AND c.fk_statut IN (".$this->db->sanitize($filtrestatut).")"; @@ -3114,7 +3114,7 @@ class Product extends CommonObject $sql .= " AND cf.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND cf.fk_soc = ".$socid; + $sql .= " AND cf.fk_soc = ".((int) $socid); } if ($filtrestatut <> '') { $sql .= " AND cf.fk_statut IN (".$this->db->sanitize($filtrestatut).")"; @@ -3170,7 +3170,7 @@ class Product extends CommonObject $sql .= " AND m.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND m.fk_soc = ".$socid; + $sql .= " AND m.fk_soc = ".((int) $socid); } if ($filtrestatut <> '') { $sql .= " AND m.status IN (".$this->db->sanitize($filtrestatut).")"; @@ -3265,7 +3265,7 @@ class Product extends CommonObject } //$sql.= " AND c.statut != 0"; if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $result = $this->db->query($sql); @@ -3339,7 +3339,7 @@ class Product extends CommonObject } //$sql.= " AND f.fk_statut != 0"; if ($socid > 0) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $result = $this->db->query($sql); @@ -3413,7 +3413,7 @@ class Product extends CommonObject } //$sql.= " AND f.fk_statut != 0"; if ($socid > 0) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $result = $this->db->query($sql); @@ -3655,7 +3655,7 @@ class Product extends CommonObject $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND p.fk_soc = ".$socid; + $sql .= " AND p.fk_soc = ".((int) $socid); } $sql .= $morefilter; $sql .= " GROUP BY date_format(p.datep,'%Y%m')"; @@ -3758,7 +3758,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $sql .= $morefilter; $sql .= " GROUP BY date_format(c.date_commande,'%Y%m')"; @@ -3809,7 +3809,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $sql .= $morefilter; $sql .= " GROUP BY date_format(c.date_commande,'%Y%m')"; @@ -3863,7 +3863,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $sql .= $morefilter; $sql .= " GROUP BY date_format(c.date_contrat,'%Y%m')"; @@ -3916,7 +3916,7 @@ class Product extends CommonObject $sql .= " AND d.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid > 0) { - $sql .= " AND d.fk_soc = ".$socid; + $sql .= " AND d.fk_soc = ".((int) $socid); } $sql .= $morefilter; $sql .= " GROUP BY date_format(d.date_valid,'%Y%m')"; diff --git a/htdocs/product/class/productbatch.class.php b/htdocs/product/class/productbatch.class.php index 10704f2f53e..529284af464 100644 --- a/htdocs/product/class/productbatch.class.php +++ b/htdocs/product/class/productbatch.class.php @@ -384,7 +384,7 @@ class Productbatch extends CommonObject $sql .= " t.qty,"; $sql .= " t.import_key"; $sql .= " FROM ".MAIN_DB_PREFIX.self::$_table_element." as t"; - $sql .= " WHERE fk_product_stock=".$fk_product_stock; + $sql .= " WHERE fk_product_stock=".((int) $fk_product_stock); if (!empty($eatby)) { array_push($where, " eatby = '".$this->db->idate($eatby)."'"); // deprecated @@ -454,10 +454,10 @@ class Productbatch extends CommonObject } $sql .= " FROM ".MAIN_DB_PREFIX."product_batch as t"; if ($fk_product > 0) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON pl.fk_product = ".$fk_product." AND pl.batch = t.batch"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON pl.fk_product = ".((int) $fk_product)." AND pl.batch = t.batch"; // TODO May add extrafields to ? } - $sql .= " WHERE fk_product_stock=".$fk_product_stock; + $sql .= " WHERE fk_product_stock=".((int) $fk_product_stock); if ($with_qty) { $sql .= " AND t.qty <> 0"; } diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php index a1d92cc492a..0b5ea0cc2a6 100644 --- a/htdocs/product/class/propalmergepdfproduct.class.php +++ b/htdocs/product/class/propalmergepdfproduct.class.php @@ -408,10 +408,10 @@ class Propalmergepdfproduct extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product"; - $sql .= " WHERE fk_product=".$product_id; + $sql .= " WHERE fk_product = ".((int) $product_id); if ($conf->global->MAIN_MULTILANGS && !empty($lang_id)) { - $sql .= " AND lang='".$this->db->escape($lang_id)."'"; + $sql .= " AND lang = '".$this->db->escape($lang_id)."'"; } dol_syslog(__METHOD__, LOG_DEBUG); diff --git a/htdocs/product/dynamic_price/class/price_global_variable.class.php b/htdocs/product/dynamic_price/class/price_global_variable.class.php index 5286b932ca7..0404f0bd97a 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable.class.php @@ -182,7 +182,7 @@ class PriceGlobalVariable $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; $sql .= " code = ".(isset($this->code) ? "'".$this->db->escape($this->code)."'" : "''").","; $sql .= " description = ".(isset($this->description) ? "'".$this->db->escape($this->description)."'" : "''").","; - $sql .= " value = ".$this->value; + $sql .= " value = ".((float) $this->value); $sql .= " WHERE rowid = ".$this->id; $this->db->begin(); diff --git a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php index 172c004a2d7..4272beb44bc 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php @@ -200,12 +200,12 @@ class PriceGlobalVariableUpdater // Update request $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; - $sql .= " type = ".$this->type.","; + $sql .= " type = ".((int) $this->type).","; $sql .= " description = ".(isset($this->description) ? "'".$this->db->escape($this->description)."'" : "''").","; $sql .= " parameters = ".(isset($this->parameters) ? "'".$this->db->escape($this->parameters)."'" : "''").","; - $sql .= " fk_variable = ".$this->fk_variable.","; - $sql .= " update_interval = ".$this->update_interval.","; - $sql .= " next_update = ".$this->next_update.","; + $sql .= " fk_variable = ".((int) $this->fk_variable).","; + $sql .= " update_interval = ".((int) $this->update_interval).","; + $sql .= " next_update = ".((int) $this->next_update).","; $sql .= " last_status = ".(isset($this->last_status) ? "'".$this->db->escape($this->last_status)."'" : "''"); $sql .= " WHERE rowid = ".$this->id; diff --git a/htdocs/product/index.php b/htdocs/product/index.php index 0e709f54f99..4aaaf3a0fa7 100644 --- a/htdocs/product/index.php +++ b/htdocs/product/index.php @@ -287,7 +287,7 @@ if ((!empty($conf->product->enabled) || !empty($conf->service->enabled)) && ($us $sql .= " FROM ".MAIN_DB_PREFIX."product as p"; $sql .= " WHERE p.entity IN (".getEntity($product_static->element, 1).")"; if ($type != '') { - $sql .= " AND p.fk_product_type = ".$type; + $sql .= " AND p.fk_product_type = ".((int) $type); } // Add where from hooks $parameters = array(); @@ -445,8 +445,8 @@ function activitytrim($product_type) $sql .= " WHERE f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.rowid = fd.fk_facture"; $sql .= " AND pf.fk_facture = f.rowid"; - $sql .= " AND pf.fk_paiement= p.rowid"; - $sql .= " AND fd.product_type=".$product_type; + $sql .= " AND pf.fk_paiement = p.rowid"; + $sql .= " AND fd.product_type = ".((int) $product_type); $sql .= " AND p.datep >= '".$db->idate(dol_get_first_day($yearofbegindate), 1)."'"; $sql .= " GROUP BY annee, mois "; $sql .