From 46d993c9a6d8355d13fe1add39bace8b2640507b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 27 Aug 2021 22:42:04 +0200 Subject: [PATCH] Clean code --- htdocs/accountancy/admin/card.php | 4 +- htdocs/accountancy/admin/productaccount.php | 4 +- htdocs/accountancy/bookkeeping/list.php | 20 +++---- .../class/accountancycategory.class.php | 4 +- .../class/accountancysystem.class.php | 6 +- .../class/accountingaccount.class.php | 14 ++--- .../class/accountingjournal.class.php | 8 +-- .../accountancy/class/bookkeeping.class.php | 27 +++++---- htdocs/accountancy/class/lettering.class.php | 2 +- htdocs/accountancy/closure/index.php | 6 +- htdocs/accountancy/customer/card.php | 2 +- htdocs/accountancy/customer/index.php | 18 +++--- htdocs/accountancy/customer/list.php | 2 +- htdocs/accountancy/expensereport/card.php | 2 +- htdocs/accountancy/expensereport/index.php | 16 ++--- htdocs/accountancy/expensereport/list.php | 2 +- htdocs/accountancy/supplier/card.php | 2 +- htdocs/accountancy/supplier/index.php | 6 +- htdocs/accountancy/supplier/list.php | 2 +- htdocs/adherents/cartes/carte.php | 2 +- htdocs/adherents/class/adherent.class.php | 4 +- .../adherents/class/adherent_type.class.php | 2 +- htdocs/adherents/class/api_members.class.php | 2 +- htdocs/adherents/list.php | 2 +- htdocs/admin/emailcollector_list.php | 6 +- htdocs/admin/limits.php | 6 +- htdocs/admin/mails_senderprofile_list.php | 6 +- htdocs/admin/translation.php | 2 +- htdocs/api/class/api.class.php | 26 ++++++-- htdocs/asset/list.php | 6 +- htdocs/bom/bom_list.php | 4 +- htdocs/bom/class/bom.class.php | 18 +++--- htdocs/categories/class/categorie.class.php | 23 ++++--- htdocs/comm/action/class/actioncomm.class.php | 18 +++--- htdocs/comm/action/index.php | 2 +- htdocs/comm/action/list.php | 2 +- .../mailing/class/advtargetemailing.class.php | 52 ++++++++-------- .../html.formadvtargetemailing.class.php | 22 +++---- htdocs/comm/mailing/class/mailing.class.php | 4 +- htdocs/comm/propal/class/propal.class.php | 2 +- htdocs/comm/propal/list.php | 2 +- htdocs/commande/class/commande.class.php | 22 +++---- htdocs/commande/list.php | 2 +- htdocs/compta/bank/bankentries_list.php | 2 +- htdocs/compta/bank/list.php | 2 +- .../compta/cashcontrol/cashcontrol_list.php | 4 +- .../compta/facture/invoicetemplate_list.php | 2 +- htdocs/compta/facture/list.php | 2 +- .../compta/paiement/class/paiement.class.php | 6 +- .../class/bonprelevement.class.php | 6 +- htdocs/compta/stats/byratecountry.php | 4 +- htdocs/contact/list.php | 2 +- htdocs/contrat/class/contrat.class.php | 10 ++-- htdocs/contrat/list.php | 2 +- htdocs/contrat/services_list.php | 2 +- htdocs/core/class/cproductnature.class.php | 2 +- htdocs/core/class/ctyperesource.class.php | 2 +- htdocs/core/class/cunits.class.php | 2 +- htdocs/core/class/defaultvalues.class.php | 2 +- htdocs/core/class/notify.class.php | 6 +- htdocs/core/db/DoliDB.class.php | 4 +- htdocs/core/lib/admin.lib.php | 2 +- htdocs/core/lib/functions2.lib.php | 2 +- htdocs/core/modules/DolibarrModules.class.php | 12 ++-- htdocs/core/modules/modAdherent.class.php | 4 +- htdocs/core/modules/modBom.class.php | 4 +- htdocs/core/modules/modCommande.class.php | 4 +- htdocs/core/modules/modContrat.class.php | 5 +- htdocs/core/modules/modDon.class.php | 4 +- .../core/modules/modEmailCollector.class.php | 60 ++++++++----------- .../modules/modEventOrganization.class.php | 8 +-- htdocs/core/modules/modExpedition.class.php | 8 +-- .../core/modules/modExpenseReport.class.php | 4 +- htdocs/core/modules/modFacture.class.php | 4 +- htdocs/core/modules/modFicheinter.class.php | 4 +- htdocs/core/modules/modFournisseur.class.php | 4 +- htdocs/core/modules/modHoliday.class.php | 4 +- .../modules/modKnowledgeManagement.class.php | 8 +-- htdocs/core/modules/modMrp.class.php | 4 +- htdocs/core/modules/modPartnership.class.php | 8 +-- htdocs/core/modules/modPrelevement.class.php | 4 +- htdocs/core/modules/modProjet.class.php | 12 ++-- htdocs/core/modules/modPropale.class.php | 4 +- htdocs/core/modules/modReception.class.php | 4 +- htdocs/core/modules/modRecruitment.class.php | 8 +-- htdocs/core/modules/modStock.class.php | 9 ++- .../modules/modSupplierProposal.class.php | 4 +- htdocs/core/modules/modTicket.class.php | 4 +- htdocs/core/modules/modWorkstation.class.php | 8 +-- .../movement/doc/pdf_standard.modules.php | 2 +- htdocs/ecm/class/ecmfiles.class.php | 2 +- .../class/conferenceorbooth.class.php | 2 +- .../class/conferenceorboothattendee.class.php | 2 +- .../conferenceorbooth_list.php | 2 +- .../conferenceorboothattendee_list.php | 2 +- htdocs/expedition/list.php | 2 +- .../class/expensereport.class.php | 14 ++--- htdocs/expensereport/list.php | 2 +- htdocs/fichinter/list.php | 2 +- .../class/fournisseur.commande.class.php | 12 ++-- .../fournisseur.commande.dispatch.class.php | 2 +- htdocs/fourn/commande/list.php | 2 +- htdocs/fourn/facture/list.php | 2 +- htdocs/holiday/list.php | 2 +- htdocs/hrm/class/establishment.class.php | 2 +- htdocs/intracommreport/list.php | 2 +- .../class/knowledgerecord.class.php | 8 +-- .../knowledgerecord_list.php | 4 +- .../template/class/myobject.class.php | 12 ++-- .../modulebuilder/template/myobject_list.php | 4 +- htdocs/mrp/class/mo.class.php | 16 ++--- htdocs/mrp/mo_list.php | 4 +- htdocs/mrp/mo_movements.php | 2 +- .../partnership/class/partnership.class.php | 10 ++-- htdocs/partnership/partnership_list.php | 4 +- htdocs/product/class/product.class.php | 2 +- .../class/productcustomerprice.class.php | 4 +- .../class/productfournisseurprice.class.php | 8 +-- htdocs/product/inventory/list.php | 4 +- htdocs/product/list.php | 2 +- .../class/productstockentrepot.class.php | 2 +- htdocs/product/stock/list.php | 6 +- htdocs/product/stock/movement_card.php | 2 +- htdocs/product/stock/movement_list.php | 2 +- htdocs/product/stock/productlot_list.php | 6 +- htdocs/projet/class/task.class.php | 4 +- htdocs/projet/list.php | 2 +- htdocs/projet/tasks/list.php | 2 +- htdocs/public/recruitment/index.php | 2 +- htdocs/public/ticket/list.php | 2 +- htdocs/reception/list.php | 2 +- .../class/recruitmentcandidature.class.php | 10 ++-- .../class/recruitmentjobposition.class.php | 10 ++-- .../recruitmentcandidature_list.php | 6 +- .../recruitmentjobposition_list.php | 4 +- htdocs/resource/class/dolresource.class.php | 2 +- htdocs/societe/class/societe.class.php | 2 +- htdocs/societe/list.php | 2 +- htdocs/societe/website.php | 6 +- htdocs/supplier_proposal/list.php | 2 +- htdocs/ticket/class/cticketcategory.class.php | 10 ++-- htdocs/ticket/class/ticket.class.php | 18 +++--- htdocs/ticket/list.php | 4 +- htdocs/user/class/user.class.php | 10 ++-- htdocs/user/list.php | 2 +- htdocs/user/notify/card.php | 6 +- .../class/ProductAttributeValue.class.php | 3 +- htdocs/website/class/website.class.php | 2 +- htdocs/website/class/websitepage.class.php | 2 +- .../workstation/class/workstation.class.php | 10 ++-- htdocs/workstation/workstation_list.php | 4 +- htdocs/zapier/class/hook.class.php | 8 +-- test/phpunit/CodingPhpTest.php | 41 +++++++++++-- 153 files changed, 515 insertions(+), 477 deletions(-) diff --git a/htdocs/accountancy/admin/card.php b/htdocs/accountancy/admin/card.php index 46d8dc0dc80..86efee3a04a 100644 --- a/htdocs/accountancy/admin/card.php +++ b/htdocs/accountancy/admin/card.php @@ -261,7 +261,7 @@ if ($action == 'create') { // autosuggest from existing account types if found print ''; $sql = 'SELECT DISTINCT pcg_type FROM ' . MAIN_DB_PREFIX . 'accounting_account'; - $sql .= ' WHERE fk_pcg_version = "' . $db->escape($accountsystem->ref) . '"'; + $sql .= " WHERE fk_pcg_version = '" . $db->escape($accountsystem->ref) . "'"; $sql .= ' AND entity in ('.getEntity('accounting_account', 0).')'; // Always limit to current entity. No sharing in accountancy. $sql .= ' LIMIT 50000'; // just as a sanity check $resql = $db->query($sql); @@ -337,7 +337,7 @@ if ($action == 'create') { // autosuggest from existing account types if found print ''; $sql = 'SELECT DISTINCT pcg_type FROM ' . MAIN_DB_PREFIX . 'accounting_account'; - $sql .= ' WHERE fk_pcg_version = "' . $db->escape($accountsystem->ref) . '"'; + $sql .= " WHERE fk_pcg_version = '" . $db->escape($accountsystem->ref) . "'"; $sql .= ' AND entity in ('.getEntity('accounting_account', 0).')'; // Always limit to current entity. No sharing in accountancy. $sql .= ' LIMIT 50000'; // just as a sanity check $resql = $db->query($sql); diff --git a/htdocs/accountancy/admin/productaccount.php b/htdocs/accountancy/admin/productaccount.php index e29653a3e40..9596cd96af8 100644 --- a/htdocs/accountancy/admin/productaccount.php +++ b/htdocs/accountancy/admin/productaccount.php @@ -198,7 +198,7 @@ if ($action == 'update') { $sql .= " WHERE rowid = ".((int) $productid); } - dol_syslog("/accountancy/admin/productaccount.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accountancy/admin/productaccount.php", LOG_DEBUG); if ($db->query($sql)) { $ok++; $db->commit(); @@ -329,7 +329,7 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { $sql .= $db->plimit($limit + 1, $offset); -dol_syslog("/accountancy/admin/productaccount.php:: sql=".$sql, LOG_DEBUG); +dol_syslog("/accountancy/admin/productaccount.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { $num = $db->num_rows($result); diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index bc260c77ed3..73c23e4d63b 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -530,25 +530,25 @@ $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.doc_date') { - $sqlwhere[] = $key.'=\''.$db->idate($value).'\''; + $sqlwhere[] = $key."='".$db->idate($value)."'"; } elseif ($key == 't.doc_date>=' || $key == 't.doc_date<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.numero_compte>=' || $key == 't.numero_compte<=') { - $sqlwhere[] = $key.'\''.$db->escape($value).'\''; + $sqlwhere[] = $key."'".$db->escape($value)."'"; } elseif ($key == 't.fk_doc' || $key == 't.fk_docdet' || $key == 't.piece_num') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key.'='.((int) $value); } elseif ($key == 't.numero_compte') { - $sqlwhere[] = $key.' LIKE \''.$db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '".$db->escape($value)."%'"; } elseif ($key == 't.subledger_account') { $sqlwhere[] = natural_search($key, $value, 0, 1); } elseif ($key == 't.date_creation>=' || $key == 't.date_creation<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.tms>=' || $key == 't.tms<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.date_export>=' || $key == 't.date_export<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.date_validated>=' || $key == 't.date_validated<=') { - $sqlwhere[] = $key.'\''.$db->idate($value).'\''; + $sqlwhere[] = $key."'".$db->idate($value)."'"; } elseif ($key == 't.credit' || $key == 't.debit') { $sqlwhere[] = natural_search($key, $value, 1, 1); } elseif ($key == 't.reconciled_option') { @@ -612,7 +612,7 @@ if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->ex } $sql .= " WHERE rowid = ".((int) $movement->id); - dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported sql=".$sql, LOG_DEBUG); + dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported", LOG_DEBUG); $result = $db->query($sql); if (!$result) { $error++; diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 77d10516daa..bc7226edb22 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -433,7 +433,7 @@ class AccountancyCategory // extends CommonObject $this->lines_display = array(); - dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -632,7 +632,7 @@ class AccountancyCategory // extends CommonObject $sql .= " WHERE aa.rowid = ".((int) $cpt_id); $this->db->begin(); - dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; diff --git a/htdocs/accountancy/class/accountancysystem.class.php b/htdocs/accountancy/class/accountancysystem.class.php index 1b481027ac0..a62dddd6a26 100644 --- a/htdocs/accountancy/class/accountancysystem.class.php +++ b/htdocs/accountancy/class/accountancysystem.class.php @@ -105,7 +105,7 @@ class AccountancySystem $sql .= " a.pcg_version = '".$this->db->escape($ref)."'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); @@ -143,9 +143,9 @@ class AccountancySystem $sql = "INSERT INTO ".MAIN_DB_PREFIX."accounting_system"; $sql .= " (date_creation, fk_user_author, numero, label)"; - $sql .= " VALUES ('".$this->db->idate($now)."',".$user->id.",'".