diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php index 99a0dc0dc48..3c95af8afee 100644 --- a/htdocs/accountancy/class/accountingaccount.class.php +++ b/htdocs/accountancy/class/accountingaccount.class.php @@ -374,10 +374,10 @@ class AccountingAccount extends CommonObject global $langs; $sql = "(SELECT fk_code_ventilation FROM ".MAIN_DB_PREFIX."facturedet"; - $sql .= " WHERE fk_code_ventilation=".$this->id.")"; + $sql .= " WHERE fk_code_ventilation=".((int) $this->id).")"; $sql .= "UNION"; $sql .= " (SELECT fk_code_ventilation FROM ".MAIN_DB_PREFIX."facture_fourn_det"; - $sql .= " WHERE fk_code_ventilation=".$this->id.")"; + $sql .= " WHERE fk_code_ventilation=".((int) $this->id).")"; dol_syslog(get_class($this)."::checkUsage sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 2c715aa9fd6..0ea00c9c98c 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -390,7 +390,7 @@ class BookKeeping extends CommonObject $sql .= ", '".$this->db->idate($now)."'"; $sql .= ", '".$this->db->escape($this->code_journal)."'"; $sql .= ", ".(!empty($this->journal_label) ? ("'".$this->db->escape($this->journal_label)."'") : "NULL"); - $sql .= ", ".$this->db->escape($this->piece_num); + $sql .= ", ".((int) $this->piece_num); $sql .= ", ".(!isset($this->entity) ? $conf->entity : $this->entity); $sql .= ")"; @@ -1348,7 +1348,7 @@ class BookKeeping extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element.$mode; $sql .= ' SET '.$field.'='.(is_numeric($value) ? $value : "'".$this->db->escape($value)."'"); - $sql .= " WHERE piece_num = '".$this->db->escape($piece_num)."'"; + $sql .= " WHERE piece_num = ".((int) $piece_num); $resql = $this->db->query($sql); if (!$resql) { @@ -1637,7 +1637,7 @@ class BookKeeping extends CommonObject $sql .= ", date_export"; } $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element.$mode; - $sql .= " WHERE piece_num = ".$piecenum; + $sql .= " WHERE piece_num = ".((int) $piecenum); $sql .= " AND entity IN (".getEntity('accountancy').")"; dol_syslog(__METHOD__, LOG_DEBUG); @@ -1718,7 +1718,7 @@ class BookKeeping extends CommonObject $sql .= ", date_export"; } $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element.$mode; - $sql .= " WHERE piece_num = ".$piecenum; + $sql .= " WHERE piece_num = ".((int) $piecenum); $sql .= " AND entity IN (".getEntity('accountancy').")"; dol_syslog(__METHOD__, LOG_DEBUG); diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index bdda4583d54..d05135e7a67 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -364,10 +364,10 @@ if ($result) { // Note: We have the social contribution id, it can be faster to get accounting code from social contribution id. $sqlmid = 'SELECT cchgsoc.accountancy_code'; $sqlmid .= " FROM ".MAIN_DB_PREFIX."c_chargesociales cchgsoc"; - $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."chargesociales as chgsoc ON chgsoc.fk_type=cchgsoc.id"; - $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."paiementcharge as paycharg ON paycharg.fk_charge=chgsoc.rowid"; + $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."chargesociales as chgsoc ON chgsoc.fk_type = cchgsoc.id"; + $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."paiementcharge as paycharg ON paycharg.fk_charge = chgsoc.rowid"; $sqlmid .= " INNER JOIN ".MAIN_DB_PREFIX."bank_url as bkurl ON bkurl.url_id=paycharg.rowid AND bkurl.type = 'payment_sc'"; - $sqlmid .= " WHERE bkurl.fk_bank=".$obj->rowid; + $sqlmid .= " WHERE bkurl.fk_bank = ".((int) $obj->rowid); dol_syslog("accountancy/journal/bankjournal.php:: sqlmid=".$sqlmid, LOG_DEBUG); $resultmid = $db->query($sqlmid); diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 2d5eae90938..75470b32173 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -774,7 +774,7 @@ class Adherent extends CommonObject // Remove links to user and replace with new one if (!$error) { dol_syslog(get_class($this)."::update update link to user"); - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL WHERE fk_member = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -784,7 +784,7 @@ class Adherent extends CommonObject } // If there is a user linked to this member if ($this->user_id > 0) { - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".$this->id." WHERE rowid = ".$this->user_id; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id)." WHERE rowid = ".((int) $this->user_id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -926,7 +926,7 @@ class Adherent extends CommonObject // Search for last subscription id and end date $sql = "SELECT rowid, datec as dateop, dateadh as datedeb, datef as datefin"; $sql .= " FROM ".MAIN_DB_PREFIX."subscription"; - $sql .= " WHERE fk_adherent=".$this->id; + $sql .= " WHERE fk_adherent = ".((int) $this->id); $sql .= " ORDER by dateadh DESC"; // Sort by start subscription date dol_syslog(get_class($this)."::update_end_date", LOG_DEBUG); @@ -939,7 +939,7 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " datefin=".($datefin != '' ? "'".$this->db->idate($datefin)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_end_date", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1100,7 +1100,7 @@ class Adherent extends CommonObject } else { $sql .= ", pass = '".$this->db->escape($password_indatabase)."'"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); //dol_syslog("Adherent::Password sql=hidden"); dol_syslog(get_class($this)."::setPassword", LOG_DEBUG); @@ -1223,7 +1223,7 @@ class Adherent extends CommonObject // Add link to third party for current member $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET fk_soc = ".($thirdpartyid > 0 ? $thirdpartyid : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setThirdPartyId", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1465,7 +1465,7 @@ class Adherent extends CommonObject $sql .= " c.dateadh as dateh,"; $sql .= " c.datef as datef"; $sql .= " FROM ".MAIN_DB_PREFIX."subscription as c"; - $sql .= " WHERE c.fk_adherent = ".$this->id; + $sql .= " WHERE c.fk_adherent = ".((int) $this->id); $sql .= " ORDER BY c.dateadh"; dol_syslog(get_class($this)."::fetch_subscriptions", LOG_DEBUG); @@ -1900,8 +1900,8 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " statut = ".self::STATUS_VALIDATED; $sql .= ", datevalid = '".$this->db->idate($now)."'"; - $sql .= ", fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= ", fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate", LOG_DEBUG); $result = $this->db->query($sql); @@ -1952,7 +1952,7 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " statut = ".self::STATUS_RESILIATED; $sql .= ", fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -2002,7 +2002,7 @@ class Adherent extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET"; $sql .= " statut = ".self::STATUS_EXCLUDED; $sql .= ", fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index ad24b9f1c05..1a00a03e932 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -142,7 +142,7 @@ class AdherentType extends CommonObject $sql = "SELECT lang, label, description, email"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id; + $sql .= " WHERE fk_type = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -181,21 +181,21 @@ class AdherentType extends CommonObject if ($key == $current_lang) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id; + $sql .= " WHERE fk_type = ".