diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 95d88c80c87..f91b6e19b48 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -261,7 +261,7 @@ class AccountancyCategory // extends CommonObject $sql .= " t.active"; $sql .= " FROM ".MAIN_DB_PREFIX."c_accounting_category as t"; if ($id) { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } else { $sql .= " WHERE t.entity IN (".getEntity('c_accounting_category').")"; // Dont't use entity if you use rowid if ($code) { diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php index d5fad9b8f60..4f46fc7683f 100644 --- a/htdocs/accountancy/class/accountingaccount.class.php +++ b/htdocs/accountancy/class/accountingaccount.class.php @@ -553,7 +553,7 @@ class AccountingAccount extends CommonObject { $sql = 'SELECT a.rowid, a.datec, a.fk_user_author, a.fk_user_modif, a.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'accounting_account as a'; - $sql .= ' WHERE a.rowid = '.$id; + $sql .= ' WHERE a.rowid = '.((int) $id); dol_syslog(get_class($this).'::info sql='.$sql); $result = $this->db->query($sql); diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 27a84270e95..82334807bfb 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -729,7 +729,7 @@ class BookKeeping extends CommonObject if (null !== $ref) { $sql .= " AND t.ref = '".$this->db->escape($ref)."'"; } else { - $sql .= ' AND t.rowid = '.$id; + $sql .= ' AND t.rowid = '.((int) $id); } $resql = $this->db->query($sql); diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index 9807922c43f..1209576ddba 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -55,7 +55,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { $sql = " UPDATE ".MAIN_DB_PREFIX."facturedet"; $sql .= " SET fk_code_ventilation = ".$codeventil; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); if (!$resql) { @@ -99,7 +99,7 @@ if (!empty($id)) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON l.fk_code_ventilation = aa.rowid"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = l.fk_facture"; - $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".$id; + $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id); $sql .= " AND f.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy dol_syslog("/accounting/customer/card.php sql=".$sql, LOG_DEBUG); diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index d68326ad68e..f997f666e6e 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -59,7 +59,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { $sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det"; $sql .= " SET fk_code_ventilation = ".$codeventil; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); if (!$resql) { @@ -101,7 +101,7 @@ if (!empty($id)) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_fees as f ON f.id = erd.fk_c_type_fees"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON erd.fk_code_ventilation = aa.rowid"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."expensereport as er ON er.rowid = erd.fk_expensereport"; - $sql .= " WHERE er.fk_statut > 0 AND erd.rowid = ".$id; + $sql .= " WHERE er.fk_statut > 0 AND erd.rowid = ".((int) $id); $sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy dol_syslog("/accounting/expensereport/card.php sql=".$sql, LOG_DEBUG); diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 25a3fc04ca4..0d86b928a26 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -59,7 +59,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { $sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; $sql .= " SET fk_code_ventilation = ".$codeventil; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); if (!$resql) { @@ -101,7 +101,7 @@ if (!empty($id)) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON l.fk_code_ventilation = aa.rowid"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."facture_fourn as f ON f.rowid = l.fk_facture_fourn "; - $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".$id; + $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id); $sql .= " AND f.entity IN (".getEntity('facture_fourn', 0).")"; // We don't share object for accountancy dol_syslog("/accounting/supplier/card.php sql=".$sql, LOG_DEBUG); diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 43447665b94..f8b49e51b34 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -2644,7 +2644,7 @@ class Adherent extends CommonObject $sql .= ' a.tms as datem,'; $sql .= ' a.fk_user_author, a.fk_user_valid, a.fk_user_mod'; $sql .= ' FROM '.MAIN_DB_PREFIX.'adherent as a'; - $sql .= ' WHERE a.rowid = '.$id; + $sql .= ' WHERE a.rowid = '.((int) $id); dol_syslog(get_class($this)."::info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/adherents/class/subscription.class.php b/htdocs/adherents/class/subscription.class.php index dff127d6d2b..9bd9bedc78c 100644 --- a/htdocs/adherents/class/subscription.class.php +++ b/htdocs/adherents/class/subscription.class.php @@ -483,7 +483,7 @@ class Subscription extends CommonObject $sql = 'SELECT c.rowid, c.datec,'; $sql .= ' c.tms as datem'; $sql .= ' FROM '.MAIN_DB_PREFIX.'subscription as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/asset/class/asset.class.php b/htdocs/asset/class/asset.class.php index 48f66ae5ccf..66cd9bcb4cf 100644 --- a/htdocs/asset/class/asset.class.php +++ b/htdocs/asset/class/asset.class.php @@ -414,7 +414,7 @@ class Asset extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/blockedlog/class/authority.class.php b/htdocs/blockedlog/class/authority.class.php index 0913223da0d..e3425888fe2 100644 --- a/htdocs/blockedlog/class/authority.class.php +++ b/htdocs/blockedlog/class/authority.class.php @@ -161,7 +161,7 @@ class BlockedLogAuthority $sql .= " FROM ".MAIN_DB_PREFIX."blockedlog_authority as b"; if ($id) { - $sql .= " WHERE b.rowid = ".$id; + $sql .= " WHERE b.rowid = ".((int) $id); } elseif ($signature) { $sql .= " WHERE b.signature = '".