= " ORDER BY annee, mois "; diff --git a/htdocs/product/list.php b/htdocs/product/list.php index eb3fc71d53a..0c922fab0dd 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -451,7 +451,7 @@ if (dol_strlen($canvas) > 0) { $sql .= " AND p.canvas = '".$db->escape($canvas)."'"; } if ($catid > 0) { - $sql .= " AND cp.fk_categorie = ".$catid; + $sql .= " AND cp.fk_categorie = ".((int) $catid); } if ($catid == -2) { $sql .= " AND cp.fk_categorie IS NULL"; diff --git a/htdocs/product/popuprop.php b/htdocs/product/popuprop.php index 5aa54b0963c..8ffae0bee8c 100644 --- a/htdocs/product/popuprop.php +++ b/htdocs/product/popuprop.php @@ -211,7 +211,7 @@ if ($mode && $mode != '-1') { if (!empty($conf->global->MAIN_MULTILANGS)) { // si l'option est active $sql = "SELECT label"; $sql .= " FROM ".MAIN_DB_PREFIX."product_lang"; - $sql .= " WHERE fk_product=".$prodid; + $sql .= " WHERE fk_product = ".((int) $prodid); $sql .= " AND lang='".$db->escape($langs->getDefaultLang())."'"; $sql .= " LIMIT 1"; diff --git a/htdocs/product/reassort.php b/htdocs/product/reassort.php index 342acb49b6e..f8db6915409 100644 --- a/htdocs/product/reassort.php +++ b/htdocs/product/reassort.php @@ -190,7 +190,7 @@ if ($fourn_id > 0) { } // Insert categ filter if ($search_categ) { - $sql .= " AND cp.fk_categorie = ".$db->escape($search_categ); + $sql .= " AND cp.fk_categorie = ".((int) $search_categ); } $sql .= " GROUP BY p.rowid, p.ref, p.label, p.barcode, p.price, p.price_ttc, p.price_base_type, p.entity,"; $sql .= " p.fk_product_type, p.tms, p.duration, p.tosell, p.tobuy, p.seuil_stock_alerte, p.desiredstock"; diff --git a/htdocs/product/reassortlot.php b/htdocs/product/reassortlot.php index 38b16cea44a..ea9901a3794 100644 --- a/htdocs/product/reassortlot.php +++ b/htdocs/product/reassortlot.php @@ -179,7 +179,7 @@ if ($fourn_id > 0) { } // Insert categ filter if ($search_categ) { - $sql .= " AND cp.fk_categorie = ".$db->escape($search_categ); + $sql .= " AND cp.fk_categorie = ".((int) $search_categ); } if ($search_warehouse) { $sql .= natural_search("e.ref", $search_warehouse); diff --git a/htdocs/product/stats/bom.php b/htdocs/product/stats/bom.php index 505bc8ed060..8db7c63d83e 100644 --- a/htdocs/product/stats/bom.php +++ b/htdocs/product/stats/bom.php @@ -138,7 +138,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " FROM ".MAIN_DB_PREFIX."bom_bom as b"; $sql .= " WHERE "; $sql .= " b.entity IN (".getEntity('bom').")"; - $sql .= " AND b.fk_product =".$product->id; + $sql .= " AND b.fk_product = ".((int) $product->id); $sql .= $db->order($sortfield, $sortorder); // Count total nb of records @@ -184,9 +184,8 @@ if ($id > 0 || !empty($ref)) { $sql .= " SUM(bl.qty) as qty_toconsume"; $sql .= " FROM ".MAIN_DB_PREFIX."bom_bom as b"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."bom_bomline as bl ON bl.fk_bom=b.rowid"; - $sql .= " WHERE "; - $sql .= " b.entity IN (".getEntity('bom').")"; - $sql .= " AND bl.fk_product=".$product->id; + $sql .= " WHERE b.entity IN (".getEntity('bom').")"; + $sql .= " AND bl.fk_product = ".((int) $product->id); $sql .= " GROUP BY b.rowid, b.ref, b.date_valid, b.status"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/product/stats/commande.php b/htdocs/product/stats/commande.php index 9ba4dee7081..623306536b7 100644 --- a/htdocs/product/stats/commande.php +++ b/htdocs/product/stats/commande.php @@ -151,7 +151,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('commande').")"; $sql .= " AND d.fk_commande = c.rowid"; - $sql .= " AND d.fk_product =".$product->id; + $sql .= " AND d.fk_product = ".((int) $product->id); if (!empty($search_month)) { $sql .= ' AND MONTH(c.date_commande) IN ('.$db->sanitize($search_month).')'; } @@ -159,7 +159,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(c.date_commande) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/commande_fournisseur.php b/htdocs/product/stats/commande_fournisseur.php index 6037f608b58..e42905811a8 100644 --- a/htdocs/product/stats/commande_fournisseur.php +++ b/htdocs/product/stats/commande_fournisseur.php @@ -152,7 +152,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; $sql .= " AND d.fk_commande = c.rowid"; - $sql .= " AND d.fk_product =".$product->id; + $sql .= " AND d.fk_product = ".((int) $product->id); if (!empty($search_month)) { $sql .= ' AND MONTH(c.date_commande) IN ('.$db->sanitize($search_month).')'; } @@ -160,7 +160,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(c.date_commande) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php index f91e74edf50..f71c907a430 100644 --- a/htdocs/product/stats/contrat.php +++ b/htdocs/product/stats/contrat.php @@ -142,7 +142,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " WHERE c.rowid = cd.fk_contrat"; $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('contract').")"; - $sql .= " AND cd.fk_product =".$product->id; + $sql .= " AND cd.fk_product = ".((int) $product->id); if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php index 0681aa9b5ca..b8a83e847c2 100644 --- a/htdocs/product/stats/facture.php +++ b/htdocs/product/stats/facture.php @@ -168,7 +168,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND d.fk_facture = f.rowid"; - $sql .= " AND d.fk_product =".$product->id; + $sql .= " AND d.fk_product = ".((int) $product->id); if (!empty($search_month)) { $sql .= ' AND MONTH(f.datef) IN ('.$db->sanitize($search_month).')'; } diff --git a/htdocs/product/stats/facture_fournisseur.php b/htdocs/product/stats/facture_fournisseur.php index 69ef83ae5a7..2ad05313762 100644 --- a/htdocs/product/stats/facture_fournisseur.php +++ b/htdocs/product/stats/facture_fournisseur.php @@ -151,7 +151,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; $sql .= " AND d.fk_facture_fourn = f.rowid"; - $sql .= " AND d.fk_product =".$product->id; + $sql .= " AND d.fk_product = ".((int) $product->id); if (!empty($search_month)) { $sql .= ' AND MONTH(f.datef) IN ('.$db->sanitize($search_month).')'; } diff --git a/htdocs/product/stats/mo.php b/htdocs/product/stats/mo.php index fefb89592e7..81bb29650db 100644 --- a/htdocs/product/stats/mo.php +++ b/htdocs/product/stats/mo.php @@ -137,7 +137,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ", ".MAIN_DB_PREFIX."mrp_production as cd"; $sql .= " WHERE c.rowid = cd.fk_mo"; $sql .= " AND c.entity IN (".getEntity('mo').")"; - $sql .= " AND cd.fk_product =".$product->id; + $sql .= " AND cd.fk_product = ".((int) $product->id); if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); } diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php index 96303ac598d..f2a26d4af73 100644 --- a/htdocs/product/stats/propal.php +++ b/htdocs/product/stats/propal.php @@ -153,7 +153,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; $sql .= " AND d.fk_propal = p.rowid"; - $sql .= " AND d.fk_product =".$product->id; + $sql .= " AND d.fk_product = ".((int) $product->id); if (!empty($search_month)) { $sql .= ' AND MONTH(p.datep) IN ('.