Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix escaping class

Browse Source
This commit is contained in:
Laurent Destailleur
2017-05-12 15:28:10 +02:00
parent ef5fd503cd
commit 419c15ee8e
12 changed files with 61 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/commande/class/commande.class.php
View File

@@ -3633,7 +3633,7 @@ class OrderLine extends CommonOrderLine
$this->db->begin();
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."commandedet WHERE rowid='".$this->rowid."';";
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."commandedet WHERE rowid=".$this->rowid;
dol_syslog("OrderLine::delete", LOG_DEBUG);
$resql=$this->db->query($sql);
@@ -3874,8 +3874,8 @@ class OrderLine extends CommonOrderLine
$sql.= " , tva_tx=".price2num($this->tva_tx);
$sql.= " , localtax1_tx=".price2num($this->localtax1_tx);
$sql.= " , localtax2_tx=".price2num($this->localtax2_tx);
$sql.= " , localtax1_type='".$this->localtax1_type."'";
$sql.= " , localtax2_type='".$this->localtax2_type."'";
$sql.= " , localtax1_type='".$this->db->escape($this->localtax1_type)."'";
$sql.= " , localtax2_type='".$this->db->escape($this->localtax2_type)."'";
$sql.= " , qty=".price2num($this->qty);
$sql.= " , subprice=".price2num($this->subprice)."";
$sql.= " , remise_percent=".price2num($this->remise_percent)."";