$this->db->escape($signature)."'"; } diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index db1abb28c42..b3af3a43fd2 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -892,7 +892,7 @@ class BOM extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { @@ -1469,7 +1469,7 @@ class BOMLine extends CommonObjectLine $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/bookmarks/class/bookmark.class.php b/htdocs/bookmarks/class/bookmark.class.php index f5bbefae3d3..4fe8c3cee83 100644 --- a/htdocs/bookmarks/class/bookmark.class.php +++ b/htdocs/bookmarks/class/bookmark.class.php @@ -117,7 +117,7 @@ class Bookmark extends CommonObject $sql = "SELECT rowid, fk_user, dateb as datec, url, target,"; $sql .= " title, position, favicon"; $sql .= " FROM ".MAIN_DB_PREFIX."bookmark"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $sql .= " AND entity = ".$conf->entity; dol_syslog("Bookmark::fetch", LOG_DEBUG); @@ -239,7 +239,7 @@ class Bookmark extends CommonObject public function remove($id) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bookmark"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog("Bookmark::remove", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index d83bc794baa..296607207a8 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -324,7 +324,7 @@ class Categorie extends CommonObject $sql .= ", date_creation, tms, fk_user_creat, fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX."categorie"; if ($id > 0) { - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); } elseif (!empty($ref_ext)) { $sql .= " WHERE ref_ext LIKE '".$this->db->escape($ref_ext)."'"; } else { diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php index 719ec5b6c49..5e5535d8bd6 100644 --- a/htdocs/comm/mailing/class/advtargetemailing.class.php +++ b/htdocs/comm/mailing/class/advtargetemailing.class.php @@ -228,7 +228,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " t.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 4d5f75c7c24..dc4aee66254 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -3763,7 +3763,7 @@ class Commande extends CommonOrder $sql .= ' date_cloture as datecloture,'; $sql .= ' fk_user_author, fk_user_valid, fk_user_cloture'; $sql .= ' FROM '.MAIN_DB_PREFIX.'commande as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 7cabbc98500..a8519236931 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -2271,7 +2271,7 @@ class AccountLine extends CommonObject $sql = 'SELECT b.rowid, b.datec, b.tms as datem,'; $sql .= ' b.fk_user_author, b.fk_user_rappro'; $sql .= ' FROM '.MAIN_DB_PREFIX.'bank as b'; - $sql .= ' WHERE b.rowid = '.$id; + $sql .= ' WHERE b.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/compta/bank/class/bankcateg.class.php b/htdocs/compta/bank/class/bankcateg.class.php index be023fe630c..d7651ee3678 100644 --- a/htdocs/compta/bank/class/bankcateg.class.php +++ b/htdocs/compta/bank/class/bankcateg.class.php @@ -126,7 +126,7 @@ class BankCateg // extends CommonObject $sql .= " t.rowid,"; $sql .= " t.label"; $sql .= " FROM ".MAIN_DB_PREFIX."bank_categ as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); $sql .= " AND t.entity = ".$conf->entity; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index 8be1c392426..8dce4149511 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -274,7 +274,7 @@ class PaymentVarious extends CommonObject $sql .= " b.rappro"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_various as v"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON v.fk_bank = b.rowid"; - $sql .= " WHERE v.rowid = ".$id; + $sql .= " WHERE v.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -742,7 +742,7 @@ class PaymentVarious extends CommonObject { $sql = 'SELECT v.rowid, v.datec, v.fk_user_author'; $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_various as v'; - $sql .= ' WHERE v.rowid = '.$id; + $sql .= ' WHERE v.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/deplacement/class/deplacement.class.php b/htdocs/compta/deplacement/class/deplacement.class.php index 1c7a4e75552..c34d89bfa2f 100644 --- a/htdocs/compta/deplacement/class/deplacement.class.php +++ b/htdocs/compta/deplacement/class/deplacement.class.php @@ -278,7 +278,7 @@ class Deplacement extends CommonObject if ($ref) { $sql .= " AND ref ='".$this->db->escape($ref)."'"; } else { - $sql .= " AND rowid = ".$id; + $sql .= " AND rowid = ".((int) $id); } dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -317,7 +317,7 @@ class Deplacement extends CommonObject { $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."deplacement WHERE rowid = ".$id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."deplacement WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $result = $this->db->query($sql); @@ -471,7 +471,7 @@ class Deplacement extends CommonObject $sql = 'SELECT c.rowid, c.datec, c.fk_user_author, c.fk_user_modif,'; $sql .= ' c.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'deplacement as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index dfd50147109..fc6c558a31c 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -3955,7 +3955,7 @@ class Facture extends CommonInvoice $sql .= ' date_closing as dateclosing,'; $sql .= ' fk_user_author, fk_user_valid, fk_user_closing'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/compta/facture/class/paymentterm.class.php b/htdocs/compta/facture/class/paymentterm.class.php index d9c0fa36c9a..87cd50d27c6 100644 --- a/htdocs/compta/facture/class/paymentterm.class.php +++ b/htdocs/compta/facture/class/paymentterm.class.php @@ -192,7 +192,7 @@ class PaymentTerm // extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_payment_term as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/localtax/class/localtax.class.php b/htdocs/compta/localtax/class/localtax.class.php index cdea12902bc..f0b199818ef 100644 --- a/htdocs/compta/localtax/class/localtax.class.php +++ b/htdocs/compta/localtax/class/localtax.class.php @@ -234,7 +234,7 @@ class Localtax extends CommonObject $sql .= " b.rappro"; $sql .= " FROM ".MAIN_DB_PREFIX."localtax as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON t.fk_bank = b.rowid"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 06d13e78023..42b05f39263 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -169,7 +169,7 @@ class Paiement extends CommonObject $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON p.fk_bank = b.rowid'; $sql .= ' WHERE p.entity IN ('.getEntity('invoice').')'; if ($id > 0) { - $sql .= ' AND p.rowid = '.$id; + $sql .= ' AND p.rowid = '.((int) $id); } elseif ($ref) { $sql .