$db->sanitize($search_month).')'; } diff --git a/htdocs/product/stats/supplier_proposal.php b/htdocs/product/stats/supplier_proposal.php index 1b236ed3999..3de03aa73c1 100644 --- a/htdocs/product/stats/supplier_proposal.php +++ b/htdocs/product/stats/supplier_proposal.php @@ -152,7 +152,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; $sql .= " AND d.fk_supplier_proposal = p.rowid"; - $sql .= " AND d.fk_product =".$product->id; + $sql .= " AND d.fk_product = ".((int) $product->id); if (!empty($search_month)) { $sql .= ' AND MONTH(p.datep) IN ('.$db->sanitize($search_month).')'; } diff --git a/htdocs/product/stock/card.php b/htdocs/product/stock/card.php index 91284944397..55ab129edee 100644 --- a/htdocs/product/stock/card.php +++ b/htdocs/product/stock/card.php @@ -645,7 +645,7 @@ if ($action == 'create') { $sql .= " WHERE ps.fk_product = p.rowid"; $sql .= " AND ps.reel <> 0"; // We do not show if stock is 0 (no product in this warehouse) - $sql .= " AND ps.fk_entrepot = ".$object->id; + $sql .= " AND ps.fk_entrepot = ".((int) $object->id); if ($separatedPMP) { $sql .= " AND pa.fk_product = p.rowid AND pa.entity = ". (int) $conf->entity; diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 35791bfd158..c7516066e7f 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -293,17 +293,17 @@ class Entrepot extends CommonObject $this->town = trim($this->town); $this->country_id = ($this->country_id > 0 ? $this->country_id : 0); - $sql = "UPDATE ".MAIN_DB_PREFIX."entrepot "; + $sql = "UPDATE ".MAIN_DB_PREFIX."entrepot"; $sql .= " SET ref = '".$this->db->escape($this->label)."'"; $sql .= ", fk_parent = ".(($this->fk_parent > 0) ? $this->fk_parent : "NULL"); $sql .= ", fk_project = ".(($this->fk_project > 0) ? $this->fk_project : "NULL"); $sql .= ", description = '".$this->db->escape($this->description)."'"; - $sql .= ", statut = ".$this->statut; + $sql .= ", statut = ".((int) $this->statut); $sql .= ", lieu = '".$this->db->escape($this->lieu)."'"; $sql .= ", address = '".$this->db->escape($this->address)."'"; $sql .= ", zip = '".$this->db->escape($this->zip)."'"; $sql .= ", town = '".$this->db->escape($this->town)."'"; - $sql .= ", fk_pays = ".$this->country_id; + $sql .= ", fk_pays = ".((int) $this->country_id); $sql .= ", phone = '".$this->db->escape($this->phone)."'"; $sql .= ", fax = '".$this->db->escape($this->fax)."'"; $sql .= " WHERE rowid = ".((int) $id); diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 0220df610e4..ef1393dfb63 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -951,7 +951,7 @@ if (!$variants) { $sql .= " WHERE ps.reel != 0"; $sql .= " AND ps.fk_entrepot = e.rowid"; $sql .= " AND e.entity IN (".getEntity('stock').")"; - $sql .= " AND ps.fk_product = ".$object->id; + $sql .= " AND ps.fk_product = ".((int) $object->id); $sql .= " ORDER BY e.ref"; $entrepotstatic = new Entrepot($db); diff --git a/htdocs/product/stock/stockatdate.php b/htdocs/product/stock/stockatdate.php index 52addeba637..77923d9e7c9 100644 --- a/htdocs/product/stock/stockatdate.php +++ b/htdocs/product/stock/stockatdate.php @@ -136,10 +136,10 @@ if ($date && $dateIsValid) { // Avoid heavy sql if mandatory date is not defined $sql .= " AND w.statut IN (".$db->sanitize(implode(',', $warehouseStatus)).")"; } if ($productid > 0) { - $sql .= " AND ps.fk_product = ".$productid; + $sql .= " AND ps.fk_product = ".((int) $productid); } if ($fk_warehouse > 0) { - $sql .= " AND ps.fk_entrepot = ".$fk_warehouse; + $sql .= " AND ps.fk_entrepot = ".((int) $fk_warehouse); } $sql .= " GROUP BY fk_product, fk_entrepot"; //print $sql; diff --git a/htdocs/projet/activity/index.php b/htdocs/projet/activity/index.php index 0191cc74ef8..60484eb4f17 100644 --- a/htdocs/projet/activity/index.php +++ b/htdocs/projet/activity/index.php @@ -425,7 +425,7 @@ if (empty($conf->global->PROJECT_HIDE_TASKS) && !empty($conf->global->PROJECT_SH $sql .= " AND ect.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listoftaskcontacttype))).") AND ect.element_id = t.rowid AND ect.fk_socpeople = ".$user->id; } if ($socid) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } $sql .= " AND p.fk_statut=1"; $sql .= " GROUP BY p.ref, p.title, p.rowid, p.fk_statut, p.fk_opp_status, p.public, t.label, t.rowid, t.planned_workload, t.duration_effective, t.progress, t.dateo, t.datee"; diff --git a/htdocs/projet/class/api_projects.class.php b/htdocs/projet/class/api_projects.class.php index b0b94264fb0..38f525626ba 100644 --- a/htdocs/projet/class/api_projects.class.php +++ b/htdocs/projet/class/api_projects.class.php @@ -146,7 +146,7 @@ class Projects extends DolibarrApi } // Select projects of given category if ($category > 0) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category)." AND c.fk_project = t.rowid "; + $sql .= " AND c.fk_categorie = ".((int) $category)." AND c.fk_project = t.rowid "; } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 851703ce96b..e381aaabfb3 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -486,7 +486,7 @@ class Project extends CommonObject $sql .= ", title = '".$this->db->escape($this->title)."'"; $sql .= ", description = '".$this->db->escape($this->description)."'"; $sql .= ", fk_soc = ".($this->socid > 0 ? $this->socid : "null"); - $sql .= ", fk_statut = ".$this->statut; + $sql .= ", fk_statut = ".((int) $this->statut); $sql .= ", fk_opp_status = ".((is_numeric($this->opp_status) && $this->opp_status > 0) ? $this->opp_status : 'null'); $sql .= ", opp_percent = ".((is_numeric($this->opp_percent) && $this->opp_percent != '') ? $this->opp_percent : 'null'); $sql .= ", public = ".($this->public ? 1 : 0); @@ -1777,13 +1777,13 @@ class Project extends CommonObject if ($tableName == "actioncomm") { $sql .= " SET fk_project=".$this->id; - $sql .= " WHERE id=".$elementSelectId; + $sql .= " WHERE id=".((int) $elementSelectId); } elseif ($tableName == "entrepot") { $sql .= " SET fk_project=".$this->id; - $sql .= " WHERE rowid=".$elementSelectId; + $sql .= " WHERE rowid=".((int) $elementSelectId); } else { $sql .= " SET fk_projet=".$this->id; - $sql .= " WHERE rowid=".$elementSelectId; + $sql .= " WHERE rowid=".((int) $elementSelectId); } dol_syslog(get_class($this)."::update_element", LOG_DEBUG); @@ -1813,10 +1813,10 @@ class Project extends CommonObject if ($tableName == "actioncomm") { $sql .= " SET fk_project=NULL"; - $sql .= " WHERE id=".$elementSelectId; + $sql .= " WHERE id=".((int) $elementSelectId); } else { $sql .= " SET ".$projectfield."=NULL"; - $sql .= " WHERE rowid=".$elementSelectId; + $sql .= " WHERE rowid=".((int) $elementSelectId); } dol_syslog(get_class($this)."::remove_element", LOG_DEBUG); @@ -1888,10 +1888,10 @@ class Project extends CommonObject $sql .= " AND (ptt.task_date >= '".$this->db->idate($datestart)."' "; $sql .= " AND ptt.task_date <= '".$this->db->idate(dol_time_plus_duree($datestart, 1, 'w') - 1)."')"; if ($taskid) { - $sql .= " AND ptt.fk_task=".$taskid; + $sql .= " AND ptt.fk_task=".((int) $taskid); } if (is_numeric($userid)) { - $sql .= " AND ptt.fk_user=".$userid; + $sql .= " AND ptt.fk_user=".((int) $userid); } //print $sql; @@ -1951,10 +1951,10 @@ class Project extends CommonObject $sql .= " AND (ptt.task_date >= '".