$this->db->escape($this->numero)."','".$this->db->escape($this->label)."')"; + $sql .= " VALUES ('".$this->db->idate($now)."',".((int) $user->id).",'".$this->db->escape($this->numero)."','".$this->db->escape($this->label)."')"; - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $id = $this->db->last_insert_id(MAIN_DB_PREFIX."accounting_system"); diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php index 3c95af8afee..35178e43947 100644 --- a/htdocs/accountancy/class/accountingaccount.class.php +++ b/htdocs/accountancy/class/accountingaccount.class.php @@ -150,7 +150,7 @@ class AccountingAccount extends CommonObject global $conf; $this->db = $db; - $this->next_prev_filter = 'fk_pcg_version IN (SELECT pcg_version FROM '.MAIN_DB_PREFIX.'accounting_system WHERE rowid='.$conf->global->CHARTOFACCOUNTS.')'; // Used to add a filter in Form::showrefnav method + $this->next_prev_filter = "fk_pcg_version IN (SELECT pcg_version FROM ".MAIN_DB_PREFIX."accounting_system WHERE rowid=".((int) $conf->global->CHARTOFACCOUNTS).")"; // Used to add a filter in Form::showrefnav method } /** @@ -185,7 +185,7 @@ class AccountingAccount extends CommonObject $sql .= " AND a.fk_pcg_version = '".$this->db->escape($limittoachartaccount)."'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); @@ -289,7 +289,7 @@ class AccountingAccount extends CommonObject $this->db->begin(); - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -352,7 +352,7 @@ class AccountingAccount extends CommonObject $sql .= " , reconcilable = ".(int) $this->reconcilable; $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $this->db->commit(); @@ -379,7 +379,7 @@ class AccountingAccount extends CommonObject $sql .= " (SELECT fk_code_ventilation FROM ".MAIN_DB_PREFIX."facture_fourn_det"; $sql .= " WHERE fk_code_ventilation=".((int) $this->id).")"; - dol_syslog(get_class($this)."::checkUsage sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::checkUsage", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -604,7 +604,7 @@ class AccountingAccount extends CommonObject $sql .= "SET ".$fieldtouse." = '0'"; $sql .= " WHERE rowid = ".((int) $id); - dol_syslog(get_class($this)."::accountDeactivate ".$fieldtouse." sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::accountDeactivate ".$fieldtouse, LOG_DEBUG); $result = $this->db->query($sql); if ($result) { @@ -642,7 +642,7 @@ class AccountingAccount extends CommonObject $sql .= " SET ".$fieldtouse." = '1'"; $sql .= " WHERE rowid = ".((int) $id); - dol_syslog(get_class($this)."::account_activate ".$fieldtouse." sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::account_activate ".$fieldtouse, LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $this->db->commit(); diff --git a/htdocs/accountancy/class/accountingjournal.class.php b/htdocs/accountancy/class/accountingjournal.class.php index 95a69466658..376178b45ba 100644 --- a/htdocs/accountancy/class/accountingjournal.class.php +++ b/htdocs/accountancy/class/accountingjournal.class.php @@ -113,7 +113,7 @@ class AccountingJournal extends CommonObject $sql .= " AND entity = ".$conf->entity; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); @@ -170,18 +170,18 @@ class AccountingJournal extends CommonObject $sql .= ' WHERE 1 = 1'; $sql .= " AND entity IN (".getEntity('accountancy').")"; if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= " AND ".implode(" ".$filtermode." ", $sqlwhere); } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $this->lines = array(); - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 0ea00c9c98c..acdce0229d0 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -647,7 +647,7 @@ class BookKeeping extends CommonObject $sql .= ' '.(!isset($this->credit) ? 'NULL' : $this->credit).','; $sql .= ' '.(!isset($this->montant) ? 'NULL' : $this->montant).','; $sql .= ' '.(!isset($this->sens) ? 'NULL' : "'".$this->db->escape($this->sens)."'").','; - $sql .= ' '.$user->id.','; + $sql .= ' '.((int) $user->id).','; $sql .= ' '."'".$this->db->idate($now)."',"; $sql .= ' '.(empty($this->code_journal) ? 'NULL' : "'".$this->db->escape($this->code_journal)."'").','; $sql .= ' '.(empty($this->journal_label) ? 'NULL' : "'".$this->db->escape($this->journal_label)."'").','; @@ -883,7 +883,7 @@ class BookKeeping extends CommonObject $sql .= ' WHERE 1 = 1'; $sql .= " AND entity IN (".getEntity('accountancy').")"; if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= " AND ".implode(" ".$filtermode." ", $sqlwhere); } // Affichage par compte comptable if (!empty($option)) { @@ -894,10 +894,10 @@ class BookKeeping extends CommonObject } if (!empty($sortfield)) { - $sql .= ', '.$sortfield.' '.$sortorder; + $sql .= ", ".$sortfield." ".$sortorder; } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $resql = $this->db->query($sql); @@ -1043,13 +1043,13 @@ class BookKeeping extends CommonObject $sql .= " AND t.date_export IS NULL"; } if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= ' AND '.implode(" ".$filtermode." ", $sqlwhere); } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $this->lines = array(); @@ -1161,7 +1161,7 @@ class BookKeeping extends CommonObject } $sql .= ' WHERE entity IN ('.getEntity('accountancy').')'; if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$filtermode.' ', $sqlwhere); + $sql .= " AND ".implode(" ".$filtermode." ", $sqlwhere); } $sql .= ' GROUP BY t.numero_compte'; @@ -1170,7 +1170,7 @@ class BookKeeping extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } $resql = $this->db->query($sql); @@ -1347,8 +1347,9 @@ class BookKeeping extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element.$mode; - $sql .= ' SET '.$field.'='.(is_numeric($value) ? $value : "'".$this->db->escape($value)."'"); + $sql .= " SET ".$field." = ".(is_numeric($value) ? ((float) $value) : "'".$this->db->escape($value)."'"); $sql .= " WHERE piece_num = ".((int) $piece_num); + $resql = $this->db->query($sql); if (!$resql) { @@ -1678,7 +1679,7 @@ class BookKeeping extends CommonObject $sql = "SELECT MAX(piece_num)+1 as max FROM ".MAIN_DB_PREFIX.$this->table_element.$mode; $sql .