= " AND p.ref = '".$ref."'"; } elseif ($fk_bank) { @@ -899,7 +899,7 @@ class Paiement extends CommonObject { $sql = 'SELECT p.rowid, p.datec, p.fk_user_creat, p.fk_user_modif, p.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement as p'; - $sql .= ' WHERE p.rowid = '.$id; + $sql .= ' WHERE p.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/prelevement/class/rejetprelevement.class.php b/htdocs/compta/prelevement/class/rejetprelevement.class.php index 70742d24685..0faea8a159c 100644 --- a/htdocs/compta/prelevement/class/rejetprelevement.class.php +++ b/htdocs/compta/prelevement/class/rejetprelevement.class.php @@ -128,7 +128,7 @@ class RejetPrelevement // Tag the line to refused $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes "; $sql .= " SET statut = 3"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); if (!$this->db->query($sql)) { dol_syslog("RejetPrelevement::create Erreur 5"); diff --git a/htdocs/compta/sociales/class/chargesociales.class.php b/htdocs/compta/sociales/class/chargesociales.class.php index 91a0708c361..fc91d5f8ed3 100644 --- a/htdocs/compta/sociales/class/chargesociales.class.php +++ b/htdocs/compta/sociales/class/chargesociales.class.php @@ -149,7 +149,7 @@ class ChargeSociales extends CommonObject if ($ref) { $sql .= " AND cs.rowid = ".$ref; } else { - $sql .= " AND cs.rowid = ".$id; + $sql .= " AND cs.rowid = ".((int) $id); } dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -672,7 +672,7 @@ class ChargeSociales extends CommonObject $sql = "SELECT e.rowid, e.tms as datem, e.date_creation as datec, e.date_valid as datev, e.import_key,"; $sql .= " e.fk_user_author, e.fk_user_modif, e.fk_user_valid"; $sql .= " FROM ".MAIN_DB_PREFIX."chargesociales as e"; - $sql .= " WHERE e.rowid = ".$id; + $sql .= " WHERE e.rowid = ".((int) $id); dol_syslog(get_class($this)."::info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php index bb9a48b4c4c..e9c5dfb960d 100644 --- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php +++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php @@ -262,7 +262,7 @@ class PaymentSocialContribution extends CommonObject $sql .= ' b.fk_account'; $sql .= " FROM ".MAIN_DB_PREFIX."paiementcharge as t LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepaiement = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); // TODO link on entity of tax; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); diff --git a/htdocs/compta/tva/class/paymentvat.class.php b/htdocs/compta/tva/class/paymentvat.class.php index 4f816164db0..e1ee4e5d241 100644 --- a/htdocs/compta/tva/class/paymentvat.class.php +++ b/htdocs/compta/tva/class/paymentvat.class.php @@ -261,7 +261,7 @@ class PaymentVAT extends CommonObject $sql .= ' b.fk_account'; $sql .= " FROM ".MAIN_DB_PREFIX."payment_vat as t LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepaiement = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); // TODO link on entity of tax; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); diff --git a/htdocs/compta/tva/class/tva.class.php b/htdocs/compta/tva/class/tva.class.php index f45112aedda..100406ae5d8 100644 --- a/htdocs/compta/tva/class/tva.class.php +++ b/htdocs/compta/tva/class/tva.class.php @@ -305,7 +305,7 @@ class Tva extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."tva as t"; //$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON t.fk_bank = b.rowid"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 94da51cca8a..91298a4bfce 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -2873,7 +2873,7 @@ class ContratLigne extends CommonObjectLine $sql .= " t.fk_unit"; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as t LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = t.fk_product"; if ($id) { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } if ($ref) { $sql .= " WHERE t.rowid = '".$this->db->escape($ref)."'"; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index a392fd793d5..719cd8b9789 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1847,7 +1847,7 @@ abstract class CommonObject $result = false; if (!empty($id) && !empty($field) && !empty($table)) { $sql = "SELECT ".$field." FROM ".MAIN_DB_PREFIX.$table; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this).'::getValueFrom', LOG_DEBUG); $resql = $this->db->query($sql); @@ -4173,7 +4173,7 @@ abstract class CommonObject $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element; $sql .= " WHERE entity IN (".getEntity($this->element).")"; if (!empty($id)) { - $sql .= " AND rowid = ".$id; + $sql .= " AND rowid = ".((int) $id); } if (!empty($ref)) { $sql .= " AND ref = '".$this->db->escape($ref)."'"; @@ -8480,7 +8480,7 @@ abstract class CommonObject $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; if (!empty($id)) { - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); } elseif (!empty($ref)) { $sql .= " WHERE t.ref = ".$this->quote($ref, $this->fields['ref']); } else { diff --git a/htdocs/core/class/cproductnature.class.php b/htdocs/core/class/cproductnature.class.php index c95822bf226..6c3a1f7bb9d 100644 --- a/htdocs/core/class/cproductnature.class.php +++ b/htdocs/core/class/cproductnature.class.php @@ -151,7 +151,7 @@ class CProductNature // extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t"; $sql_where = array(); if ($id) { - $sql_where[] = " t.rowid = ".$id; + $sql_where[] = " t.rowid = ".((int) $id); } if ($code >= 0) { $sql_where[] = " t.code = ".((int) $code); diff --git a/htdocs/core/class/cstate.class.php b/htdocs/core/class/cstate.class.php index 66ee803d41a..ca5f4bcfeb0 100644 --- a/htdocs/core/class/cstate.class.php +++ b/htdocs/core/class/cstate.class.php @@ -163,7 +163,7 @@ class Cstate // extends CommonObject $sql .= " t.active"; $sql .= " FROM ".MAIN_DB_PREFIX."c_departements as t"; if ($id) { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } elseif ($code) { $sql .= " WHERE t.code_departement = '".$this->db->escape($code)."'"; } diff --git a/htdocs/core/class/cunits.class.php b/htdocs/core/class/cunits.class.php index e55d227de0e..d3f08db5a53 100644 --- a/htdocs/core/class/cunits.class.php +++ b/htdocs/core/class/cunits.class.php @@ -181,7 +181,7 @@ class CUnits // extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_units as t"; $sql_where = array(); if ($id) { - $sql_where[] = " t.rowid = ".