$this->db->idate($datestart)."' "; $sql .= " AND ptt.task_date <= '".$this->db->idate(dol_time_plus_duree($datestart, 1, 'm') - 1)."')"; if ($task_id) { - $sql .= " AND ptt.fk_task=".$taskid; + $sql .= " AND ptt.fk_task=".((int) $taskid); } if (is_numeric($userid)) { - $sql .= " AND ptt.fk_user=".$userid; + $sql .= " AND ptt.fk_user=".((int) $userid); } //print $sql; diff --git a/htdocs/projet/class/projectstats.class.php b/htdocs/projet/class/projectstats.class.php index 42c5ae2135f..1845e303704 100644 --- a/htdocs/projet/class/projectstats.class.php +++ b/htdocs/projet/class/projectstats.class.php @@ -68,7 +68,7 @@ class ProjectStats extends Stats $sql .= ", ".MAIN_DB_PREFIX."c_lead_status as cls"; $sql .= $this->buildWhere(); // For external user, no check is done on company permission because readability is managed by public status of project and assignement. - //if ($socid > 0) $sql.= " AND t.fk_soc = ".$socid; + //if ($socid > 0) $sql.= " AND t.fk_soc = ".((int) $socid); // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; $sql .= " AND t.fk_opp_status = cls.rowid"; @@ -133,7 +133,7 @@ class ProjectStats extends Stats // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql .= $this->buildWhere(); // For external user, no check is done on company permission because readability is managed by public status of project and assignement. - //if ($socid > 0) $sql.= " AND t.fk_soc = ".$socid; + //if ($socid > 0) $sql.= " AND t.fk_soc = ".((int) $socid); // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; $sql .= " GROUP BY year"; diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 9f81218ba8d..bd25398776e 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -854,7 +854,7 @@ class Task extends CommonObject $sql .= " AND p.rowid = ec.element_id"; $sql .= " AND ctc.rowid = ec.fk_c_type_contact"; $sql .= " AND ctc.element = 'project'"; - $sql .= " AND ec.fk_socpeople = ".$filteronprojuser; + $sql .= " AND ec.fk_socpeople = ".((int) $filteronprojuser); $sql .= " AND ec.statut = 4"; $sql .= " AND ctc.source = 'internal'"; } @@ -863,12 +863,12 @@ class Task extends CommonObject $sql .= " AND p.rowid = ec2.element_id"; $sql .= " AND ctc2.rowid = ec2.fk_c_type_contact"; $sql .= " AND ctc2.element = 'project_task'"; - $sql .= " AND ec2.fk_socpeople = ".$filterontaskuser; + $sql .= " AND ec2.fk_socpeople = ".((int) $filterontaskuser); $sql .= " AND ec2.statut = 4"; $sql .= " AND ctc2.source = 'internal'"; } if ($socid) { - $sql .= " AND p.fk_soc = ".$socid; + $sql .= " AND p.fk_soc = ".((int) $socid); } if ($projectid) { $sql .= " AND p.rowid IN (".$this->db->sanitize($projectid).")"; @@ -1525,10 +1525,10 @@ class Task extends CommonObject $sql .= " task_date = '".$this->db->idate($this->timespent_date)."',"; $sql .= " task_datehour = '".$this->db->idate($this->timespent_datehour)."',"; $sql .= " task_date_withhour = ".(empty($this->timespent_withhour) ? 0 : 1).","; - $sql .= " task_duration = ".$this->timespent_duration.","; - $sql .= " fk_user = ".$this->timespent_fk_user.","; + $sql .= " task_duration = ".((int) $this->timespent_duration).","; + $sql .= " fk_user = ".((int) $this->timespent_fk_user).","; $sql .= " note = ".(isset($this->timespent_note) ? "'".$this->db->escape($this->timespent_note)."'" : "null"); - $sql .= " WHERE rowid = ".$this->timespent_id; + $sql .= " WHERE rowid = ".((int) $this->timespent_id); dol_syslog(get_class($this)."::updateTimeSpent", LOG_DEBUG); if ($this->db->query($sql)) { @@ -2082,7 +2082,7 @@ class Task extends CommonObject // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; if ($socid) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id.") OR (s.rowid IS NULL))"; diff --git a/htdocs/projet/index.php b/htdocs/projet/index.php index d8c875d2933..aa9d9a8a437 100644 --- a/htdocs/projet/index.php +++ b/htdocs/projet/index.php @@ -213,7 +213,7 @@ if ($mine || empty($user->rights->projet->all->lire)) { $sql .= " AND p.rowid IN (".$db->sanitize($projectsListId).")"; // If we have this test true, it also means projectset is not 2 } if ($socid) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } $sql .= " ORDER BY p.tms DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index aa1229ccb42..c95ae10e79a 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -402,12 +402,12 @@ if ($search_status >= 0) { if ($search_status == 99) { $sql .= " AND p.fk_statut <> 2"; } else { - $sql .= " AND p.fk_statut = ".$db->escape($search_status); + $sql .= " AND p.fk_statut = ".((int) $search_status); } } if ($search_opp_status) { if (is_numeric($search_opp_status) && $search_opp_status > 0) { - $sql .= " AND p.fk_opp_status = ".$db->escape($search_opp_status); + $sql .= " AND p.fk_opp_status = ".((int) $search_opp_status); } if ($search_opp_status == 'all') { $sql .= " AND (p.fk_opp_status IS NOT NULL AND p.fk_opp_status <> -1)"; @@ -423,7 +423,7 @@ if ($search_opp_status) { } } if ($search_public != '') { - $sql .= " AND p.public = ".$db->escape($search_public); + $sql .= " AND p.public = ".((int) $search_public); } // For external user, no check is done on company permission because readability is managed by public status of project and assignement. //if ($socid > 0) $sql.= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php index e842b409eae..bbb7b1e51f9 100644 --- a/htdocs/projet/tasks/list.php +++ b/htdocs/projet/tasks/list.php @@ -39,6 +39,7 @@ $massaction = GETPOST('massaction', 'alpha'); $show_files = GETPOST('show_files', 'int'); $confirm = GETPOST('confirm', 'alpha'); $toselect = GETPOST('toselect', 'array'); +$optioncss = GETPOST('optioncss', 'aZ09'); $id = GETPOST('id', 'int'); @@ -382,12 +383,9 @@ if ($search_projectstatus >= 0) { if ($search_projectstatus == 99) { $sql .= " AND p.fk_statut <> 2"; } else { - $sql .= " AND p.fk_statut = ".$db->escape($search_projectstatus); + $sql .= " AND p.fk_statut = ".((int) $search_projectstatus); } } -if ($search_public != '') { - $sql .= " AND p.public = ".$db->escape($search_public); -} if ($search_project_user > 0) { $sql .= " AND ecp.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listofprojectcontacttype))).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".$search_project_user; } @@ -512,9 +510,6 @@ if ($search_projectstatus != '') { if ((is_numeric($search_opp_status) && $search_opp_status >= 0) || in_array($search_opp_status, array('all', 'none'))) { $param .= '&search_opp_status='.urlencode($search_opp_status); } -if ($search_public != '') { - $param .= '&search_public='.urlencode($search_public); -} if ($search_project_user != '') { $param .= '&search_project_user='.urlencode($search_project_user); } diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index 01622a41945..a9316bcedcd 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -1043,7 +1043,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0) { $sql .= " ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."user as u"; $sql .= " WHERE t.fk_user = u.rowid AND t.fk_task = pt.rowid"; if (empty($projectidforalltimes)) { - $sql .