((int) $this->id); $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); if ($this->db->num_rows($result)) { // if there is already a description line for this language $sql2 = "UPDATE ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql2 .= " SET "; - $sql2 .= " label='".$this->db->escape($this->label)."',"; - $sql2 .= " description='".$this->db->escape($this->description)."'"; - $sql2 .= " WHERE fk_type=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " SET"; + $sql2 .= " label = '".$this->db->escape($this->label)."',"; + $sql2 .= " description = '".$this->db->escape($this->description)."'"; + $sql2 .= " WHERE fk_type = ".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."adherent_type_lang (fk_type, lang, label, description"; $sql2 .= ")"; - $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->label)."',"; + $sql2 .= " VALUES(".((int) $this->id).",'".$this->db->escape($key)."','".$this->db->escape($this->label)."',"; $sql2 .= " '".$this->db->escape($this->description)."'"; $sql2 .= ")"; } @@ -207,7 +207,7 @@ class AdherentType extends CommonObject } elseif (isset($this->multilangs[$key])) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id; + $sql .= " WHERE fk_type = ".((int) $this->id); $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); @@ -215,9 +215,9 @@ class AdherentType extends CommonObject if ($this->db->num_rows($result)) { // if there is already a description line for this language $sql2 = "UPDATE ".MAIN_DB_PREFIX."adherent_type_lang"; $sql2 .= " SET "; - $sql2 .= " label='".$this->db->escape($this->multilangs["$key"]["label"])."',"; - $sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'"; - $sql2 .= " WHERE fk_type=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " label = '".$this->db->escape($this->multilangs["$key"]["label"])."',"; + $sql2 .= " description = '".$this->db->escape($this->multilangs["$key"]["description"])."'"; + $sql2 .= " WHERE fk_type = ".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."adherent_type_lang (fk_type, lang, label, description"; $sql2 .= ")"; @@ -259,7 +259,7 @@ class AdherentType extends CommonObject public function delMultiLangs($langtodelete, $user) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent_type_lang"; - $sql .= " WHERE fk_type=".$this->id." AND lang='".$this->db->escape($langtodelete)."'"; + $sql .= " WHERE fk_type = ".((int) $this->id)." AND lang = '".$this->db->escape($langtodelete)."'"; dol_syslog(get_class($this).'::delMultiLangs', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/adherents/class/subscription.class.php b/htdocs/adherents/class/subscription.class.php index fff9d925cd9..cae5dd07beb 100644 --- a/htdocs/adherents/class/subscription.class.php +++ b/htdocs/adherents/class/subscription.class.php @@ -275,7 +275,7 @@ class Subscription extends CommonObject $sql .= " datef='".$this->db->idate($this->datef)."',"; $sql .= " datec='".$this->db->idate($this->datec)."',"; $sql .= " fk_bank = ".($this->fk_bank ? ((int) $this->fk_bank) : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/admin/paymentbybanktransfer.php b/htdocs/admin/paymentbybanktransfer.php index e130f0479c4..251d5194b27 100644 --- a/htdocs/admin/paymentbybanktransfer.php +++ b/htdocs/admin/paymentbybanktransfer.php @@ -114,7 +114,7 @@ if ($action == "set") { if ($action == "addnotif") { $bon = new BonPrelevement($db); - $bon->AddNotification($db, GETPOST('user', 'int'), $action); + $bon->addNotification($db, GETPOST('user', 'int'), $action); header("Location: ".$_SERVER["PHP_SELF"]); exit; @@ -122,7 +122,7 @@ if ($action == "addnotif") { if ($action == "deletenotif") { $bon = new BonPrelevement($db); - $bon->DeleteNotificationById(GETPOST('notif', 'int')); + $bon->deleteNotificationById(GETPOST('notif', 'int')); header("Location: ".$_SERVER["PHP_SELF"]); exit; diff --git a/htdocs/admin/prelevement.php b/htdocs/admin/prelevement.php index 739709410ce..db48ab19849 100644 --- a/htdocs/admin/prelevement.php +++ b/htdocs/admin/prelevement.php @@ -117,7 +117,7 @@ if ($action == "set") { if ($action == "addnotif") { $bon = new BonPrelevement($db); - $bon->AddNotification($db, GETPOST('user', 'int'), $action); + $bon->addNotification($db, GETPOST('user', 'int'), $action); header("Location: ".$_SERVER["PHP_SELF"]); exit; @@ -125,7 +125,7 @@ if ($action == "addnotif") { if ($action == "deletenotif") { $bon = new BonPrelevement($db); - $bon->DeleteNotificationById(GETPOST('notif', 'int')); + $bon->deleteNotificationById(GETPOST('notif', 'int')); header("Location: ".$_SERVER["PHP_SELF"]); exit; diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 5a506558187..689014ad14e 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -613,7 +613,7 @@ class Categorie extends CommonObject if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."categorie"; $sql .= " SET fk_parent = ".((int) $this->fk_parent); - $sql .= " WHERE fk_parent = ".$this->id; + $sql .= " WHERE fk_parent = ".((int) $this->id); if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -634,7 +634,7 @@ class Categorie extends CommonObject ); foreach ($arraydelete as $key => $value) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$key; - $sql .= " WHERE ".$value." = ".$this->id; + $sql .= " WHERE ".$value." = ".((int) $this->id); if (!$this->db->query($sql)) { $this->errors[] = $this->db->lasterror(); dol_syslog("Error sql=".$sql." ".$this->error, LOG_ERR); @@ -1002,7 +1002,7 @@ class Categorie extends CommonObject { // phpcs:enable $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."categorie"; - $sql .= " WHERE fk_parent = ".$this->id; + $sql .= " WHERE fk_parent = ".((int) $this->id); $sql .= " AND entity IN (".getEntity('category').")"; $res = $this->db->query($sql); @@ -1408,7 +1408,7 @@ class Categorie extends CommonObject $parents = array(); $sql = "SELECT fk_parent FROM ".MAIN_DB_PREFIX."categorie"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index a403a1cdf40..e5bbc5d676f 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -591,10 +591,10 @@ if (empty($reshook) && $action == 'update') { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = 'dolresource'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($object->element)."'"; - $sql .= " WHERE ac.id != ".$object->id; + $sql .= " WHERE ac.id <> ".((int) $object->id); $sql .= " AND er.resource_id IN ("; $sql .= " SELECT resource_id FROM ".MAIN_DB_PREFIX."element_resources"; - $sql .= " WHERE element_id = ".$object->id; + $sql .= " WHERE element_id = ".((int) $object->id); $sql .= " AND element_type = '".$db->escape($object->element)."'"; $sql .= " AND busy = 1"; $sql .= ")"; @@ -770,10 +770,10 @@ if (empty($reshook) && GETPOST('actionmove', 'alpha') == 'mupdate') { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = 'dolresource'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($object->element)."'"; - $sql .= " WHERE ac.id != ".$object->id; + $sql .= " WHERE ac.id <> ".((int) $object->id); $sql .= " AND er.resource_id IN ("; $sql .= " SELECT resource_id FROM ".MAIN_DB_PREFIX."element_resources"; - $sql .= " WHERE element_id = ".$object->id; + $sql .= " WHERE element_id = ".((int) $object->id); $sql .= " AND element_type = '".$db->escape($object->element)."'"; $sql .= " AND busy = 1"; $sql .= ")"; diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index ce8f3f89d92..1e8de65cb43 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -973,7 +973,7 @@ class ActionComm extends CommonObject // remove categorie association if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_actioncomm"; - $sql .