$id; + $sql_where[] = " t.rowid = ".((int) $id); } if ($unit_type) { $sql_where[] = " t.unit_type = '".$this->db->escape($unit_type)."'"; diff --git a/htdocs/core/class/emailsenderprofile.class.php b/htdocs/core/class/emailsenderprofile.class.php index 39a5aec95fe..d4b9f0bd93e 100644 --- a/htdocs/core/class/emailsenderprofile.class.php +++ b/htdocs/core/class/emailsenderprofile.class.php @@ -350,7 +350,7 @@ class EmailSenderProfile extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/core/class/events.class.php b/htdocs/core/class/events.class.php index 980c8c53dde..89db5d248a8 100644 --- a/htdocs/core/class/events.class.php +++ b/htdocs/core/class/events.class.php @@ -238,7 +238,7 @@ class Events // extends CommonObject $sql .= " t.user_agent,"; $sql .= " t.prefix_session"; $sql .= " FROM ".MAIN_DB_PREFIX."events as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/core/class/fiscalyear.class.php b/htdocs/core/class/fiscalyear.class.php index ebcf4adc7b0..566407cffc4 100644 --- a/htdocs/core/class/fiscalyear.class.php +++ b/htdocs/core/class/fiscalyear.class.php @@ -222,7 +222,7 @@ class Fiscalyear extends CommonObject { $sql = "SELECT rowid, label, date_start, date_end, statut"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_fiscalyear"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); @@ -253,7 +253,7 @@ class Fiscalyear extends CommonObject { $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."accounting_fiscalyear WHERE rowid = ".$id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."accounting_fiscalyear WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $result = $this->db->query($sql); @@ -417,7 +417,7 @@ class Fiscalyear extends CommonObject $sql = 'SELECT fy.rowid, fy.datec, fy.fk_user_author, fy.fk_user_modif,'; $sql .= ' fy.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'accounting_fiscalyear as fy'; - $sql .= ' WHERE fy.rowid = '.$id; + $sql .= ' WHERE fy.rowid = '.((int) $id); dol_syslog(get_class($this)."::fetch info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/class/menubase.class.php b/htdocs/core/class/menubase.class.php index 97c63e62d67..8b59cb95bfc 100644 --- a/htdocs/core/class/menubase.class.php +++ b/htdocs/core/class/menubase.class.php @@ -410,7 +410,7 @@ class Menubase $sql .= " t.usertype as user,"; $sql .= " t.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."menu as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php index daca243cb6f..99294837ff6 100644 --- a/htdocs/cron/class/cronjob.class.php +++ b/htdocs/cron/class/cronjob.class.php @@ -435,7 +435,7 @@ class Cronjob extends CommonObject $sql .= " t.test"; $sql .= " FROM ".MAIN_DB_PREFIX."cronjob as t"; if ($id > 0) { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } else { $sql .= " WHERE t.entity IN(0, ".getEntity('cron').")"; $sql .= " AND t.objectname = '".$this->db->escape($objectname)."'"; @@ -1027,7 +1027,7 @@ class Cronjob extends CommonObject $sql = "SELECT"; $sql .= " f.rowid, f.datec, f.tms, f.fk_user_mod, f.fk_user_author"; $sql .= " FROM ".MAIN_DB_PREFIX."cronjob as f"; - $sql .= " WHERE f.rowid = ".$id; + $sql .= " WHERE f.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/delivery/class/delivery.class.php b/htdocs/delivery/class/delivery.class.php index c91b9780edb..5b14b509de4 100644 --- a/htdocs/delivery/class/delivery.class.php +++ b/htdocs/delivery/class/delivery.class.php @@ -307,7 +307,7 @@ class Delivery extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."delivery as l"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON el.fk_target = l.rowid AND el.targettype = '".$this->db->escape($this->element)."'"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON l.fk_incoterms = i.rowid'; - $sql .= " WHERE l.rowid = ".$id; + $sql .= " WHERE l.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php index fdd5393d64c..f96aa69de46 100644 --- a/htdocs/don/class/don.class.php +++ b/htdocs/don/class/don.class.php @@ -787,7 +787,7 @@ class Don extends CommonObject public function set_cancel($id) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = -1 WHERE rowid = ".$id; + $sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = -1 WHERE rowid = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { @@ -953,7 +953,7 @@ class Don extends CommonObject $sql = 'SELECT d.rowid, d.datec, d.fk_user_author, d.fk_user_valid,'; $sql .= ' d.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'don as d'; - $sql .= ' WHERE d.rowid = '.$id; + $sql .= ' WHERE d.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/don/class/paymentdonation.class.php b/htdocs/don/class/paymentdonation.class.php index 5f03215efac..be796874732 100644 --- a/htdocs/don/class/paymentdonation.class.php +++ b/htdocs/don/class/paymentdonation.class.php @@ -234,7 +234,7 @@ class PaymentDonation extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."payment_donation as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/don/payment/card.php b/htdocs/don/payment/card.php index bc14780c1b2..40cf0298895 100644 --- a/htdocs/don/payment/card.php +++ b/htdocs/don/payment/card.php @@ -150,7 +150,7 @@ $sql = 'SELECT d.rowid as did, d.paid, d.amount as d_amount, pd.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_donation as pd,'.MAIN_DB_PREFIX.'don as d'; $sql .= ' WHERE pd.fk_donation = d.rowid'; $sql .= ' AND d.entity = '.$conf->entity; -$sql .= ' AND pd.rowid = '.$id; +$sql .= ' AND pd.rowid = '.