= " WHERE entity IN (".getEntity('accountancy').")"; - dol_syslog(get_class($this)."getNextNumMvt sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."getNextNumMvt", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { @@ -1858,7 +1859,7 @@ class BookKeeping extends CommonObject $sql .= ' SELECT doc_date, doc_type,'; $sql .= ' doc_ref, fk_doc, fk_docdet, entity, thirdparty_code, subledger_account, subledger_label,'; $sql .= ' numero_compte, label_compte, label_operation, debit, credit,'; - $sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, '.$next_piecenum.", '".$this->db->idate($now)."'"; + $sql .= ' montant, sens, fk_user_author, import_key, code_journal, journal_label, '.((int) $next_piecenum).", '".$this->db->idate($now)."'"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.'_tmp WHERE piece_num = '.((int) $piece_num); $resql = $this->db->query($sql); if (!$resql) { @@ -2017,7 +2018,7 @@ class BookKeeping extends CommonObject $sql .= " WHERE aa.account_number = '".$this->db->escape($account)."'"; $sql .= " AND aa.entity IN (".getEntity('accountancy').")"; - dol_syslog(get_class($this)."::select_account sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::select_account", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $obj = ''; @@ -2057,7 +2058,7 @@ class BookKeeping extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_accounting_category as cat ON aa.fk_accounting_category = cat.rowid"; $sql .= " WHERE aa.entity IN (".getEntity('accountancy').")"; - dol_syslog(get_class($this)."::select_account sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::select_account", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $obj = ''; diff --git a/htdocs/accountancy/class/lettering.class.php b/htdocs/accountancy/class/lettering.class.php index b2abf01948e..1dd4c4df3e5 100644 --- a/htdocs/accountancy/class/lettering.class.php +++ b/htdocs/accountancy/class/lettering.class.php @@ -279,7 +279,7 @@ class Lettering extends BookKeeping $sql .= " WHERE rowid IN (".$this->db->sanitize(implode(',', $ids)).") AND date_validated IS NULL "; $this->db->begin(); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; diff --git a/htdocs/accountancy/closure/index.php b/htdocs/accountancy/closure/index.php index b612762d358..a7220d01a28 100644 --- a/htdocs/accountancy/closure/index.php +++ b/htdocs/accountancy/closure/index.php @@ -95,7 +95,7 @@ if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting- $sql .= " AND doc_date >= '" . $db->idate($date_start) . "'"; $sql .= " AND doc_date <= '" . $db->idate($date_end) . "'"; - dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated sql=".$sql, LOG_DEBUG); + dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated", LOG_DEBUG); $result = $db->query($sql); if (!$result) { $error++; @@ -189,7 +189,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(b.doc_date)='.$j, '1', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(b.doc_date)=".$j, "1", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " COUNT(b.rowid) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as b"; @@ -198,7 +198,7 @@ $sql .= " AND b.doc_date <= '".$db->idate($search_date_end)."'"; $sql .= " AND b.entity IN (".getEntity('bookkeeping', 0).")"; // We don't share object for accountancy $sql .= " AND date_validated IS NULL"; -dol_syslog('htdocs/accountancy/closure/index.php sql='.$sql, LOG_DEBUG); +dol_syslog('htdocs/accountancy/closure/index.php', LOG_DEBUG); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index b3ce892b235..296d6729301 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -117,7 +117,7 @@ if (!empty($id)) { $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id); $sql .= " AND f.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy - dol_syslog("/accounting/customer/card.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accounting/customer/card.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php index ede72c9d9e6..3b30d00dbf6 100644 --- a/htdocs/accountancy/customer/index.php +++ b/htdocs/accountancy/customer/index.php @@ -85,8 +85,8 @@ if ($action == 'clean' || $action == 'validatehistory') { $sql1 .= ' (SELECT accnt.rowid '; $sql1 .= ' FROM '.MAIN_DB_PREFIX.'accounting_account as accnt'; $sql1 .= ' INNER JOIN '.MAIN_DB_PREFIX.'accounting_system as syst'; - $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity.')'; - $sql1 .= ' AND fd.fk_facture IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'facture WHERE entity = '.$conf->entity.')'; + $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity).')'; + $sql1 .= ' AND fd.fk_facture IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'facture WHERE entity = '.((int) $conf->entity).')'; $sql1 .= ' AND fk_code_ventilation <> 0'; dol_syslog("htdocs/accountancy/customer/index.php fixaccountancycode", LOG_DEBUG); @@ -110,13 +110,13 @@ if ($action == 'validatehistory') { $sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet"; $sql1 .= " SET fk_code_ventilation = accnt.rowid"; $sql1 .= " FROM " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst"; - $sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number"; $sql1 .= " AND " . MAIN_DB_PREFIX . "facturedet.fk_code_ventilation = 0"; } else { $sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet as fd, " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst"; $sql1 .= " SET fk_code_ventilation = accnt.rowid"; - $sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number"; $sql1 .= " AND fd.fk_code_ventilation = 0"; }*/ @@ -283,7 +283,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, 'fd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "fd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -306,7 +306,7 @@ if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { } $sql .= " GROUP BY fd.fk_code_ventilation,aa.account_number,aa.label"; -dol_syslog('htdocs/accountancy/customer/index.php sql='.