= " WHERE fk_actioncomm=".$this->id; + $sql .= " WHERE fk_actioncomm=".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -985,7 +985,7 @@ class ActionComm extends CommonObject // remove actioncomm_resources if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources"; - $sql .= " WHERE fk_actioncomm=".$this->id; + $sql .= " WHERE fk_actioncomm=".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -1017,7 +1017,7 @@ class ActionComm extends CommonObject // remove actioncomm if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm"; - $sql .= " WHERE id=".$this->id; + $sql .= " WHERE id=".((int) $this->id); $res = $this->db->query($sql); if (!$res) { diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index e03d13c29e8..8b97f23737e 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -165,7 +165,7 @@ if (empty($reshook)) { $now = dol_now(); // Positioning date of start sending - $sql = "UPDATE ".MAIN_DB_PREFIX."mailing SET date_envoi='".$db->idate($now)."' WHERE rowid=".$object->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."mailing SET date_envoi='".$db->idate($now)."' WHERE rowid=".((int) $object->id); $resql2 = $db->query($sql); if (!$resql2) { dol_print_error($db); @@ -368,7 +368,7 @@ if (empty($reshook)) { dol_syslog("comm/mailing/card.php: error for #".$i.($mail->error ? ' - '.$mail->error : ''), LOG_WARNING); $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " SET statut=-1, error_text='".$db->escape($mail->error)."', date_envoi='".$db->idate($now)."' WHERE rowid=".$obj->rowid; + $sql .= " SET statut=-1, error_text='".$db->escape($mail->error)."', date_envoi='".$db->idate($now)."' WHERE rowid=".((int) $obj->rowid); $resql2 = $db->query($sql); if (!$resql2) { dol_print_error($db); diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 08ab8b6c8d7..4411b8a326a 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -135,7 +135,7 @@ if (GETPOST('exportcsv', 'int')) { $sql = "SELECT mc.rowid, mc.lastname, mc.firstname, mc.email, mc.other, mc.statut as status, mc.date_envoi, mc.tms,"; $sql .= " mc.source_id, mc.source_type, mc.error_text"; $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc"; - $sql .= " WHERE mc.fk_mailing=".$object->id; + $sql .= " WHERE mc.fk_mailing=".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); $resql = $db->query($sql); @@ -454,7 +454,7 @@ if ($object->fetch($id) >= 0) { $sql = "SELECT mc.rowid, mc.lastname, mc.firstname, mc.email, mc.other, mc.statut, mc.date_envoi, mc.tms,"; $sql .= " mc.source_url, mc.source_id, mc.source_type, mc.error_text"; $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc"; - $sql .= " WHERE mc.fk_mailing=".$object->id; + $sql .= " WHERE mc.fk_mailing=".((int) $object->id); $asearchcriteriahasbeenset = 0; if ($search_lastname) { $sql .= natural_search("mc.lastname", $search_lastname); diff --git a/htdocs/comm/mailing/class/mailing.class.php b/htdocs/comm/mailing/class/mailing.class.php index d281fcb1a3a..2d33d4219d8 100644 --- a/htdocs/comm/mailing/class/mailing.class.php +++ b/htdocs/comm/mailing/class/mailing.class.php @@ -490,7 +490,7 @@ class Mailing extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."mailing "; $sql .= " SET statut = 1, date_valid = '".$this->db->idate($now)."', fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("Mailing::valid", LOG_DEBUG); if ($this->db->query($sql)) { @@ -555,7 +555,7 @@ class Mailing extends CommonObject { // phpcs:enable $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); dol_syslog("Mailing::delete_targets", LOG_DEBUG); $resql = $this->db->query($sql); @@ -582,7 +582,7 @@ class Mailing extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles"; $sql .= " SET statut = 0"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); dol_syslog("Mailing::reset_targets_status", LOG_DEBUG); $resql = $this->db->query($sql); @@ -604,7 +604,7 @@ class Mailing extends CommonObject public function countNbOfTargets($mode) { $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); if ($mode == 'alreadysent') { $sql .= " AND statut <> 0"; } elseif ($mode == 'alreadysentok') { @@ -638,7 +638,7 @@ class Mailing extends CommonObject public function refreshNbOfTargets() { $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$this->id; + $sql .= " WHERE fk_mailing = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/comm/multiprix.php b/htdocs/comm/multiprix.php index 25ef23dd7de..8da9a17ebb2 100644 --- a/htdocs/comm/multiprix.php +++ b/htdocs/comm/multiprix.php @@ -134,7 +134,7 @@ if ($_socid > 0) { */ $sql = "SELECT rc.rowid,rc.price_level, rc.datec as dc, u.rowid as uid, u.login"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_prices as rc, ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE rc.fk_soc =".$objsoc->id; + $sql .= " WHERE rc.fk_soc = ".((int) $objsoc->id); $sql .= " AND u.rowid = rc.fk_user_author"; $sql .= " ORDER BY rc.datec DESC"; diff --git a/htdocs/comm/remise.php b/htdocs/comm/remise.php index bdf9b75998b..a31389340e8 100644 --- a/htdocs/comm/remise.php +++ b/htdocs/comm/remise.php @@ -214,7 +214,7 @@ if ($socid > 0) { $sql = "SELECT rc.rowid, rc.remise_client as remise_percent, rc.note, rc.datec as dc,"; $sql .= " u.login, u.rowid as user_id"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise as rc, ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE rc.fk_soc = ".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.entity IN (".getEntity('discount').")"; $sql .= " AND u.rowid = rc.fk_user_author"; $sql .= " ORDER BY rc.datec DESC"; @@ -266,7 +266,7 @@ if ($socid > 0) { $sql = "SELECT rc.rowid, rc.remise_supplier as remise_percent, rc.note, rc.datec as dc,"; $sql .= " u.login, u.rowid as user_id"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_supplier as rc, ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE rc.fk_soc = ".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.entity IN (".getEntity('discount').")"; $sql .= " AND u.rowid = rc.fk_user_author"; $sql .= " ORDER BY rc.datec DESC"; diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index 8f26d897389..42a5ee42e16 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -267,8 +267,8 @@ if ($socid > 0) { $remise_all = $remise_user = 0; $sql = "SELECT SUM(rc.amount_ht) as amount, rc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND discount_type = 0"; // Exclude supplier discounts $sql .= " AND (fk_facture_line IS NULL AND fk_facture IS NULL)"; $sql .= " GROUP BY rc.fk_user"; @@ -297,8 +297,8 @@ if ($socid > 0) { $remise_all = $remise_user = 0; $sql = "SELECT SUM(rc.amount_ht) as amount, rc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND discount_type = 1"; // Exclude customer discounts $sql .= " AND (fk_invoice_supplier_line IS NULL AND fk_invoice_supplier IS NULL)"; $sql .= " GROUP BY rc.fk_user"; @@ -408,8 +408,8 @@ if ($socid > 0) { $sql .= " fa.ref as ref, fa.type as type"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fa ON rc.fk_facture_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND u.rowid = rc.fk_user"; $sql .= " AND rc.discount_type = 0"; // Eliminate supplier discounts $sql .= " AND (rc.fk_facture_line IS NULL AND rc.fk_facture IS NULL)"; @@ -547,8 +547,8 @@ if ($socid > 0) { $sql .= " fa.ref, fa.type as type"; $sql .= " FROM ".MAIN_DB_PREFIX."user as u, ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fa ON rc.fk_invoice_supplier_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc = ".$object->id; - $sql .= " AND rc.entity = ".$conf->entity; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); + $sql .= " AND rc.entity = ".((int) $conf->entity); $sql .= " AND u.rowid = rc.fk_user"; $sql .= " AND rc.discount_type = 1"; // Eliminate customer discounts $sql .= " AND (rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_line IS NULL)"; @@ -700,7 +700,7 @@ if ($socid > 0) { $sql .= " , ".MAIN_DB_PREFIX."facturedet as fc"; $sql .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fa ON rc.fk_facture_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc =".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.fk_facture_line = fc.rowid"; $sql .= " AND fc.fk_facture = f.rowid"; $sql .= " AND rc.fk_user = u.rowid"; @@ -718,7 +718,7 @@ if ($socid > 0) { $sql2 .= " , ".MAIN_DB_PREFIX."user as u"; $sql2 .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql2 .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fa ON rc.fk_facture_source = fa.rowid"; - $sql2 .= " WHERE rc.fk_soc =".$object->id; + $sql2 .= " WHERE rc.fk_soc = ".((int) $object->id); $sql2 .= " AND rc.fk_facture = f.rowid"; $sql2 .= " AND rc.fk_user = u.rowid"; $sql2 .= " AND rc.discount_type = 0"; // Eliminate supplier discounts @@ -860,7 +860,7 @@ if ($socid > 0) { $sql .= " , ".MAIN_DB_PREFIX."facture_fourn_det as fc"; $sql .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fa ON rc.fk_invoice_supplier_source = fa.rowid"; - $sql .= " WHERE rc.fk_soc =".$object->id; + $sql .= " WHERE rc.fk_soc = ".((int) $object->id); $sql .= " AND rc.fk_invoice_supplier_line = fc.rowid"; $sql .= " AND fc.fk_facture_fourn = f.rowid"; $sql .= " AND rc.fk_user = u.rowid"; @@ -878,7 +878,7 @@ if ($socid > 0) { $sql2 .= " , ".MAIN_DB_PREFIX."user as u"; $sql2 .= " , ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql2 .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fa ON rc.fk_invoice_supplier_source = fa.rowid"; - $sql2 .= " WHERE rc.fk_soc =".$object->id; + $sql2 .= " WHERE rc.fk_soc = ".((int) $object->id); $sql2 .= " AND rc.fk_invoice_supplier = f.rowid"; $sql2 .= " AND rc.fk_user = u.rowid"; $sql2 .= " AND rc.discount_type = 1"; // Eliminate customer discounts diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index d2a9554abab..804cfa09281 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -907,8 +907,8 @@ class Account extends CommonObject $sql .= ",owner_address = '".$this->db->escape($this->owner_address)."'"; $sql .= ",state_id = ".($this->state_id > 0 ? $this->state_id : "null"); $sql .= ",fk_pays = ".($this->country_id > 0 ? $this->country_id : "null"); - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); dol_syslog(get_class($this)."::update_bban", LOG_DEBUG); @@ -1059,7 +1059,7 @@ class Account extends CommonObject // Delete link between tag and bank account if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_account"; - $sql .= " WHERE fk_account = ".$this->id; + $sql .= " WHERE fk_account = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1151,7 +1151,7 @@ class Account extends CommonObject $sql = "SELECT COUNT(rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_account=".$this->id; + $sql .= " WHERE fk_account = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1188,7 +1188,7 @@ class Account extends CommonObject $sql = "SELECT sum(amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_account = ".$this->id; + $sql .= " WHERE fk_account = ".((int) $this->id); if ($option == 1) { $sql .= " AND dateo <= '".$this->db->idate(dol_now())."'"; } diff --git a/htdocs/compta/bank/class/bankcateg.class.php b/htdocs/compta/bank/class/bankcateg.class.php index ccf5828d40a..ab58cb8287c 100644 --- a/htdocs/compta/bank/class/bankcateg.class.php +++ b/htdocs/compta/bank/class/bankcateg.class.php @@ -213,7 +213,7 @@ class BankCateg // extends CommonObject // Delete link between tag and bank account if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_account"; - $sql .= " WHERE fk_categorie = ".$this->id; + $sql .= " WHERE fk_categorie = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -225,7 +225,7 @@ class BankCateg // extends CommonObject // Delete link between tag and bank lines if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class"; - $sql .= " WHERE fk_categ = ".$this->id; + $sql .= " WHERE fk_categ = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/compta/deplacement/class/deplacement.class.php b/htdocs/compta/deplacement/class/deplacement.class.php index 1972e3f686e..81022e9bc71 100644 --- a/htdocs/compta/deplacement/class/deplacement.class.php +++ b/htdocs/compta/deplacement/class/deplacement.class.php @@ -249,7 +249,7 @@ class Deplacement extends CommonObject $sql .= " , note_private = ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : "null"); $sql .= " , note_public = ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : "null"); $sql .= " , fk_projet = ".($this->fk_project > 0 ? $this->fk_project : 0); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 31de2bbd4ff..374de5cca4d 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -889,7 +889,7 @@ if (empty($reshook)) { $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_facture_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); $resql = $db->query($sql); if (!empty($resql)) { while ($obj = $db->fetch_object($resql)) { @@ -4975,7 +4975,7 @@ if ($action == 'create') { $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_facture_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/compta/facture/class/paymentterm.class.php b/htdocs/compta/facture/class/paymentterm.class.php index 87cd50d27c6..f94ad573a81 100644 --- a/htdocs/compta/facture/class/paymentterm.class.php +++ b/htdocs/compta/facture/class/paymentterm.class.php @@ -311,7 +311,7 @@ class PaymentTerm // extends CommonObject $sql .= " type_cdr=".(isset($this->type_cdr) ? $this->type_cdr : "null").","; $sql .= " nbjour=".(isset($this->nbjour) ? $this->nbjour : "null").","; $sql .= " decalage=".(isset($this->decalage) ? $this->decalage : "null").""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -350,7 +350,7 @@ class PaymentTerm // extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."c_payment_term"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/compta/facture/prelevement.php b/htdocs/compta/facture/prelevement.php index 6fdc74a7539..0d2c3070261 100644 --- a/htdocs/compta/facture/prelevement.php +++ b/htdocs/compta/facture/prelevement.php @@ -577,9 +577,9 @@ if ($object->id > 0) { $sql .= " , pfd.amount"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; @@ -598,9 +598,9 @@ if ($object->id > 0) { $sql = "SELECT SUM(pfd.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; @@ -699,9 +699,9 @@ if ($object->id > 0) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u on pfd.fk_user_demande = u.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."prelevement_bons as pb ON pb.rowid = pfd.fk_prelevement_bons"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; @@ -765,9 +765,9 @@ if ($object->id > 0) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u on pfd.fk_user_demande = u.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."prelevement_bons as pb ON pb.rowid = pfd.fk_prelevement_bons"; if ($type == 'bank-transfer') { - $sql .= " WHERE fk_facture_fourn = ".$object->id; + $sql .= " WHERE fk_facture_fourn = ".