((int) $id); dol_syslog("don/payment/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/emailcollector/class/emailcollector.class.php b/htdocs/emailcollector/class/emailcollector.class.php index ff05dc4f4c4..9bff240c3ac 100644 --- a/htdocs/emailcollector/class/emailcollector.class.php +++ b/htdocs/emailcollector/class/emailcollector.class.php @@ -610,7 +610,7 @@ class EmailCollector extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/emailcollector/class/emailcollectoraction.class.php b/htdocs/emailcollector/class/emailcollectoraction.class.php index 0b8dfbca973..10fe00a816d 100644 --- a/htdocs/emailcollector/class/emailcollectoraction.class.php +++ b/htdocs/emailcollector/class/emailcollectoraction.class.php @@ -477,7 +477,7 @@ class EmailCollectorAction extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/emailcollector/class/emailcollectorfilter.class.php b/htdocs/emailcollector/class/emailcollectorfilter.class.php index 0e6e54529a8..736aeda47f4 100644 --- a/htdocs/emailcollector/class/emailcollectorfilter.class.php +++ b/htdocs/emailcollector/class/emailcollectorfilter.class.php @@ -451,7 +451,7 @@ class EmailCollectorFilter extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index f95302cdba2..0c9458c5001 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -548,7 +548,7 @@ class ExpenseReport extends CommonObject if ($ref) { $sql .= " WHERE d.ref = '".$this->db->escape($ref)."'"; } else { - $sql .= " WHERE d.rowid = ".$id; + $sql .= " WHERE d.rowid = ".((int) $id); } //$sql.= $restrict; @@ -751,7 +751,7 @@ class ExpenseReport extends CommonObject $sql .= " f.fk_user_valid,"; $sql .= " f.fk_user_approve"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as f"; - $sql .= " WHERE f.rowid = ".$id; + $sql .= " WHERE f.rowid = ".((int) $id); $sql .= " AND f.entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -993,7 +993,7 @@ class ExpenseReport extends CommonObject $sql .= " total_ht = ".$total_ht; $sql .= " , total_ttc = ".$total_ttc; $sql .= " , total_tva = ".$total_tva; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) : $this->db->free($result); diff --git a/htdocs/expensereport/class/paymentexpensereport.class.php b/htdocs/expensereport/class/paymentexpensereport.class.php index 56525e7b99c..0fcd5c3a17b 100644 --- a/htdocs/expensereport/class/paymentexpensereport.class.php +++ b/htdocs/expensereport/class/paymentexpensereport.class.php @@ -218,7 +218,7 @@ class PaymentExpenseReport extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."payment_expensereport as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -665,7 +665,7 @@ class PaymentExpenseReport extends CommonObject { $sql = 'SELECT e.rowid, e.datec, e.fk_user_creat, e.fk_user_modif, e.tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_expensereport as e'; - $sql .= ' WHERE e.rowid = '.$id; + $sql .= ' WHERE e.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/expensereport/payment/card.php b/htdocs/expensereport/payment/card.php index 608309ceee0..7b86f295b5b 100644 --- a/htdocs/expensereport/payment/card.php +++ b/htdocs/expensereport/payment/card.php @@ -162,7 +162,7 @@ $sql = 'SELECT er.rowid as eid, er.paid, er.total_ttc, per.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'payment_expensereport as per,'.MAIN_DB_PREFIX.'expensereport as er'; $sql .= ' WHERE per.fk_expensereport = er.rowid'; $sql .= ' AND er.entity IN ('.getEntity('expensereport').')'; -$sql .= ' AND per.rowid = '.$id; +$sql .= ' AND per.rowid = '.((int) $id); dol_syslog("expensereport/payment/card.php", LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index cea1b1ca48c..dc1e40dd068 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -896,7 +896,7 @@ class Fichinter extends CommonObject $sql .= " f.fk_user_modif as fk_user_modification,"; $sql .= " f.fk_user_valid"; $sql .= " FROM ".MAIN_DB_PREFIX."fichinter as f"; - $sql .= " WHERE f.rowid = ".$id; + $sql .= " WHERE f.rowid = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index b2e06e77824..5876550d15d 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -2879,7 +2879,7 @@ class CommandeFournisseur extends CommonOrder $sql = 'SELECT c.rowid, date_creation as datec, tms as datem, date_valid as date_validation, date_approve as datea, date_approve2 as datea2,'; $sql .= ' fk_user_author, fk_user_modif, fk_user_valid, fk_user_approve, fk_user_approve2'; $sql .= ' FROM '.MAIN_DB_PREFIX.'commande_fournisseur as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php index c79a53297f2..379fef0fe81 100644 --- a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php +++ b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php @@ -286,7 +286,7 @@ class CommandeFournisseurDispatch extends CommonObject if ($ref) { $sql .= " WHERE t.ref = '".$ref."'"; } else { - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); } dol_syslog(get_class($this)."::fetch"); diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index f4b85a1b0c8..c90db37882c 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -2140,7 +2140,7 @@ class FactureFournisseur extends CommonInvoice $sql = 'SELECT c.rowid, datec, tms as datem, '; $sql .= ' fk_user_author, fk_user_modif, fk_user_valid'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/fourn/class/paiementfourn.class.php b/htdocs/fourn/class/paiementfourn.class.php index ceb7bb835ef..41c780f70c8 100644 --- a/htdocs/fourn/class/paiementfourn.class.php +++ b/htdocs/fourn/class/paiementfourn.class.php @@ -99,7 +99,7 @@ class PaiementFourn extends Paiement $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON p.fk_bank = b.rowid'; $sql .= ' WHERE p.entity IN ('.getEntity('facture_fourn').')'; if ($id > 0) { - $sql .= ' AND p.rowid = '.$id; + $sql .= ' AND p.rowid = '.((int) $id); } elseif ($ref) { $sql .= ' AND p.rowid = '.$ref; } elseif ($fk_bank) { @@ -394,7 +394,7 @@ class PaiementFourn extends Paiement { $sql = 'SELECT c.rowid, datec, fk_user_author as fk_user_creat, tms'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index b28d2ef4756..d7839305d17 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -380,7 +380,7 @@ class Holiday extends CommonObject $sql .= " cp.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."holiday as cp"; if ($id > 0) { - $sql .= " WHERE cp.rowid = ".$id; + $sql .= " WHERE cp.rowid = ".((int) $id); } else { $sql .= " WHERE cp.ref = '".$this->db->escape($ref)."'"; } @@ -2116,7 +2116,7 @@ class Holiday extends CommonObject $sql .= " f.fk_validator as fk_user_approve,"; $sql .= " f.fk_user_refuse as fk_user_refuse"; $sql .= " FROM ".MAIN_DB_PREFIX."holiday as f"; - $sql .= " WHERE f.rowid = ".$id; + $sql .= " WHERE f.rowid = ".((int) $id); $sql .= " AND f.entity = ".$conf->entity; $resql = $this->db->query($sql); diff --git a/htdocs/hrm/class/establishment.class.php b/htdocs/hrm/class/establishment.class.php index 28a354c757f..bca81f2e45d 100644 --- a/htdocs/hrm/class/establishment.class.php +++ b/htdocs/hrm/class/establishment.class.php @@ -293,7 +293,7 @@ class Establishment extends CommonObject $sql .