= " AND t.fk_task =".$object->id; + $sql .= " AND t.fk_task =".((int) $object->id); } else { $sql .= " AND pt.fk_projet IN (".$db->sanitize($projectidforalltimes).")"; } diff --git a/htdocs/public/emailing/mailing-unsubscribe.php b/htdocs/public/emailing/mailing-unsubscribe.php index 9c39dafa18d..6648bafd07a 100644 --- a/htdocs/public/emailing/mailing-unsubscribe.php +++ b/htdocs/public/emailing/mailing-unsubscribe.php @@ -127,7 +127,7 @@ if (!empty($tag) && ($unsuscrib == '1')) { // Update status of mail in recipient mailing list table $statut = '3'; - $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE tag='".$db->escape($tag)."'"; + $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".((int) $statut)." WHERE tag = '".$db->escape($tag)."'"; $resql = $db->query($sql); if (!$resql) { diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index cd34b0f916f..531fdf9c23a 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -1699,10 +1699,10 @@ if ($action == 'create') { //if ($conf->delivery_note->enabled) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."delivery as l ON l.fk_reception = e.rowid LEFT JOIN ".MAIN_DB_PREFIX."deliverydet as ld ON ld.fk_delivery = l.rowid AND obj.rowid = ld.fk_origin_line"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON obj.fk_product = p.rowid"; $sql .= " WHERE e.entity IN (".getEntity('reception').")"; - $sql .= " AND obj.fk_commande = ".$origin_id; + $sql .= " AND obj.fk_commande = ".((int) $origin_id); $sql .= " AND obj.rowid = ed.fk_commandefourndet"; $sql .= " AND ed.fk_reception = e.rowid"; - $sql .= " AND ed.fk_reception !=".$object->id; + $sql .= " AND ed.fk_reception !=".(int) $object->id); //if ($filter) $sql.= $filter; $sql .= " ORDER BY obj.fk_product"; diff --git a/htdocs/reception/index.php b/htdocs/reception/index.php index 9eadc3be41a..7cb26dee0ca 100644 --- a/htdocs/reception/index.php +++ b/htdocs/reception/index.php @@ -94,7 +94,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= $clause." e.fk_statut = 0"; $sql .= " AND e.entity IN (".getEntity('reception').")"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -160,7 +160,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= " AND e.fk_statut = 1"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $sql .= " ORDER BY e.date_delivery DESC"; $sql .= $db->plimit($max, 0); @@ -219,7 +219,7 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; $sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")"; if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index 7295b3df75a..a6ecd37cc6d 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -454,10 +454,10 @@ if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no $sql .= " AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND e.fk_soc = ".$socid; + $sql .= " AND e.fk_soc = ".((int) $socid); } if ($search_status <> '' && $search_status >= 0) { - $sql .= " AND e.fk_statut = ".$search_status; + $sql .= " AND e.fk_statut = ".((int) $search_status); } if ($search_billed != '' && $search_billed >= 0) { $sql .= ' AND e.billed = '.((int) $search_billed); diff --git a/htdocs/recruitment/recruitmentindex.php b/htdocs/recruitment/recruitmentindex.php index 7e369fe6bb2..d3f97e6f3d1 100644 --- a/htdocs/recruitment/recruitmentindex.php +++ b/htdocs/recruitment/recruitmentindex.php @@ -255,7 +255,7 @@ if (! empty($conf->recruitment->enabled) && $user->rights->recruitment->read) $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); if ($resql) diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index 4979a883d9c..91f68951842 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -200,7 +200,7 @@ class Dolresource extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_resource as ty ON ty.code=t.fk_code_type_resource"; if ($id) { - $sql .= " WHERE t.rowid = ".$this->db->escape($id); + $sql .= " WHERE t.rowid = ".((int) $id); } else { $sql .= " WHERE t.ref = '".$this->db->escape($ref)."'"; } @@ -415,7 +415,7 @@ class Dolresource extends CommonObject dol_syslog(get_class($this), LOG_DEBUG); if ($this->db->query($sql)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."element_resources"; - $sql .= " WHERE element_type='resource' AND resource_id =".$this->db->escape($rowid); + $sql .= " WHERE element_type='resource' AND resource_id = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -831,7 +831,7 @@ class Dolresource extends CommonObject // Links beetween objects are stored in this table $sql = 'SELECT rowid, resource_id, resource_type, busy, mandatory'; $sql .= ' FROM '.MAIN_DB_PREFIX.'element_resources'; - $sql .= " WHERE element_id=".$element_id." AND element_type='".$this->db->escape($element)."'"; + $sql .= " WHERE element_id=".((int) $element_id)." AND element_type='".$this->db->escape($element)."'"; if ($resource_type) { $sql .= " AND resource_type LIKE '%".$this->db->escape($resource_type)."%'"; } diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index e7f1af66e0c..2f87fdd99d2 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -132,14 +132,13 @@ class Salary extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."salary SET"; - $sql .= " tms='".$this->db->idate(dol_now())."',"; - $sql .= " fk_user=".$this->fk_user.","; + $sql .= " fk_user=".((int) $this->fk_user).","; /*$sql .= " datep='".$this->db->idate($this->datep)."',"; $sql .= " datev='".$this->db->idate($this->datev)."',";*/ $sql .= " amount=".price2num($this->amount).","; $sql .= " fk_projet=".((int) $this->fk_project).","; - $sql .= " fk_typepayment=".$this->type_payment.","; + $sql .= " fk_typepayment=".((int) $this->type_payment).","; $sql .= " label='".$this->db->escape($this->label)."',"; $sql .= " datesp='".$this->db->idate($this->datesp)."',"; $sql .= " dateep='".$this->db->idate($this->dateep)."',"; @@ -147,7 +146,6 @@ class Salary extends CommonObject $sql .= " fk_bank=".($this->fk_bank > 0 ? (int) $this->fk_bank : "null").","; $sql .= " fk_user_author=".((int) $this->fk_user_author).","; $sql .= " fk_user_modif=".($this->fk_user_modif > 0 ? (int) $this->fk_user_modif : (int) $user->id); - $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); diff --git a/htdocs/salaries/list.php b/htdocs/salaries/list.php index 382e05e4f0d..b4abbb04a26 100644 --- a/htdocs/salaries/list.php +++ b/htdocs/salaries/list.php @@ -273,10 +273,10 @@ if ($search_account > 0) { $sql .= " AND s.fk_account=".((int) $search_account); } if ($search_status != '' && $search_status >= 0) { - $sql .= " AND s.paye = ".$db->escape($search_status); + $sql .= " AND s.paye = ".((int) $search_status); } if ($search_type_id) { - $sql .= " AND s.fk_typepayment=".$search_type_id; + $sql .= " AND s.fk_typepayment=".((int) $search_type_id); } $sql .= " GROUP BY u.rowid, u.lastname, u.firstname, u.login, u.email, u.admin, u.salary, u.fk_soc, u.statut,"; $sql .= " s.rowid, s.fk_account, s.paye, s.fk_user, s.amount, s.salary, s.label, s.datesp, s.dateep, s.fk_typepayment, s.fk_bank,"; diff --git a/htdocs/salaries/payments.php b/htdocs/salaries/payments.php index f0602e88a5c..7af7fa4d986 100644 --- a/htdocs/salaries/payments.php +++ b/htdocs/salaries/payments.php @@ -218,7 +218,7 @@ if ($search_fk_bank) $sql .