$sql, LOG_DEBUG); +dol_syslog('htdocs/accountancy/customer/index.php', LOG_DEBUG); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -367,7 +367,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, 'fd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "fd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -452,7 +452,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, 'fd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "fd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(fd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; @@ -513,7 +513,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$j, '(fd.total_ht-(fd.qty * fd.buy_price_ht))', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$j, "(fd.total_ht-(fd.qty * fd.buy_price_ht))", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM((fd.total_ht-(fd.qty * fd.buy_price_ht))) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd"; diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index 5ce9f5e13e8..35e02d5b007 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -188,7 +188,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog("accountancy/customer/list.php sql=".$sql, LOG_DEBUG); + dol_syslog("accountancy/customer/list.php", LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("Lineofinvoice", $monId).' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index db270b9d2db..7c2310ccce4 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -110,7 +110,7 @@ if (!empty($id)) { $sql .= " WHERE er.fk_statut > 0 AND erd.rowid = ".((int) $id); $sql .= " AND er.entity IN (".getEntity('expensereport', 0).")"; // We don't share object for accountancy - dol_syslog("/accounting/expensereport/card.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accounting/expensereport/card.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { diff --git a/htdocs/accountancy/expensereport/index.php b/htdocs/accountancy/expensereport/index.php index f06dd5f8d6f..1544976bb07 100644 --- a/htdocs/accountancy/expensereport/index.php +++ b/htdocs/accountancy/expensereport/index.php @@ -79,8 +79,8 @@ if (($action == 'clean' || $action == 'validatehistory') && $user->rights->accou $sql1 .= ' (SELECT accnt.rowid '; $sql1 .= ' FROM '.MAIN_DB_PREFIX.'accounting_account as accnt'; $sql1 .= ' INNER JOIN '.MAIN_DB_PREFIX.'accounting_system as syst'; - $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity.')'; - $sql1 .= ' AND erd.fk_expensereport IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'expensereport WHERE entity = '.$conf->entity.')'; + $sql1 .= ' ON accnt.fk_pcg_version = syst.pcg_version AND syst.rowid='.((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity).')'; + $sql1 .= ' AND erd.fk_expensereport IN (SELECT rowid FROM '.MAIN_DB_PREFIX.'expensereport WHERE entity = '.((int) $conf->entity).')'; $sql1 .= ' AND fk_code_ventilation <> 0'; dol_syslog("htdocs/accountancy/customer/index.php fixaccountancycode", LOG_DEBUG); $resql1 = $db->query($sql1); @@ -103,13 +103,13 @@ if ($action == 'validatehistory') { $sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det"; $sql1 .= " SET fk_code_ventilation = accnt.rowid"; $sql1 .= " FROM ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst"; - $sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND t.accountancy_code = accnt.account_number"; $sql1 .= " AND ".MAIN_DB_PREFIX."expensereport_det.fk_code_ventilation = 0"; } else { $sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd, ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst"; $sql1 .= " SET erd.fk_code_ventilation = accnt.rowid"; - $sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity; + $sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.((int) $conf->entity); $sql1 .= " AND accnt.active = 1 AND t.accountancy_code=accnt.account_number"; $sql1 .= " AND erd.fk_code_ventilation = 0"; } @@ -166,13 +166,13 @@ for ($i = 1; $i <= 12; $i++) { print ''.$langs->trans("Total").''; $sql = "SELECT ".$db->ifsql('aa.account_number IS NULL', "'tobind'", 'aa.account_number')." AS codecomptable,"; -$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,"; +$sql .= " ".$db->ifsql('aa.label IS NULL', "'tobind'", 'aa.label')." AS intitule,"; for ($i = 1; $i <= 12; $i++) { $j = $i + ($conf->global->SOCIETE_FISCAL_MONTH_START ? $conf->global->SOCIETE_FISCAL_MONTH_START : 1) - 1; if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(er.date_debut)='.$j, 'erd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(er.date_debut)=".$j, "erd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(erd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as erd"; @@ -251,7 +251,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(er.date_debut)='.$j, 'erd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(er.date_debut)=".$j, "erd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " ROUND(SUM(erd.total_ht),2) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as erd"; @@ -330,7 +330,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(er.date_create)='.$j, 'erd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(er.date_create)=".$j, "erd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(erd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as erd"; diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index d69e78fead2..4cfc4dfb4ba 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -159,7 +159,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog('accountancy/expensereport/list.php:: sql='.$sql, LOG_DEBUG); + dol_syslog('accountancy/expensereport/list.php', LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("LineOfExpenseReport").' '.$monId.' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 1e7887c1bdc..05d32d0cec5 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -118,7 +118,7 @@ if (!empty($id)) { $sql .= " WHERE f.fk_statut > 0 AND l.rowid = ".((int) $id); $sql .= " AND f.entity IN (".getEntity('facture_fourn', 0).")"; // We don't share object for accountancy - dol_syslog("/accounting/supplier/card.php sql=".$sql, LOG_DEBUG); + dol_syslog("/accounting/supplier/card.php", LOG_DEBUG); $result = $db->query($sql); if ($result) { diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php index f047ddf70de..1836687d042 100644 --- a/htdocs/accountancy/supplier/index.php +++ b/htdocs/accountancy/supplier/index.php @@ -283,7 +283,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$j, 'ffd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$j, "ffd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(ffd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; @@ -362,7 +362,7 @@ for ($i = 1; $i <= 12; $i++) { if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$j, 'ffd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$j, "ffd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(ffd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; @@ -441,7 +441,7 @@ if ($conf->global->MAIN_FEATURES_LEVEL > 0) { // This part of code looks strange if ($j > 12) { $j -= 12; } - $sql .