= ' c.code as country_code, c.label as country'; $sql .= " FROM ".MAIN_DB_PREFIX."establishment as e"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_country as c ON e.fk_country = c.rowid'; - $sql .= " WHERE e.rowid = ".$id; + $sql .= " WHERE e.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); @@ -330,7 +330,7 @@ class Establishment extends CommonObject { $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."establishment WHERE rowid = ".$id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."establishment WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $result = $this->db->query($sql); @@ -397,7 +397,7 @@ class Establishment extends CommonObject { $sql = 'SELECT e.rowid, e.ref, e.datec, e.fk_user_author, e.tms, e.fk_user_mod, e.entity'; $sql .= ' FROM '.MAIN_DB_PREFIX.'establishment as e'; - $sql .= ' WHERE e.rowid = '.$id; + $sql .= ' WHERE e.rowid = '.((int) $id); dol_syslog(get_class($this)."::fetch info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/install/lib/repair.lib.php b/htdocs/install/lib/repair.lib.php index 97ceba0a6fa..6133f3eccc8 100644 --- a/htdocs/install/lib/repair.lib.php +++ b/htdocs/install/lib/repair.lib.php @@ -33,7 +33,7 @@ function checkElementExist($id, $table) global $db; $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$table; - $sql .= ' WHERE rowid = '.$id; + $sql .= ' WHERE rowid = '.((int) $id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php index c82be7848a6..3075cd82387 100644 --- a/htdocs/loan/class/loan.class.php +++ b/htdocs/loan/class/loan.class.php @@ -131,7 +131,7 @@ class Loan extends CommonObject $sql = "SELECT l.rowid, l.label, l.capital, l.datestart, l.dateend, l.nbterm, l.rate, l.note_private, l.note_public, l.insurance_amount,"; $sql .= " l.paid, l.accountancy_account_capital, l.accountancy_account_insurance, l.accountancy_account_interest, l.fk_projet as fk_project"; $sql .= " FROM ".MAIN_DB_PREFIX."loan as l"; - $sql .= " WHERE l.rowid = ".$id; + $sql .= " WHERE l.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -681,7 +681,7 @@ class Loan extends CommonObject { $sql = 'SELECT l.rowid, l.datec, l.fk_user_author, l.fk_user_modif,'; $sql .= ' l.tms'; - $sql .= ' WHERE l.rowid = '.$id; + $sql .= ' WHERE l.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/loan/class/loanschedule.class.php b/htdocs/loan/class/loanschedule.class.php index 4f6f1423aa7..dd11b39a2e6 100644 --- a/htdocs/loan/class/loanschedule.class.php +++ b/htdocs/loan/class/loanschedule.class.php @@ -236,7 +236,7 @@ class LoanSchedule extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/loan/class/paymentloan.class.php b/htdocs/loan/class/paymentloan.class.php index 1ca8e1c0a4d..f1bc3008577 100644 --- a/htdocs/loan/class/paymentloan.class.php +++ b/htdocs/loan/class/paymentloan.class.php @@ -239,7 +239,7 @@ class PaymentLoan extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php index 69d69ba92c0..6a17e500a69 100644 --- a/htdocs/modulebuilder/template/class/myobject.class.php +++ b/htdocs/modulebuilder/template/class/myobject.class.php @@ -894,7 +894,7 @@ class MyObject extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php index 6fd903c0038..97955c246fd 100644 --- a/htdocs/mrp/class/mo.class.php +++ b/htdocs/mrp/class/mo.class.php @@ -1125,7 +1125,7 @@ class Mo extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/multicurrency/class/multicurrency.class.php b/htdocs/multicurrency/class/multicurrency.class.php index 0bf7fc6a252..82342cd6aab 100644 --- a/htdocs/multicurrency/class/multicurrency.class.php +++ b/htdocs/multicurrency/class/multicurrency.class.php @@ -200,7 +200,7 @@ class MultiCurrency extends CommonObject if (!empty($code)) { $sql .= ' WHERE c.code = \''.$this->db->escape($code).'\' AND c.entity = '.$conf->entity; } else { - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); } dol_syslog(__METHOD__, LOG_DEBUG); @@ -833,7 +833,7 @@ class CurrencyRate extends CommonObjectLine $sql = 'SELECT cr.rowid, cr.rate, cr.date_sync, cr.fk_multicurrency, cr.entity'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' AS cr'; - $sql .= ' WHERE cr.rowid = '.$id; + $sql .= ' WHERE cr.rowid = '.((int) $id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 9abd881eb05..786b2a0c36a 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1065,7 +1065,7 @@ class Product extends CommonObject $sql .= ", fk_user_modif = ".($user->id > 0 ? $user->id : 'NULL'); // stock field is not here because it is a denormalized value from product_stock. - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::update", LOG_DEBUG); @@ -2000,7 +2000,7 @@ class Product extends CommonObject $sql .= " default_vat_code=".($newdefaultvatcode ? "'".$this->db->escape($newdefaultvatcode)."'" : "null").","; $sql .= " tva_tx='".price2num($newvat)."',"; $sql .= " recuperableonly='".$this->db->escape($newnpr)."'"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(get_class($this)."::update_price", LOG_DEBUG); $resql = $this->db->query($sql); @@ -5706,7 +5706,7 @@ class Product extends CommonObject $sql = "SELECT p.rowid, p.ref, p.datec as date_creation, p.tms as date_modification,"; $sql .= " p.fk_user_author, p.fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as p"; - $sql .= " WHERE p.rowid = ".$id; + $sql .= " WHERE p.rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/product/class/productbatch.class.php b/htdocs/product/class/productbatch.class.php index ac21ec166dc..2cb6cdfe65a 100644 --- a/htdocs/product/class/productbatch.class.php +++ b/htdocs/product/class/productbatch.class.php @@ -151,7 +151,7 @@ class Productbatch extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."product_batch as t INNER JOIN ".MAIN_DB_PREFIX."product_stock w on t.fk_product_stock = w.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl on pl.fk_product = w.fk_product and pl.batch = t.batch"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 90c958a3e43..aab99a2d154 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -303,7 +303,7 @@ class Productcustomerprice extends CommonObject $sql .