((int) $object->id); } else { - $sql .= " WHERE fk_facture = ".$object->id; + $sql .= " WHERE fk_facture = ".((int) $object->id); } $sql .= " AND pfd.traite = 1"; $sql .= " AND pfd.ext_payment_id IS NULL"; diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php index 683b2fd0423..fe967543fdc 100644 --- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php @@ -305,7 +305,7 @@ class RemiseCheque extends CommonObject if ($this->errno === 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; $sql .= " SET fk_bordereau = 0"; - $sql .= " WHERE fk_bordereau = ".$this->id; + $sql .= " WHERE fk_bordereau = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -647,7 +647,7 @@ class RemiseCheque extends CommonObject $nb = 0; $sql = "SELECT amount "; $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_bordereau = ".$this->id; + $sql .= " WHERE fk_bordereau = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 971400afa5e..94264d0f9f6 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -788,7 +788,7 @@ class Paiement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET datep = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { @@ -839,7 +839,7 @@ class Paiement extends CommonObject if (!empty($num) && $this->statut != 1) { $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET num_paiement = '".$this->db->escape($num)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_num", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 10c8f304102..a97facc592c 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -1341,18 +1341,14 @@ class BonPrelevement extends CommonObject } - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** * Delete a notification def by id * * @param int $rowid id of notification * @return int 0 if OK, <0 if KO */ - public function DeleteNotificationById($rowid) + public function deleteNotificationById($rowid) { - // phpcs:enable - $result = 0; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def"; $sql .= " WHERE rowid = ".((int) $rowid); @@ -1363,21 +1359,23 @@ class BonPrelevement extends CommonObject } } - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** * Delete a notification * - * @param int $user notification user - * @param string $action notification action - * @return int >0 if OK, <0 if KO + * @param int|User $user notification user + * @param string $action notification action + * @return int >0 if OK, <0 if KO */ - public function DeleteNotification($user, $action) + public function deleteNotification($user, $action) { - // phpcs:enable - $result = 0; + if (is_object($user)) { + $userid = $user->id; + } else { // If user is an id + $userid = $user; + } $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def"; - $sql .= " WHERE fk_user=".$user." AND fk_action='".$this->db->escape($action)."'"; + $sql .= " WHERE fk_user=".((int) $userid)." AND fk_action='".$this->db->escape($action)."'"; if ($this->db->query($sql)) { return 0; @@ -1390,28 +1388,34 @@ class BonPrelevement extends CommonObject /** * Add a notification * - * @param DoliDB $db database handler - * @param int $user notification user - * @param string $action notification action - * @return int 0 if OK, <0 if KO + * @param DoliDB $db database handler + * @param int|User $user notification user + * @param string $action notification action + * @return int 0 if OK, <0 if KO */ - public function AddNotification($db, $user, $action) + public function addNotification($db, $user, $action) { // phpcs:enable $result = 0; - if ($this->DeleteNotification($user, $action) == 0) { + if (is_object($user)) { + $userid = $user->id; + } else { // If user is an id + $userid = $user; + } + + if ($this->deleteNotification($user, $action) == 0) { $now = dol_now(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec,fk_user, fk_soc, fk_contact, fk_action)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$user.", 'NULL', 'NULL', '".$this->db->escape($action)."')"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".$userid.", 'NULL', 'NULL', '".$this->db->escape($action)."')"; dol_syslog("adnotiff: ".$sql); if ($this->db->query($sql)) { $result = 0; } else { $result = -1; - dol_syslog(get_class($this)."::AddNotification Error $result"); + dol_syslog(get_class($this)."::addNotification Error $result"); } } diff --git a/htdocs/compta/sociales/class/chargesociales.class.php b/htdocs/compta/sociales/class/chargesociales.class.php index 14b2cf67590..2b80e1bb4f4 100644 --- a/htdocs/compta/sociales/class/chargesociales.class.php +++ b/htdocs/compta/sociales/class/chargesociales.class.php @@ -445,7 +445,7 @@ class ChargeSociales extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."chargesociales SET"; $sql .= " paye = 1"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; @@ -480,7 +480,7 @@ class ChargeSociales extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."chargesociales SET"; $sql .= " paye = 0"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; diff --git a/htdocs/compta/tva/class/tva.class.php b/htdocs/compta/tva/class/tva.class.php index 45d3d2e74b4..c412072ec89 100644 --- a/htdocs/compta/tva/class/tva.class.php +++ b/htdocs/compta/tva/class/tva.class.php @@ -247,7 +247,7 @@ class Tva extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."tva SET"; $sql .= " paye = 1"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { return 1; @@ -267,7 +267,7 @@ class Tva extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."tva SET"; $sql .= " paye = 0"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { return 1; diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index f364e82dd68..9b2364f7233 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -3202,7 +3202,7 @@ class ContratLigne extends CommonObjectLine $sql .= ",total_localtax1=".price2num($this->total_localtax1, 'MT').""; $sql .= ",total_localtax2=".price2num($this->total_localtax2, 'MT').""; $sql .= ",total_ttc=".price2num($this->total_ttc, 'MT').""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_total", LOG_DEBUG); diff --git a/htdocs/core/class/commonincoterm.class.php b/htdocs/core/class/commonincoterm.class.php index 25745bb4c5c..11af43c2914 100644 --- a/htdocs/core/class/commonincoterm.class.php +++ b/htdocs/core/class/commonincoterm.class.php @@ -109,7 +109,7 @@ trait CommonIncoterm $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET fk_incoterms = ".($id_incoterm > 0 ? $id_incoterm : "null"); $sql .= ", location_incoterms = ".($id_incoterm > 0 ? "'".$this->db->escape($location)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::setIncoterms', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index a7049ea5a76..89d7cb1c7d0 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -2782,7 +2782,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET model_pdf = '".$this->db->escape($newmodelpdf)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setDocModel", LOG_DEBUG); $resql = $this->db->query($sql); @@ -4500,7 +4500,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET extraparams = ".(!empty($extraparams) ? "'".$this->db->escape($extraparams)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setExtraParameters", LOG_DEBUG); $resql = $this->db->query($sql); @@ -9223,7 +9223,7 @@ abstract class CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET ".$statusfield." = ".