= " AND s.fk_bank=".((int) $search_fk_bank); if ($search_chq_number) $sql .= natural_search(array('s.num_payment'), $search_chq_number); if ($search_type_id > 0) { - $sql .= " AND s.fk_typepayment=".$search_type_id; + $sql .= " AND s.fk_typepayment=".((int) $search_type_id); } $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/societe/class/api_contacts.class.php b/htdocs/societe/class/api_contacts.class.php index f62fb894bd0..f8cd7f9d7ea 100644 --- a/htdocs/societe/class/api_contacts.class.php +++ b/htdocs/societe/class/api_contacts.class.php @@ -210,7 +210,7 @@ class Contacts extends DolibarrApi // Select contacts of given category if ($category > 0) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category); + $sql .= " AND c.fk_categorie = ".((int) $category); $sql .= " AND c.fk_socpeople = t.rowid "; } diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php index 253a35e710c..0257b692b62 100644 --- a/htdocs/societe/class/api_thirdparties.class.php +++ b/htdocs/societe/class/api_thirdparties.class.php @@ -178,11 +178,11 @@ class Thirdparties extends DolibarrApi // Select thirdparties of given category if ($category > 0) { if (!empty($mode) && $mode != 4) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category)." AND c.fk_soc = t.rowid"; + $sql .= " AND c.fk_categorie = ".((int) $category)." AND c.fk_soc = t.rowid"; } elseif (!empty($mode) && $mode == 4) { - $sql .= " AND cc.fk_categorie = ".$this->db->escape($category)." AND cc.fk_soc = t.rowid"; + $sql .= " AND cc.fk_categorie = ".((int) $category)." AND cc.fk_soc = t.rowid"; } else { - $sql .= " AND ((c.fk_categorie = ".$this->db->escape($category)." AND c.fk_soc = t.rowid) OR (cc.fk_categorie = ".$this->db->escape($category)." AND cc.fk_soc = t.rowid))"; + $sql .= " AND ((c.fk_categorie = ".((int) $category)." AND c.fk_soc = t.rowid) OR (cc.fk_categorie = ".((int) $category)." AND cc.fk_soc = t.rowid))"; } } diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index 3e410019b22..6c52359979e 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -156,10 +156,10 @@ class CompanyBankAccount extends Account $sql .= ",cle_rib='".$this->db->escape($this->cle_rib)."'"; $sql .= ",bic='".$this->db->escape($this->bic)."'"; $sql .= ",iban_prefix = '".$this->db->escape($this->iban)."'"; - $sql .= ",domiciliation='".$this->db->escape($this->domiciliation)."'"; + $sql .= ",domiciliation = '".$this->db->escape($this->domiciliation)."'"; $sql .= ",proprio = '".$this->db->escape($this->proprio)."'"; $sql .= ",owner_address = '".$this->db->escape($this->owner_address)."'"; - $sql .= ",default_rib = ".$this->default_rib; + $sql .= ",default_rib = ".((int) $this->default_rib); if ($conf->prelevement->enabled) { $sql .= ",frstrecur = '".$this->db->escape($this->frstrecur)."'"; $sql .= ",rum = '".$this->db->escape($this->rum)."'"; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 97723f83f37..149801a65e2 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1386,7 +1386,7 @@ class Societe extends CommonObject $sql .= ",tva_assuj = ".($this->tva_assuj != '' ? "'".$this->db->escape($this->tva_assuj)."'" : "null"); $sql .= ",tva_intra = '".$this->db->escape($this->tva_intra)."'"; - $sql .= ",status = ".$this->status; + $sql .= ",status = ".((int) $this->status); // Local taxes $sql .= ",localtax1_assuj = ".($this->localtax1_assuj != '' ? "'".$this->db->escape($this->localtax1_assuj)."'" : "null"); @@ -1449,7 +1449,7 @@ class Societe extends CommonObject $sql .= ",webservices_key = ".(!empty($this->webservices_key) ? "'".$this->db->escape($this->webservices_key)."'" : "null"); //Incoterms - $sql .= ", fk_incoterms = ".$this->fk_incoterms; + $sql .= ", fk_incoterms = ".((int) $this->fk_incoterms); $sql .= ", location_incoterms = ".(!empty($this->location_incoterms) ? "'".$this->db->escape($this->location_incoterms)."'" : "null"); if ($customer) { @@ -3941,8 +3941,8 @@ class Societe extends CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX."adherent"; - $sql .= " SET fk_soc=".$this->id; - $sql .= " WHERE rowid=".$member->id; + $sql .= " SET fk_soc = ".((int) $this->id); + $sql .= " WHERE rowid = ".((int) $member->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index bf39dbc608c..5935ac43b70 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -288,7 +288,7 @@ if ($action == "change") { // Change customer for TakePOS $invoice->module_source = 'takepos'; $invoice->pos_source = $_SESSION["takeposterminal"]; $placeid = $invoice->create($user); - $sql = "UPDATE ".MAIN_DB_PREFIX."facture set ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")' where rowid=".$placeid; + $sql = "UPDATE ".MAIN_DB_PREFIX."facture set ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")' where rowid = ".((int) $placeid); $db->query($sql); } @@ -526,13 +526,13 @@ if (!$user->rights->fournisseur->lire) { if ($search_sale == -2) { $sql .= " AND sc.fk_user IS NULL"; } elseif ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$db->escape($search_sale); + $sql .= " AND sc.fk_user = ".((int) $search_sale); } if ($search_categ_cus > 0) { - $sql .= " AND cc.fk_categorie = ".$db->escape($search_categ_cus); + $sql .= " AND cc.fk_categorie = ".((int) $search_categ_cus); } if ($search_categ_sup > 0) { - $sql .= " AND cs.fk_categorie = ".$db->escape($search_categ_sup); + $sql .= " AND cs.fk_categorie = ".((int) $search_categ_sup); } if ($search_categ_cus == -2) { $sql .= " AND cc.fk_categorie IS NULL"; @@ -667,7 +667,7 @@ $parameters = array('socid' => $socid); $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters); // Note that $action and $object may have been modified by hook if (empty($reshook)) { if ($socid) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } } $sql .= $hookmanager->resPrint; diff --git a/htdocs/societe/notify/card.php b/htdocs/societe/notify/card.php index 55ae070363a..7e4a1084ec1 100644 --- a/htdocs/societe/notify/card.php +++ b/htdocs/societe/notify/card.php @@ -34,8 +34,8 @@ $langs->loadLangs(array("companies", "mails", "admin", "other", "errors")); $socid = GETPOST("socid", 'int'); $action = GETPOST('action', 'aZ09'); -$contactid = GETPOST('contactid'); // May be an int or 'thirdparty' -$actionid = GETPOST('actionid'); +$contactid = GETPOST('contactid', 'alpha'); // May be an int or 'thirdparty' +$actionid = GETPOST('actionid', 'int'); $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') // Security check @@ -98,10 +98,10 @@ if (empty($reshook)) { $db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def"; - $sql .= " WHERE fk_soc=".$socid." AND fk_contact=".$contactid." AND fk_action=".$actionid; + $sql .= " WHERE fk_soc=".((int) $socid)." AND fk_contact=".((int) $contactid)." AND fk_action=".((int) $actionid); if ($db->query($sql)) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec,fk_soc, fk_contact, fk_action)"; - $sql .= " VALUES ('".