= " t.import_key"; $sql .= " FROM ".MAIN_DB_PREFIX."product_customer_price as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php index dd45651b54e..186fdad7e6d 100644 --- a/htdocs/product/class/propalmergepdfproduct.class.php +++ b/htdocs/product/class/propalmergepdfproduct.class.php @@ -181,7 +181,7 @@ class Propalmergepdfproduct extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_expression.class.php b/htdocs/product/dynamic_price/class/price_expression.class.php index ce213222bb9..546c2050990 100644 --- a/htdocs/product/dynamic_price/class/price_expression.class.php +++ b/htdocs/product/dynamic_price/class/price_expression.class.php @@ -149,7 +149,7 @@ class PriceExpression $sql = "SELECT title, expression"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_global_variable.class.php b/htdocs/product/dynamic_price/class/price_global_variable.class.php index 4e67b835b07..29505ff8573 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable.class.php @@ -143,7 +143,7 @@ class PriceGlobalVariable { $sql = "SELECT code, description, value"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php index eb72a8425f7..f43d6bc731d 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php @@ -159,7 +159,7 @@ class PriceGlobalVariableUpdater { $sql = "SELECT type, description, parameters, fk_variable, update_interval, next_update, last_status"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/inventory/class/inventory.class.php b/htdocs/product/inventory/class/inventory.class.php index 601a2f34759..ce585c51a10 100644 --- a/htdocs/product/inventory/class/inventory.class.php +++ b/htdocs/product/inventory/class/inventory.class.php @@ -584,7 +584,7 @@ class Inventory extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 7450b19715f..9d601dc9687 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -299,7 +299,7 @@ class Entrepot extends CommonObject $sql .= ", fk_pays = ".$this->country_id; $sql .= ", phone = '".$this->db->escape($this->phone)."'"; $sql .= ", fax = '".$this->db->escape($this->fax)."'"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); $this->db->begin(); @@ -499,7 +499,7 @@ class Entrepot extends CommonObject { $sql = "SELECT e.rowid, e.datec, e.tms as datem, e.fk_user_author"; $sql .= " FROM ".MAIN_DB_PREFIX."entrepot as e"; - $sql .= " WHERE e.rowid = ".$id; + $sql .= " WHERE e.rowid = ".((int) $id); dol_syslog(get_class($this)."::info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php index 59bc60f342b..3c04618c900 100644 --- a/htdocs/product/stock/class/mouvementstock.class.php +++ b/htdocs/product/stock/class/mouvementstock.class.php @@ -687,7 +687,7 @@ class MouvementStock extends CommonObject //if (null !== $ref) { //$sql .= ' AND t.ref = ' . '\'' . $ref . '\''; //} else { - $sql .= ' AND t.rowid = '.$id; + $sql .= ' AND t.rowid = '.((int) $id); //} $resql = $this->db->query($sql); diff --git a/htdocs/product/stock/class/productlot.class.php b/htdocs/product/stock/class/productlot.class.php index 10294b2c585..2d6e543f80a 100644 --- a/htdocs/product/stock/class/productlot.class.php +++ b/htdocs/product/stock/class/productlot.class.php @@ -277,7 +277,7 @@ class Productlot extends CommonObject if ($product_id > 0 && $batch != '') { $sql .= " WHERE t.batch = '".$this->db->escape($batch)."' AND t.fk_product = ".$product_id; } else { - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); } $resql = $this->db->query($sql); diff --git a/htdocs/product/stock/class/productstockentrepot.class.php b/htdocs/product/stock/class/productstockentrepot.class.php index 98632325ead..ad82d6da526 100644 --- a/htdocs/product/stock/class/productstockentrepot.class.php +++ b/htdocs/product/stock/class/productstockentrepot.class.php @@ -194,7 +194,7 @@ class ProductStockEntrepot extends CommonObject $sql .= " t.import_key"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; if (!empty($id)) { - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); } else { $sql .= ' WHERE t.fk_product = '.$fk_product.' AND t.fk_entrepot = '.$fk_entrepot; } diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index f28eccf3982..6b6eca05026 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -550,7 +550,7 @@ class Project extends CommonObject $sql .= " accept_conference_suggestions, accept_booth_suggestions, price_registration, price_booth"; $sql .= " FROM ".MAIN_DB_PREFIX."projet"; if (!empty($id)) { - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); } else { $sql .= " WHERE entity IN (".getEntity('project').")"; if (!empty($ref)) { @@ -2104,7 +2104,7 @@ class Project extends CommonObject $sql .= ' date_close as datecloture,'; $sql .= ' fk_user_creat as fk_user_author, fk_user_close as fk_use_cloture'; $sql .= ' FROM '.MAIN_DB_PREFIX.'projet as c'; - $sql .= ' WHERE c.rowid = '.$id; + $sql .= ' WHERE c.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 586839f3c69..8506461f09d 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -276,7 +276,7 @@ class Task extends CommonObject if (!empty($ref)) { $sql .= "t.ref = '".$this->db->escape($ref)."'"; } else { - $sql .= "t.rowid = ".$id; + $sql .= "t.rowid = ".((int) $id); } dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -1369,7 +1369,7 @@ class Task extends CommonObject $sql .= " t.thm,"; $sql .= " t.note"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t"; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetchTimeSpent", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/recruitment/class/recruitmentcandidature.class.php b/htdocs/recruitment/class/recruitmentcandidature.class.php index 3d80c9b58f5..99ac555ba8e 100644 --- a/htdocs/recruitment/class/recruitmentcandidature.class.php +++ b/htdocs/recruitment/class/recruitmentcandidature.class.php @@ -834,7 +834,7 @@ class RecruitmentCandidature extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/recruitment/class/recruitmentjobposition.class.php b/htdocs/recruitment/class/recruitmentjobposition.class.php index 3e5a926d67a..d82e2265e7e 100644 --- a/htdocs/recruitment/class/recruitmentjobposition.class.php +++ b/htdocs/recruitment/class/recruitmentjobposition.class.php @@ -928,7 +928,7 @@ class RecruitmentJobPosition extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/salaries/class/paymentsalary.class.php b/htdocs/salaries/class/paymentsalary.class.php index 0feefbfb076..317d87d1252 100644 --- a/htdocs/salaries/class/paymentsalary.class.php +++ b/htdocs/salaries/class/paymentsalary.class.php @@ -238,7 +238,7 @@ class PaymentSalary extends CommonObject $sql .