((int) $status); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$error) { diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index eaf4bc511c8..07c6a509815 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -434,7 +434,7 @@ class DiscountAbsolute $sql .= " SET fk_facture = ".((int) $rowidinvoice); } } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::link_to_invoice", LOG_DEBUG); $resql = $this->db->query($sql); @@ -470,7 +470,7 @@ class DiscountAbsolute } else { $sql .= " SET fk_facture_line = NULL, fk_facture = NULL"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::unlink_invoice", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/core/class/link.class.php b/htdocs/core/class/link.class.php index be81c1e2737..5e008a1e1ac 100644 --- a/htdocs/core/class/link.class.php +++ b/htdocs/core/class/link.class.php @@ -182,7 +182,7 @@ class Link extends CommonObject $sql .= ", label = '".$this->db->escape($this->label)."'"; $sql .= ", objecttype = '".$this->db->escape($this->objecttype)."'"; $sql .= ", objectid = ".$this->objectid; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update sql = ".$sql); $resql = $this->db->query($sql); @@ -365,7 +365,7 @@ class Link extends CommonObject // Remove link $sql = "DELETE FROM ".MAIN_DB_PREFIX."links"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if (!$this->db->query($sql)) { diff --git a/htdocs/delivery/class/delivery.class.php b/htdocs/delivery/class/delivery.class.php index 019187fca28..de991d50f4e 100644 --- a/htdocs/delivery/class/delivery.class.php +++ b/htdocs/delivery/class/delivery.class.php @@ -189,7 +189,7 @@ class Delivery extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."delivery "; $sql .= "SET ref = '".$this->db->escape($numref)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("Delivery::create", LOG_DEBUG); $resql = $this->db->query($sql); @@ -427,7 +427,7 @@ class Delivery extends CommonObject $sql .= ", fk_statut = 1"; $sql .= ", date_valid = '".$this->db->idate($now)."'"; $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = 0"; $resql = $this->db->query($sql); @@ -651,7 +651,7 @@ class Delivery extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."delivery"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->db->commit(); @@ -1001,7 +1001,7 @@ class Delivery extends CommonObject if ($user->rights->expedition->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."delivery"; $sql .= " SET date_delivery = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setDeliveryDate", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/ecm/class/ecmdirectory.class.php b/htdocs/ecm/class/ecmdirectory.class.php index c2961794bbc..3c7af135922 100644 --- a/htdocs/ecm/class/ecmdirectory.class.php +++ b/htdocs/ecm/class/ecmdirectory.class.php @@ -305,7 +305,7 @@ class EcmDirectory extends CommonObject } else { $sql .= " cachenbofdoc = cachenbofdoc ".$value." 1"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::changeNbOfFiles", LOG_DEBUG); $resql = $this->db->query($sql); @@ -764,7 +764,7 @@ class EcmDirectory extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."ecm_directories SET"; $sql .= " cachenbofdoc = '".count($filelist)."'"; if (empty($all)) { // By default - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); } else { $sql .= " WHERE entity = ".$conf->entity; } diff --git a/htdocs/eventorganization/class/conferenceorboothattendee.class.php b/htdocs/eventorganization/class/conferenceorboothattendee.class.php index b6c80feadd4..cdc350480c5 100644 --- a/htdocs/eventorganization/class/conferenceorboothattendee.class.php +++ b/htdocs/eventorganization/class/conferenceorboothattendee.class.php @@ -558,7 +558,7 @@ class ConferenceOrBoothAttendee extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index 85245b38e89..a60f3c88c6a 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -363,7 +363,7 @@ class Expedition extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."expedition"; $sql .= " SET ref = '(PROV".$this->id.")'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::create", LOG_DEBUG); if ($this->db->query($sql)) { @@ -711,7 +711,7 @@ class Expedition extends CommonObject $sql .= ", fk_statut = 1"; $sql .= ", date_valid = '".$this->db->idate($now)."'"; $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::valid update expedition", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1297,7 +1297,7 @@ class Expedition extends CommonObject // No delete expedition if (!$error) { $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."expedition"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!empty($this->origin) && $this->origin_id > 0) { @@ -1489,7 +1489,7 @@ class Expedition extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."expedition"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!empty($this->origin) && $this->origin_id > 0) { @@ -1973,7 +1973,7 @@ class Expedition extends CommonObject if ($user->rights->expedition->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."expedition"; $sql .= " SET date_delivery = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setDeliveryDate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2814,7 +2814,7 @@ class ExpeditionLigne extends CommonObjectLine } $sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if (!$error && $this->db->query($sql)) { // Remove extrafields diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index b3601c00deb..a83ef94e520 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -495,7 +495,7 @@ class ExpenseReport extends CommonObject $sql .= " , note_public = ".(!empty($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "''"); $sql .= " , note_private = ".(!empty($this->note_private) ? "'".$this->db->escape($this->note_private)."'" : "''"); $sql .= " , detail_refuse = ".(!empty($this->detail_refuse) ? "'".$this->db->escape($this->detail_refuse)."'" : "''"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); $result = $this->db->query($sql); @@ -1252,7 +1252,7 @@ class ExpenseReport extends CommonObject $sql .= " fk_statut = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($this->date_valid)."',"; $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1746,7 +1746,7 @@ class ExpenseReport extends CommonObject $sql .= " total_ht = ".$this->total_ht; $sql .= " , total_ttc = ".$this->total_ttc; $sql .= " , total_tva = ".$this->total_tva; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) : @@ -1776,7 +1776,7 @@ class ExpenseReport extends CommonObject $sql .= " total_ht = ".$this->total_ht; $sql .= " , total_ttc = ".$this->total_ttc; $sql .= " , total_tva = ".$this->total_tva; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) : diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index 371853dc70c..6da1a30b618 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -1004,7 +1004,7 @@ class Fichinter extends CommonObject if (!$error) { // Delete object $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinter"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("Fichinter::delete", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1066,7 +1066,7 @@ class Fichinter extends CommonObject if ($user->rights->ficheinter->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter "; $sql .= " SET datei = '".$this->db->idate($date_delivery)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = 0"; if ($this->db->query($sql)) { @@ -1097,7 +1097,7 @@ class Fichinter extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter "; $sql .= " SET description = '".