$db->idate($now)."',".$socid.",".$contactid.",".$actionid.")"; + $sql .= " VALUES ('".$db->idate($now)."',".((int) $socid).",".((int) $contactid).",".((int) $actionid).")"; if (!$db->query($sql)) { $error++; @@ -230,7 +230,7 @@ if ($result > 0) { $sql .= " ".MAIN_DB_PREFIX."socpeople c"; $sql .= " WHERE a.rowid = n.fk_action"; $sql .= " AND c.rowid = n.fk_contact"; - $sql .= " AND c.fk_soc = ".$object->id; + $sql .= " AND c.fk_soc = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { @@ -399,7 +399,7 @@ if ($result > 0) { $sql .= " ".MAIN_DB_PREFIX."notify as n "; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as c ON n.fk_contact = c.rowid"; $sql .= " WHERE a.rowid = n.fk_action"; - $sql .= " AND n.fk_soc = ".$object->id; + $sql .= " AND n.fk_soc = ".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); // Count total nb of records diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php index ed392c0c0a1..2d2869fd1cc 100644 --- a/htdocs/societe/paymentmodes.php +++ b/htdocs/societe/paymentmodes.php @@ -977,8 +977,8 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX."societe_rib"; $sql .= " WHERE type in ('card')"; - $sql .= " AND fk_soc = ".$object->id; - $sql .= " AND status = ".$servicestatus; + $sql .= " AND fk_soc = ".((int) $object->id); + $sql .= " AND status = ".((int) $servicestatus); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 47793509bab..5906db24ee7 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -3211,7 +3211,7 @@ class SupplierProposalLine extends CommonObjectLine $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposaldet SET"; $sql .= " description='".$this->db->escape($this->desc)."'"; $sql .= " , label=".(!empty($this->label) ? "'".$this->db->escape($this->label)."'" : "null"); - $sql .= " , product_type=".$this->product_type; + $sql .= " , product_type=".((int) $this->product_type); $sql .= " , date_start=".($this->date_start ? "'".$this->db->idate($this->date_start)."'" : "null"); $sql .= " , date_end=".($this->date_end ? "'".$this->db->idate($this->date_end)."'" : "null"); $sql .= " , tva_tx='".price2num($this->tva_tx)."'"; @@ -3233,11 +3233,11 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " , fk_product_fournisseur_price=".(!empty($this->fk_fournprice) ? "'".$this->db->escape($this->fk_fournprice)."'" : "null"); $sql .= " , buy_price_ht=".price2num($this->pa_ht); if (strlen($this->special_code)) { - $sql .= " , special_code=".$this->special_code; + $sql .= " , special_code=".((int) $this->special_code); } $sql .= " , fk_parent_line=".($this->fk_parent_line > 0 ? $this->fk_parent_line : "null"); if (!empty($this->rang)) { - $sql .= ", rang=".$this->rang; + $sql .= ", rang=".((int) $this->rang); } $sql .= " , ref_fourn=".(!empty($this->ref_fourn) ? "'".$this->db->escape($this->ref_fourn)."'" : "null"); $sql .= " , fk_unit=".($this->fk_unit ? $this->fk_unit : 'null'); diff --git a/htdocs/supplier_proposal/index.php b/htdocs/supplier_proposal/index.php index 75eba410d0f..85f5f96c1af 100644 --- a/htdocs/supplier_proposal/index.php +++ b/htdocs/supplier_proposal/index.php @@ -173,7 +173,7 @@ if (!empty($conf->supplier_proposal->enabled)) { $sql .= " AND c.entity = ".$conf->entity; $sql .= " AND c.fk_statut = 0"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; @@ -231,7 +231,7 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; //$sql.= " AND c.fk_statut > 2"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 3b9a7892310..5fcafb2fdc4 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -382,7 +382,7 @@ if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { - $sql .= " AND c.fk_c_type_contact = tc.rowid AND tc.element='supplier_proposal' AND tc.source='internal' AND c.element_id = sp.rowid AND c.fk_socpeople = ".$search_user; + $sql .= " AND c.fk_c_type_contact = tc.rowid AND tc.element='supplier_proposal' AND tc.source='internal' AND c.element_id = sp.rowid AND c.fk_socpeople = ".((int) $search_user); } // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/htdocs/takepos/floors.php b/htdocs/takepos/floors.php index 92d7e8288e1..0aa45028ddd 100644 --- a/htdocs/takepos/floors.php +++ b/htdocs/takepos/floors.php @@ -70,7 +70,7 @@ if (empty($user->rights->takepos->run)) { */ if ($action == "getTables") { - $sql = "SELECT rowid, entity, label, leftpos, toppos, floor FROM ".MAIN_DB_PREFIX."takepos_floor_tables where floor=".$floor; + $sql = "SELECT rowid, entity, label, leftpos, toppos, floor FROM ".MAIN_DB_PREFIX."takepos_floor_tables where floor = ".((int) $floor); $resql = $db->query($sql); $rows = array(); while ($row = $db->fetch_array($resql)) { diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 6582ec96172..60276c545ca 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -478,7 +478,7 @@ if (($action == "addline" || $action == "freezone") && $placeid == 0) { if ($placeid < 0) { dol_htmloutput_errors($invoice->error, $invoice->errors, 1); } - $sql = "UPDATE ".MAIN_DB_PREFIX."facture set ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")' where rowid=".$placeid; + $sql = "UPDATE ".MAIN_DB_PREFIX."facture set ref='(PROV-POS".$_SESSION["takeposterminal"]."-".$place.")' where rowid = ".((int) $placeid); $db->query($sql); } } diff --git a/htdocs/ticket/class/api_tickets.class.php b/htdocs/ticket/class/api_tickets.class.php index 7f2d2cf1be0..e104d425bf4 100644 --- a/htdocs/ticket/class/api_tickets.class.php +++ b/htdocs/ticket/class/api_tickets.class.php @@ -262,7 +262,7 @@ class Tickets extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($socid > 0) { - $sql .= " AND t.fk_soc = ".$socid; + $sql .= " AND t.fk_soc = ".((int) $socid); } if ($search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale @@ -270,7 +270,7 @@ class Tickets extends DolibarrApi // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 61a6d15d9a1..f4e92ecab18 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -1829,19 +1829,22 @@ class Ticket extends CommonObject public function searchSocidByEmail($email, $type = '0', $filters = array(), $clause = 'AND') { $thirdparties = array(); + $case = 0; + $exact = 0; // Generation requete recherche $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe"; $sql .= " WHERE entity IN (".getEntity('ticket', 1).")"; if (!empty($type)) { if ($type == 1 || $type == 2) { - $sql .= " AND client = ".$type; + $sql .= " AND client = ".((int) $type); } elseif ($type == 3) { $sql .= " AND fournisseur = 1"; } } if (!empty($email)) { if (!$exact) { + $regs = array(); if (preg_match('/^([\*])?[^*]+([\*])?$/', $email, $regs) && count($regs) > 1) { $email = str_replace('*', '%', $email); } else { diff --git a/htdocs/user/class/api_users.class.php b/htdocs/user/class/api_users.class.php index 9fa84042c3a..e0cbd849092 100644 --- a/htdocs/user/class/api_users.class.php +++ b/htdocs/user/class/api_users.class.php @@ -93,7 +93,7 @@ class Users extends DolibarrApi // Select products of given category if ($category > 0) { - $sql .= " AND c.fk_categorie = ".$this->db->escape($category); + $sql .