= ' b.fk_account'; $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as t LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as pt ON t.fk_typepayment = pt.id"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON t.fk_bank = b.rowid'; - $sql .= " WHERE t.rowid = ".$id; + $sql .= " WHERE t.rowid = ".((int) $id); // TODO link on entity of tax; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index 6990445efd0..880d684be40 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -218,7 +218,7 @@ class Salary extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."salary as s"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON s.fk_bank = b.rowid"; - $sql .= " WHERE s.rowid = ".$id; + $sql .= " WHERE s.rowid = ".((int) $id); dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); @@ -585,7 +585,7 @@ class Salary extends CommonObject { $sql = 'SELECT ps.rowid, ps.datec, ps.fk_user_author'; $sql .= ' FROM '.MAIN_DB_PREFIX.'salary as ps'; - $sql .= ' WHERE ps.rowid = '.$id; + $sql .= ' WHERE ps.rowid = '.((int) $id); dol_syslog(get_class($this).'::info', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index ab8271d7b70..c611ccab462 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -214,7 +214,7 @@ class CompanyBankAccount extends Account $sql .= " owner_address, default_rib, label, datec, tms as datem, rum, frstrecur, date_rum"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib"; if ($id) { - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); } if ($socid) { $sql .= " WHERE fk_soc = ".$socid; diff --git a/htdocs/societe/class/companypaymentmode.class.php b/htdocs/societe/class/companypaymentmode.class.php index 39b14862f12..db19840fd8e 100644 --- a/htdocs/societe/class/companypaymentmode.class.php +++ b/htdocs/societe/class/companypaymentmode.class.php @@ -544,7 +544,7 @@ class CompanyPaymentMode extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index fa8ed580ac0..5d6f8e44703 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1937,7 +1937,7 @@ class Societe extends CommonObject // Remove third party if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe"; - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); if (!$this->db->query($sql)) { $error++; $this->errors[] = $this->db->lasterror(); @@ -3632,7 +3632,7 @@ class Societe extends CommonObject $sql = "SELECT s.rowid, s.nom as name, s.datec as date_creation, tms as date_modification,"; $sql .= " fk_user_creat, fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sql .= " WHERE s.rowid = ".$id; + $sql .= " WHERE s.rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/societe/class/societeaccount.class.php b/htdocs/societe/class/societeaccount.class.php index 64a914ff549..5be05d99a56 100644 --- a/htdocs/societe/class/societeaccount.class.php +++ b/htdocs/societe/class/societeaccount.class.php @@ -514,7 +514,7 @@ class SocieteAccount extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/takepos/ajax/ajax.php b/htdocs/takepos/ajax/ajax.php index 9be52f21031..136841a8683 100644 --- a/htdocs/takepos/ajax/ajax.php +++ b/htdocs/takepos/ajax/ajax.php @@ -47,7 +47,7 @@ if (!defined('NOBROWSERNOTIF')) { require '../../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; -$category = GETPOST('category', 'alpha'); +$category = GETPOST('category', 'alphanohtml'); // Can be id of category or 'supplements' $action = GETPOST('action', 'aZ09'); $term = GETPOST('term', 'alpha'); $id = GETPOST('id', 'int'); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index bcf42ffe43e..97cf99eac06 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -457,7 +457,7 @@ class User extends CommonObject } elseif ($email) { $sql .= " AND u.email = '".$this->db->escape($email)."'"; } else { - $sql .= " AND u.rowid = ".$id; + $sql .= " AND u.rowid = ".((int) $id); } $sql .= " ORDER BY u.entity ASC"; // Avoid random result when there is 2 login in 2 different entities @@ -2866,7 +2866,7 @@ class User extends CommonObject $sql = "SELECT u.rowid, u.login as ref, u.datec,"; $sql .= " u.tms as date_modification, u.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE u.rowid = ".$id; + $sql .= " WHERE u.rowid = ".((int) $id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/user/class/userbankaccount.class.php b/htdocs/user/class/userbankaccount.class.php index f113fb3ea32..7323fb93ab2 100644 --- a/htdocs/user/class/userbankaccount.class.php +++ b/htdocs/user/class/userbankaccount.class.php @@ -169,7 +169,7 @@ class UserBankAccount extends Account $sql .= " owner_address, label, datec, tms as datem"; $sql .= " FROM ".MAIN_DB_PREFIX."user_rib"; if ($id) { - $sql .= " WHERE rowid = ".$id; + $sql .= " WHERE rowid = ".((int) $id); } if ($ref) { $sql .= " WHERE label = '".$this->db->escape($ref)."'"; diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php index c6c4d81d04e..f59b8bbc5a5 100644 --- a/htdocs/website/class/websitepage.class.php +++ b/htdocs/website/class/websitepage.class.php @@ -284,7 +284,7 @@ class WebsitePage extends CommonObject //$sql .= ' WHERE entity IN ('.getEntity('website').')'; // entity is on website level $sql .= ' WHERE 1 = 1'; if ($id > 0) { - $sql .= ' AND t.rowid = '.$id; + $sql .= ' AND t.rowid = '.((int) $id); } else { if ($id < 0) { $sql .= ' AND t.rowid <> '.abs($id); diff --git a/htdocs/workstation/class/workstation.class.php b/htdocs/workstation/class/workstation.class.php index e96056688e4..3f3197d956a 100755 --- a/htdocs/workstation/class/workstation.class.php +++ b/htdocs/workstation/class/workstation.class.php @@ -872,7 +872,7 @@ class Workstation extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/zapier/class/hook.class.php b/htdocs/zapier/class/hook.class.php index 412a9d602fa..92066e496e2 100644 --- a/htdocs/zapier/class/hook.class.php +++ b/htdocs/zapier/class/hook.class.php @@ -639,7 +639,7 @@ class Hook extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) {