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$j, 'ffd.total_ht', '0').") AS month".str_pad($j, 2, '0', STR_PAD_LEFT).","; + $sql .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$j, "ffd.total_ht", "0").") AS month".str_pad($j, 2, "0", STR_PAD_LEFT).","; } $sql .= " SUM(ffd.total_ht) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd"; diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index 4fd16df2afe..c6cfd3f7c92 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -193,7 +193,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); - dol_syslog('accountancy/supplier/list.php sql='.$sql, LOG_DEBUG); + dol_syslog('accountancy/supplier/list.php', LOG_DEBUG); if ($db->query($sql)) { $msg .= '
'.$langs->trans("Lineofinvoice").' '.$monId.' - '.$langs->trans("VentilatedinAccount").' : '.length_accountg($accountventilated->account_number).'
'; $ok++; diff --git a/htdocs/adherents/cartes/carte.php b/htdocs/adherents/cartes/carte.php index 8d9ed70a925..0512349ec4f 100644 --- a/htdocs/adherents/cartes/carte.php +++ b/htdocs/adherents/cartes/carte.php @@ -73,7 +73,7 @@ if ((!empty($foruserid) || !empty($foruserlogin) || !empty($mode)) && !$mesg) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type as t, ".MAIN_DB_PREFIX."adherent as d"; diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 75470b32173..78deca61028 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -1831,8 +1831,8 @@ class Adherent extends CommonObject if (!$error && !empty($bank_line_id)) { // Update fk_bank into subscription table - $sql = 'UPDATE '.MAIN_DB_PREFIX.'subscription SET fk_bank='.$bank_line_id; - $sql .= ' WHERE rowid='.$subscriptionid; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'subscription SET fk_bank='.((int) $bank_line_id); + $sql .= ' WHERE rowid='.((int) $subscriptionid); $result = $this->db->query($sql); if (!$result) { diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index 1a00a03e932..88dbf6e2b39 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -584,7 +584,7 @@ class AdherentType extends CommonObject /** * Return array of Member objects for member type this->id (or all if this->id not defined) * - * @param string $excludefilter Filter to exclude + * @param string $excludefilter Filter to exclude. This value must not come from a user input. * @param int $mode 0=Return array of member instance * 1=Return array of member instance without extra data * 2=Return array of members id only diff --git a/htdocs/adherents/class/api_members.class.php b/htdocs/adherents/class/api_members.class.php index d57a01510d4..b95313bdbc1 100644 --- a/htdocs/adherents/class/api_members.class.php +++ b/htdocs/adherents/class/api_members.class.php @@ -204,7 +204,7 @@ class Members extends DolibarrApi * @param int $limit Limit for list * @param int $page Page number * @param string $typeid ID of the type of member - * @param int $category Use this param to filter list by category + * @param int $category Use this param to filter list by category * @param string $sqlfilters Other criteria to filter answers separated by a comma. * Example: "(t.ref:like:'SO-%') and ((t.date_creation:<:'20160101') or (t.nature:is:NULL))" * @return array Array of member objects diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index 68430a71bab..fd667ad6a2f 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -323,7 +323,7 @@ $sql .= " state.code_departement as state_code, state.nom as state_name,"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks diff --git a/htdocs/admin/emailcollector_list.php b/htdocs/admin/emailcollector_list.php index c57e681be34..ddfa847d813 100644 --- a/htdocs/admin/emailcollector_list.php +++ b/htdocs/admin/emailcollector_list.php @@ -208,12 +208,12 @@ $title = $langs->trans('ListOf', $langs->transnoentitiesnoconv("EmailCollector") // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -259,7 +259,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/admin/limits.php b/htdocs/admin/limits.php index 4a599499053..ef0c996569f 100644 --- a/htdocs/admin/limits.php +++ b/htdocs/admin/limits.php @@ -108,9 +108,9 @@ $aCurrencies = array($conf->currency); // Default currency always first position if (!empty($conf->multicurrency->enabled) && !empty($conf->global->MULTICURRENCY_USE_LIMIT_BY_CURRENCY)) { require_once DOL_DOCUMENT_ROOT.'/core/lib/multicurrency.lib.php'; - $sql = 'SELECT rowid, code FROM '.MAIN_DB_PREFIX.'multicurrency'; - $sql .= ' WHERE entity = '.$conf->entity; - $sql .= ' AND code != "'.$conf->currency.'"'; // Default currency always first position + $sql = "SELECT rowid, code FROM ".MAIN_DB_PREFIX."multicurrency"; + $sql .= " WHERE entity = ".((int) $conf->entity); + $sql .= " AND code <> '".$db->escape($conf->currency)."'"; // Default currency always first position $resql = $db->query($sql); if ($resql) { while ($obj = $db->fetch_object($resql)) { diff --git a/htdocs/admin/mails_senderprofile_list.php b/htdocs/admin/mails_senderprofile_list.php index f91b9685c88..baa8c3688d8 100644 --- a/htdocs/admin/mails_senderprofile_list.php +++ b/htdocs/admin/mails_senderprofile_list.php @@ -226,12 +226,12 @@ print "