$this->db->escape($description)."',"; $sql .= " fk_user_modif = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->description = $description; @@ -1127,7 +1127,7 @@ class Fichinter extends CommonObject if ($user->rights->ficheinter->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter "; $sql .= " SET fk_contrat = ".((int) $contractid); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->fk_contrat = $contractid; diff --git a/htdocs/fichinter/class/fichinterrec.class.php b/htdocs/fichinter/class/fichinterrec.class.php index 4fe35c32a2c..9aec232cf0a 100644 --- a/htdocs/fichinter/class/fichinterrec.class.php +++ b/htdocs/fichinter/class/fichinterrec.class.php @@ -599,7 +599,7 @@ class FichinterRec extends Fichinter $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter_rec "; $sql .= " SET frequency='".$this->db->escape($freq)."'"; $sql .= ", date_last_gen='".$this->db->escape($courant)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index abb5b01fb2c..f7c7ee26e1c 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -1579,7 +1579,7 @@ class FactureFournisseur extends CommonInvoice $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn"; $sql .= " SET ref='".$this->db->escape($num)."', fk_statut = 1, fk_user_valid = ".((int) $user->id).", date_valid = '".$this->db->idate($now)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1706,7 +1706,7 @@ class FactureFournisseur extends CommonInvoice $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/hrm/class/establishment.class.php b/htdocs/hrm/class/establishment.class.php index 2cac4a1352b..cbbe1670a09 100644 --- a/htdocs/hrm/class/establishment.class.php +++ b/htdocs/hrm/class/establishment.class.php @@ -231,7 +231,7 @@ class Establishment extends CommonObject $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX.'establishment'); $sql = 'UPDATE '.MAIN_DB_PREFIX."establishment SET ref = '".$this->db->escape($this->id)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->query($sql); $this->db->commit(); diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php index 91f384703a9..2e51b3871a9 100644 --- a/htdocs/loan/class/loan.class.php +++ b/htdocs/loan/class/loan.class.php @@ -404,7 +404,7 @@ class Loan extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."loan SET"; $sql .= " paid = ".$this::STATUS_PAID; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; @@ -440,7 +440,7 @@ class Loan extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."loan SET"; $sql .= " paid = ".$this::STATUS_STARTED; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; @@ -475,7 +475,7 @@ class Loan extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."loan SET"; $sql .= " paid = ".$this::STATUS_UNPAID; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) { return 1; diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php index df5dcba60ad..b00aa6e8b91 100644 --- a/htdocs/mrp/class/mo.class.php +++ b/htdocs/mrp/class/mo.class.php @@ -838,7 +838,7 @@ class Mo extends CommonObject $sql .= " status = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($now)."',"; $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php index feef3c7e81f..6de34719f77 100644 --- a/htdocs/partnership/class/partnership.class.php +++ b/htdocs/partnership/class/partnership.class.php @@ -627,7 +627,7 @@ class Partnership extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); @@ -751,7 +751,7 @@ class Partnership extends CommonObject // if (!empty($this->fields['fk_user_valid'])) { // $sql .= ", fk_user_valid = ".$user->id; // } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::accept()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index e7d568f87d4..fc8f5cc4720 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1603,7 +1603,7 @@ class Product extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET "; $sql .= "$field = '".$this->db->escape($value)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_expression.class.php b/htdocs/product/dynamic_price/class/price_expression.class.php index db0c427c334..2a7f35a436b 100644 --- a/htdocs/product/dynamic_price/class/price_expression.class.php +++ b/htdocs/product/dynamic_price/class/price_expression.class.php @@ -257,7 +257,7 @@ class PriceExpression $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; $sql .= " title = ".(isset($this->title) ? "'".$this->db->escape($this->title)."'" : "''").","; $sql .= " expression = ".(isset($this->expression) ? "'".$this->db->escape($this->expression)."'" : "''").""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/product/dynamic_price/class/price_global_variable.class.php b/htdocs/product/dynamic_price/class/price_global_variable.class.php index 87cb8dea2c5..217ab25463a 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable.class.php @@ -183,7 +183,7 @@ class PriceGlobalVariable $sql .= " code = ".(isset($this->code) ? "'".$this->db->escape($this->code)."'" : "''").","; $sql .= " description = ".(isset($this->description) ? "'".$this->db->escape($this->description)."'" : "''").","; $sql .= " value = ".((float) $this->value); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php index 331a65971b6..e24ff2c6769 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php @@ -207,7 +207,7 @@ class PriceGlobalVariableUpdater $sql .= " update_interval = ".((int) $this->update_interval).","; $sql .= " next_update = ".((int) $this->next_update).","; $sql .= " last_status = ".(isset($this->last_status) ? "'".$this->db->escape($this->last_status)."'" : "''"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -570,7 +570,7 @@ class PriceGlobalVariableUpdater // Update request $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; $sql .= " next_update = ".$this->next_update; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -614,7 +614,7 @@ class PriceGlobalVariableUpdater // Update request $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; $sql .= " last_status = ".(isset($this->last_status) ? "'".$this->db->escape($this->last_status)."'" : "''"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 92df16fa867..55ee6abf8fa 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -389,7 +389,7 @@ class Entrepot extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."entrepot"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql1 = $this->db->query($sql); if (!$resql1) { $error++; diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 905fbcb9216..16501940949 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -1080,7 +1080,7 @@ class Project extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."projet"; $sql .= " SET fk_statut = ".self::STATUS_CLOSED.", fk_user_close = ".((int) $user->id).", date_close = '".$this->db->idate($now)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = ".self::STATUS_VALIDATED; if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) { diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 2917b2ce811..70a38a6818b 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -1661,7 +1661,7 @@ class Task extends CommonObject if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task"; $sql .= " SET duration_effective = duration_effective - ".