= " AND c.fk_categorie = ".((int) $category); $sql .= " AND c.fk_user = t.rowid"; } diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 910edce8c17..ec09aafeef5 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1418,10 +1418,10 @@ class User extends CommonObject $result = $this->create($user, 1); if ($result > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."user"; - $sql .= " SET fk_socpeople=".$contact->id; + $sql .= " SET fk_socpeople=".((int) $contact->id); $sql .= ", civility='".$this->db->escape($contact->civility_code)."'"; if ($contact->socid > 0) { - $sql .= ", fk_soc=".$contact->socid; + $sql .= ", fk_soc=".((int) $contact->socid); } $sql .= " WHERE rowid=".((int) $this->id); @@ -1517,7 +1517,7 @@ class User extends CommonObject if ($result > 0 && $member->fk_soc) { // If member is linked to a thirdparty $sql = "UPDATE ".MAIN_DB_PREFIX."user"; - $sql .= " SET fk_soc=".$member->fk_soc; + $sql .= " SET fk_soc=".((int) $member->fk_soc); $sql .= " WHERE rowid=".((int) $this->id); dol_syslog(get_class($this)."::create_from_member", LOG_DEBUG); diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php index cacaeb54fc1..083b1bcc18c 100644 --- a/htdocs/user/class/usergroup.class.php +++ b/htdocs/user/class/usergroup.class.php @@ -194,7 +194,7 @@ class UserGroup extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."usergroup as g,"; $sql .= " ".MAIN_DB_PREFIX."usergroup_user as ug"; $sql .= " WHERE ug.fk_usergroup = g.rowid"; - $sql .= " AND ug.fk_user = ".$userid; + $sql .= " AND ug.fk_user = ".((int) $userid); if (!empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && !$user->entity) { $sql .= " AND g.entity IS NOT NULL"; } else { @@ -359,7 +359,7 @@ class UserGroup extends CommonObject //print "$module-$perms-$subperms"; $sql = "SELECT id"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE entity = ".$entity; + $sql .= " WHERE entity = ".((int) $entity); if (!empty($whereforadd) && $whereforadd != 'allmodules') { $sql .= " AND ".$whereforadd; } @@ -438,8 +438,8 @@ class UserGroup extends CommonObject // les caracteristiques module, perms et subperms de ce droit. $sql = "SELECT module, perms, subperms"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE id = '".$this->db->escape($rid)."'"; - $sql .= " AND entity = ".$entity; + $sql .= " WHERE id = ".((int) $rid); + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); if ($result) { @@ -454,8 +454,8 @@ class UserGroup extends CommonObject dol_print_error($this->db); } - // Where pour la liste des droits a supprimer - $wherefordel = "id=".$this->db->escape($rid); + // Where for the list of permissions to delete + $wherefordel = "id = ".((int) $rid); // Suppression des droits induits if ($subperms == 'lire' || $subperms == 'read') { $wherefordel .= " OR (module='".$this->db->escape($module)."' AND perms='".$this->db->escape($perms)."' AND subperms IS NOT NULL)"; diff --git a/htdocs/user/list.php b/htdocs/user/list.php index bd82824cb05..62372df637a 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -423,7 +423,7 @@ if ($search_categ == -2) { $sql .= " AND cu.fk_categorie IS NULL"; } if ($search_warehouse > 0) { - $sql .= " AND u.fk_warehouse = ".$db->escape($search_warehouse); + $sql .= " AND u.fk_warehouse = ".((int) $search_warehouse); } if ($mode == 'employee' && empty($user->rights->salaries->readall)) { $sql .= " AND u.rowid IN (".$db->sanitize(join(',', $childids)).")"; diff --git a/htdocs/webservices/server_invoice.php b/htdocs/webservices/server_invoice.php index d1382ac7c62..3fa61960b8c 100644 --- a/htdocs/webservices/server_invoice.php +++ b/htdocs/webservices/server_invoice.php @@ -425,7 +425,7 @@ function getInvoicesForThirdParty($authentication, $idthirdparty) $sql .= ' FROM '.MAIN_DB_PREFIX.'facture as f'; $sql .= " WHERE f.entity IN (".getEntity('invoice').")"; if ($idthirdparty != 'all') { - $sql .= " AND f.fk_soc = ".$db->escape($idthirdparty); + $sql .= " AND f.fk_soc = ".((int) $idthirdparty); } $resql = $db->query($sql); diff --git a/htdocs/webservices/server_order.php b/htdocs/webservices/server_order.php index 8f3d5af17e6..73769d43cec 100644 --- a/htdocs/webservices/server_order.php +++ b/htdocs/webservices/server_order.php @@ -537,7 +537,7 @@ function getOrdersForThirdParty($authentication, $idthirdparty) $sql .= ' FROM '.MAIN_DB_PREFIX.'commande as c'; $sql .= " WHERE c.entity = ".$conf->entity; if ($idthirdparty != 'all') { - $sql .= " AND c.fk_soc = ".$db->escape($idthirdparty); + $sql .= " AND c.fk_soc = ".((int) $idthirdparty); } diff --git a/htdocs/webservices/server_productorservice.php b/htdocs/webservices/server_productorservice.php index 95b7246d021..35997d16d6e 100644 --- a/htdocs/webservices/server_productorservice.php +++ b/htdocs/webservices/server_productorservice.php @@ -916,13 +916,13 @@ function getListOfProductsOrServices($authentication, $filterproduct) $sql .= " WHERE entity=".$conf->entity; foreach ($filterproduct as $key => $val) { if ($key == 'type' && $val >= 0) { - $sql .= " AND fk_product_type = ".$db->escape($val); + $sql .= " AND fk_product_type = ".((int) $val); } if ($key == 'status_tosell') { - $sql .= " AND tosell = ".$db->escape($val); + $sql .= " AND tosell = ".((int) $val); } if ($key == 'status_tobuy') { - $sql .= " AND tobuy = ".$db->escape($val); + $sql .= " AND tobuy = ".((int) $val); } } $resql = $db->query($sql); diff --git a/htdocs/webservices/server_supplier_invoice.php b/htdocs/webservices/server_supplier_invoice.php index 2a17ea15265..6803133d527 100644 --- a/htdocs/webservices/server_supplier_invoice.php +++ b/htdocs/webservices/server_supplier_invoice.php @@ -358,7 +358,7 @@ function getSupplierInvoicesForThirdParty($authentication, $idthirdparty) //$sql.=" WHERE f.fk_soc = s.rowid AND nom = '".$db->escape($idthirdparty)."'"; $sql .= " WHERE f.entity = ".$conf->entity; if ($idthirdparty != 'all') { - $sql .= " AND f.fk_soc = ".$db->escape($idthirdparty); + $sql .= " AND f.fk_soc = ".((int) $idthirdparty); } $resql = $db->query($sql); diff --git a/htdocs/webservices/server_thirdparty.php b/htdocs/webservices/server_thirdparty.php index c256e975217..dbf2f3dd125 100644 --- a/htdocs/webservices/server_thirdparty.php +++ b/htdocs/webservices/server_thirdparty.php @@ -707,13 +707,13 @@ function getListOfThirdParties($authentication, $filterthirdparty) $sql .= " AND s.name LIKE '%".$db->escape($val)."%'"; } if ($key == 'client' && (int) $val > 0) { - $sql .= " AND s.client = ".$db->escape($val); + $sql .= " AND s.client = ".((int) $val); } if ($key == 'supplier' && (int) $val > 0) { - $sql .= " AND s.fournisseur = ".$db->escape($val); + $sql .= " AND s.fournisseur = ".((int) $val); } if ($key == 'category' && (int) $val > 0) { - $sql .= " AND s.rowid IN (SELECT fk_soc FROM ".MAIN_DB_PREFIX."categorie_societe WHERE fk_categorie=".$db->escape($val).") "; + $sql .= " AND s.rowid IN (SELECT fk_soc FROM ".MAIN_DB_PREFIX."categorie_societe WHERE fk_categorie = ".((int) $val).") "; } } dol_syslog("Function: getListOfThirdParties", LOG_DEBUG);