\n"; // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -282,7 +282,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY " foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index 3fa2e5d0af9..4fb4e05f771 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -146,7 +146,7 @@ if ($action == 'add') { if (!$error) { $db->begin(); - $sql = "INSERT INTO ".MAIN_DB_PREFIX."overwrite_trans(lang, transkey, transvalue, entity) VALUES ('".$db->escape($langcode)."','".$db->escape($transkey)."','".$db->escape($transvalue)."', ".$db->escape($conf->entity).")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."overwrite_trans(lang, transkey, transvalue, entity) VALUES ('".$db->escape($langcode)."','".$db->escape($transkey)."','".$db->escape($transvalue)."', ".((int) $conf->entity).")"; $result = $db->query($sql); if ($result > 0) { $db->commit(); diff --git a/htdocs/api/class/api.class.php b/htdocs/api/class/api.class.php index 0a84de7b7c1..ab65576811a 100644 --- a/htdocs/api/class/api.class.php +++ b/htdocs/api/class/api.class.php @@ -327,7 +327,7 @@ class DolibarrApi * Function to forge a SQL criteria * * @param array $matches Array of found string by regex search. - * Example: "t.ref:like:'SO-%'" or "t.date_creation:<:'20160101'" or "t.date_creation:<:'2016-01-01 12:30:00'" or "t.nature:is:NULL" + * Example: "t.ref:like:'SO-%'" or "t.date_creation:<:'20160101'" or "t.date_creation:<:'2016-01-01 12:30:00'" or "t.nature:is:NULL" or "t.nature:isnot:NULL" * @return string Forged criteria. Example: "t.field like 'abc%'" */ protected static function _forge_criteria_callback($matches) @@ -345,18 +345,36 @@ class DolibarrApi return ''; } + // Sanitize operand $operand = preg_replace('/[^a-z0-9\._]/i', '', trim($tmp[0])); + // Sanitize operator $operator = strtoupper(preg_replace('/[^a-z<>=]/i', '', trim($tmp[1]))); + // Only some operators are allowed. + if (! in_array($operator, array('LIKE', 'ULIKE', '<', '>', '<=', '>=', '=', '<>', 'IS', 'ISNOT', 'IN'))) { + return ''; + } + if ($operator == 'ISNOT') { + $operator = 'IS NOT'; + } + // Sanitize value $tmpescaped = trim($tmp[2]); $regbis = array(); if ($operator == 'IN') { $tmpescaped = "(".$db->sanitize($tmpescaped, 1).")"; - } elseif (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) { - $tmpescaped = "'".$db->escape($regbis[1])."'"; + } elseif (in_array($operator, array('<', '>', '<=', '>=', '=', '<>'))) { + if (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) { // If 'YYYY-MM-DD HH:MM:SS+X' + $tmpescaped = "'".$db->escape($regbis[1])."'"; + } else { + $tmpescaped = ((float) $tmpescaped); + } } else { - $tmpescaped = $db->sanitize($db->escape($tmpescaped)); + if (preg_match('/^\'(.*)\'$/', $tmpescaped, $regbis)) { + $tmpescaped = "'".$db->escape($regbis[1])."'"; + } else { + $tmpescaped = "'".$db->escape($tmpescaped)."'"; + } } return $db->escape($operand).' '.$db->escape($operator)." ".$tmpescaped; diff --git a/htdocs/asset/list.php b/htdocs/asset/list.php index 1d994e25177..770493a90f6 100644 --- a/htdocs/asset/list.php +++ b/htdocs/asset/list.php @@ -197,12 +197,12 @@ $title = $langs->trans('ListOf', $langs->transnoentitiesnoconv("Assets")); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -249,7 +249,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY " foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/bom/bom_list.php b/htdocs/bom/bom_list.php index df21938aec5..4a94dc7ce86 100644 --- a/htdocs/bom/bom_list.php +++ b/htdocs/bom/bom_list.php @@ -297,7 +297,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.' ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.' ' : ''); } } // Add fields from hooks @@ -363,7 +363,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index 3996b5e49bd..6de13ac137a 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -431,25 +431,25 @@ class BOM extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')'; + $sql .= " AND (".implode(" ".$filtermode." ", $sqlwhere).")"; } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); @@ -1288,13 +1288,13 @@ class BOMLine extends CommonObjectLine if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -1306,7 +1306,7 @@ class BOMLine extends CommonObjectLine $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 689014ad14e..ba5515149d4 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -455,7 +455,7 @@ class Categorie extends CommonObject $sql .= ($this->socid > 0 ? $this->socid : 'null').", "; } $sql .= "'".$this->db->escape($this->visible)."', "; - $sql .= $this->db->escape($type).", "; + $sql .= ((int) $type).", "; $sql .= (!empty($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : 'null').", "; $sql .= (!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : 'null').", "; $sql .= (int) $conf->entity.", "; @@ -687,7 +687,7 @@ class Categorie extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); $sql .= " (fk_categorie, fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type]).")"; - $sql .= " VALUES (".$this->id.", ".$obj->id.")"; + $sql .= " VALUES (".((int) $this->id).", ".((int) $obj->id).")"; dol_syslog(get_class($this).'::add_type', LOG_DEBUG); if ($this->db->query($sql)) { @@ -924,12 +924,11 @@ class Categorie extends CommonObject $idoftype = array_search($type, self::$MAP_ID_TO_CODE); $sql = "SELECT s.rowid"; - $sql .= " FROM ".MAIN_DB_PREFIX."categorie as s"; - $sql .= " , ".MAIN_DB_PREFIX."categorie_".$sub_type." as sub "; + $sql .= " FROM ".MAIN_DB_PREFIX."categorie as s, ".MAIN_DB_PREFIX."categorie_".$sub_type." as sub"; $sql .= ' WHERE s.entity IN ('.getEntity('category').')'; $sql .= ' AND s.type='.((int) $idoftype); $sql .= ' AND s.rowid = sub.fk_categorie'; - $sql .= ' AND sub.'.$subcol_name.' = '.((int) $id); + $sql .= " AND sub.".$subcol_name." = ".((int) $id); $sql .= $this->db->order($sortfield, $sortorder); @@ -1811,13 +1810,13 @@ class Categorie extends CommonObject if ($key == $current_lang) { if ($this->db->num_rows($result)) { // si aucune ligne dans la base $sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang"; - $sql2 .= " SET label='".$this->db->escape($this->label)."',"; - $sql2 .= " description='".$this->db->escape($this->description)."'"; - $sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " SET label = '".$this->db->escape($this->label)."',"; + $sql2 .= " description = '".$this->db->escape($this->description)."'"; + $sql2 .= " WHERE fk_category = ".((int) $this->id)." AND lang = '".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)"; - $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->label); - $sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')"; + $sql2 .= " VALUES(".((int) $this->id).", '".$this->db->escape($key)."', '".$this->db->escape($this->label)."'"; + $sql2 .= ", '".$this->db->escape($this->multilangs["$key"]["description"])."')"; } dol_syslog(get_class($this).'::setMultiLangs', LOG_DEBUG); if (!