$this->db->escape($this->timespent_duration ? $this->timespent_duration : 0); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delTimeSpent", LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/reception/class/reception.class.php b/htdocs/reception/class/reception.class.php index e1e2c857bc0..948822c1983 100644 --- a/htdocs/reception/class/reception.class.php +++ b/htdocs/reception/class/reception.class.php @@ -288,7 +288,7 @@ class Reception extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."reception"; $sql .= " SET ref = '(PROV".$this->id.")'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::create", LOG_DEBUG); if ($this->db->query($sql)) { @@ -543,7 +543,7 @@ class Reception extends CommonObject $sql .= ", fk_statut = 1"; $sql .= ", date_valid = '".$this->db->idate($now)."'"; $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::valid update reception", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -954,7 +954,7 @@ class Reception extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."reception"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { // Call trigger @@ -1260,7 +1260,7 @@ class Reception extends CommonObject if ($user->rights->reception->creer) { $sql = "UPDATE ".MAIN_DB_PREFIX."reception"; $sql .= " SET date_delivery = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setDeliveryDate", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1755,7 +1755,7 @@ class Reception extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."reception"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/recruitment/class/recruitmentcandidature.class.php b/htdocs/recruitment/class/recruitmentcandidature.class.php index 0069ce2d30f..3c5cf401a92 100644 --- a/htdocs/recruitment/class/recruitmentcandidature.class.php +++ b/htdocs/recruitment/class/recruitmentcandidature.class.php @@ -519,7 +519,7 @@ class RecruitmentCandidature extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/recruitment/class/recruitmentjobposition.class.php b/htdocs/recruitment/class/recruitmentjobposition.class.php index 892ba4121e9..7e44aad7b64 100644 --- a/htdocs/recruitment/class/recruitmentjobposition.class.php +++ b/htdocs/recruitment/class/recruitmentjobposition.class.php @@ -528,7 +528,7 @@ class RecruitmentJobPosition extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); @@ -672,7 +672,7 @@ class RecruitmentJobPosition extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; $sql .= " SET status = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."'"; //$sql .= ", date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index cc50c57ec84..ab1e06f3b34 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -639,7 +639,7 @@ class Salary extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."salary SET"; $sql .= " paye = 1"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) return 1; else return -1; @@ -657,7 +657,7 @@ class Salary extends CommonObject // phpcs:enable $sql = "UPDATE ".MAIN_DB_PREFIX."salary SET"; $sql .= " paye = 0"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $return = $this->db->query($sql); if ($return) return 1; else return -1; diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index 9b767cde34c..f4e871fce83 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -171,7 +171,7 @@ class CompanyBankAccount extends Account } else { $sql .= ",label = NULL"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index fa19b23e6cd..0dd3e31da01 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -2058,7 +2058,7 @@ class Societe extends CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; $sql .= " SET client = ".((int) $newclient); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2102,7 +2102,7 @@ class Societe extends CommonObject // Position current discount $sql = "UPDATE ".MAIN_DB_PREFIX."societe "; $sql .= " SET remise_client = '".$this->db->escape($remise)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->db->rollback(); @@ -2161,7 +2161,7 @@ class Societe extends CommonObject // Position current discount $sql = "UPDATE ".MAIN_DB_PREFIX."societe "; $sql .= " SET remise_supplier = '".$this->db->escape($remise)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->db->rollback(); @@ -4685,7 +4685,7 @@ class Societe extends CommonObject if ($this->id) { $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; $sql .= " SET fk_typent = ".($typent_id > 0 ? $typent_id : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::setThirdpartyType', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 3961fefedf2..1ffec54ed22 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -1402,7 +1402,7 @@ class Ticket extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."ticket"; $sql .= " SET fk_statut = ".Ticket::STATUS_READ.", date_read='".$this->db->idate(dol_now())."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::markAsRead"); $resql = $this->db->query($sql); @@ -1460,7 +1460,7 @@ class Ticket extends CommonObject } else { $sql .= " SET fk_user_assign=null, fk_statut = ".Ticket::STATUS_READ; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::assignUser sql=".$sql); $resql = $this->db->query($sql); @@ -1944,7 +1944,7 @@ class Ticket extends CommonObject if ($this->id) { $sql = "UPDATE ".MAIN_DB_PREFIX."ticket"; $sql .= " SET fk_soc = ".($id > 0 ? $id : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::setCustomer sql='.$sql); $resql = $this->db->query($sql); if ($resql) { @@ -1968,7 +1968,7 @@ class Ticket extends CommonObject if ($this->id) { $sql = "UPDATE ".MAIN_DB_PREFIX."ticket"; $sql .= " SET progress = ".($percent > 0 ? $percent : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this).'::set_progression sql='.$sql); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/user/class/userbankaccount.class.php b/htdocs/user/class/userbankaccount.class.php index 7323fb93ab2..d9392ade9d7 100644 --- a/htdocs/user/class/userbankaccount.class.php +++ b/htdocs/user/class/userbankaccount.class.php @@ -140,7 +140,7 @@ class UserBankAccount extends Account } else { $sql .= ",label = NULL"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/workstation/class/workstation.class.php b/htdocs/workstation/class/workstation.class.php index 5cb6baf3565..03d1e6e3dd4 100755 --- a/htdocs/workstation/class/workstation.class.php +++ b/htdocs/workstation/class/workstation.class.php @@ -599,7 +599,7 @@ class Workstation extends CommonObject if (!empty($this->fields['fk_user_valid'])) { $sql .= ", fk_user_valid = ".$user->id; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 2d9bfeac49d..5ba74969107 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -286,9 +286,9 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $ok=true; $matches=array(); - // Check sql string AND ... yyy = ".$xxx + // Check sql string DELETE|OR|AND|WHERE|INSERT ... yyy = ".$xxx // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string or an (int) if int when forging sql request. - preg_match_all('/(DELETE|OR|AND)\s.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('/(DELETE|OR|AND|WHERE|INSERT)\s.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($val[2] == 'ity' && $val[3] == 'con') { continue; @@ -314,7 +314,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['relativename'].' - Bad.'); // Check string sql|set...'".$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. - preg_match_all('/(sql|SET).+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('/(sql|SET|WHERE).+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if (! in_array($val[2], array('this->db-', 'this->esc', 'db->escap', 'dbsession', 'db->idate', 'excludeGr', 'includeGr'))) { $ok=false;