$this->db->query($sql2)) { @@ -1832,8 +1831,8 @@ class Categorie extends CommonObject $sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)"; - $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->multilangs["$key"]["label"]); - $sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')"; + $sql2 .= " VALUES(".((int) $this->id).", '".$this->db->escape($key)."', '".$this->db->escape($this->multilangs["$key"]["label"])."'"; + $sql2 .= ",'".$this->db->escape($this->multilangs["$key"]["description"])."')"; } // on ne sauvegarde pas des champs vides diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 1e8de65cb43..b7530e788a8 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -542,18 +542,18 @@ class ActionComm extends CommonObject $sql .= (isset($this->type_id) ? $this->type_id : "null").","; $sql .= ($code ? ("'".$this->db->escape($code)."'") : "null").", "; $sql .= (!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null").", "; - $sql .= ((isset($this->socid) && $this->socid > 0) ? $this->socid : "null").", "; - $sql .= ((isset($this->fk_project) && $this->fk_project > 0) ? $this->fk_project : "null").", "; + $sql .= ((isset($this->socid) && $this->socid > 0) ? ((int) $this->socid) : "null").", "; + $sql .= ((isset($this->fk_project) && $this->fk_project > 0) ? ((int) $this->fk_project) : "null").", "; $sql .= " '".$this->db->escape($this->note_private)."', "; - $sql .= ((isset($this->contact_id) && $this->contact_id > 0) ? $this->contact_id : "null").", "; // deprecated, use ->socpeopleassigned + $sql .= ((isset($this->contact_id) && $this->contact_id > 0) ? ((int) $this->contact_id) : "null").", "; // deprecated, use ->socpeopleassigned $sql .= (isset($user->id) && $user->id > 0 ? $user->id : "null").", "; $sql .= ($userownerid > 0 ? $userownerid : "null").", "; $sql .= ($userdoneid > 0 ? $userdoneid : "null").", "; $sql .= "'".$this->db->escape($this->label)."','".$this->db->escape($this->percentage)."','".$this->db->escape($this->priority)."','".$this->db->escape($this->fulldayevent)."','".$this->db->escape($this->location)."', "; $sql .= "'".$this->db->escape($this->transparency)."', "; - $sql .= (!empty($this->fk_element) ? $this->fk_element : "null").", "; + $sql .= (!empty($this->fk_element) ? ((int) $this->fk_element) : "null").", "; $sql .= (!empty($this->elementtype) ? "'".$this->db->escape($this->elementtype)."'" : "null").", "; - $sql .= $conf->entity.","; + $sql .= ((int) $conf->entity).","; $sql .= (!empty($this->extraparams) ? "'".$this->db->escape($this->extraparams)."'" : "null").", "; // Fields emails $sql .= (!empty($this->email_msgid) ? "'".$this->db->escape($this->email_msgid)."'" : "null").", "; @@ -593,7 +593,7 @@ class ActionComm extends CommonObject if (!empty($already_inserted[$val['id']])) continue; $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'user', ".$val['id'].", ".(empty($val['mandatory']) ? '0' : $val['mandatory']).", ".(empty($val['transparency']) ? '0' : $val['transparency']).", ".(empty($val['answer_status']) ? '0' : $val['answer_status']).")"; + $sql .= " VALUES(".((int) $this->id).", 'user', ".((int) $val['id']).", ".(empty($val['mandatory']) ? '0' : ((int) $val['mandatory'])).", ".(empty($val['transparency']) ? '0' : ((int) $val['transparency'])).", ".(empty($val['answer_status']) ? '0' : ((int) $val['answer_status'])).")"; $resql = $this->db->query($sql); if (!$resql) { @@ -615,7 +615,7 @@ class ActionComm extends CommonObject if (!empty($already_inserted[$val['id']])) continue; $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'socpeople', ".$id.", 0, 0, 0)"; + $sql .= " VALUES(".((int) $this->id).", 'socpeople', ".((int) $id).", 0, 0, 0)"; $resql = $this->db->query($sql); if (!$resql) { @@ -1170,7 +1170,7 @@ class ActionComm extends CommonObject if (!empty($already_inserted[$val['id']])) continue; $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'user', ".$val['id'].", ".(empty($val['mandatory']) ? '0' : $val['mandatory']).", ".(empty($val['transparency']) ? '0' : $val['transparency']).", ".(empty($val['answer_status']) ? '0' : $val['answer_status']).")"; + $sql .= " VALUES(".((int) $this->id).", 'user', ".((int) $val['id']).", ".(empty($val['mandatory']) ? '0' : ((int) $val['mandatory'])).", ".(empty($val['transparency']) ? '0' : ((int) $val['transparency'])).", ".(empty($val['answer_status']) ? '0' : ((int) $val['answer_status'])).")"; $resql = $this->db->query($sql); if (!$resql) { @@ -1193,7 +1193,7 @@ class ActionComm extends CommonObject if (!empty($already_inserted[$val['id']])) continue; $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element, mandatory, transparency, answer_status)"; - $sql .= " VALUES(".$this->id.", 'socpeople', ".$id.", 0, 0, 0)"; + $sql .= " VALUES(".((int) $this->id).", 'socpeople', ".((int) $id).", 0, 0, 0)"; $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index c682131e442..769a966eb8e 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -878,7 +878,7 @@ if ($showbirthday) { // Add events in array $sql = 'SELECT sp.rowid, sp.lastname, sp.firstname, sp.birthday'; $sql .= ' FROM '.MAIN_DB_PREFIX.'socpeople as sp'; - $sql .= ' WHERE (priv=0 OR (priv=1 AND fk_user_creat='.$user->id.'))'; + $sql .= ' WHERE (priv=0 OR (priv=1 AND fk_user_creat='.((int) $user->id).'))'; $sql .= " AND sp.entity IN (".getEntity('socpeople').")"; if ($action == 'show_day') { $sql .= ' AND MONTH(birthday) = '.((int) $month); diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index d467c10fd58..95d882f8076 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -381,7 +381,7 @@ $sql .= " sp.lastname, sp.firstname, sp.email, sp.phone, sp.address, sp.phone as // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php index 9051ebfa921..79e25c83385 100644 --- a/htdocs/comm/mailing/class/advtargetemailing.class.php +++ b/htdocs/comm/mailing/class/advtargetemailing.class.php @@ -181,7 +181,7 @@ class AdvanceTargetingMailing extends CommonObject $this->db->begin(); - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; $this->errors[] = "Error ".$this->db->lasterror(); @@ -230,7 +230,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t"; $sql .= " WHERE t.rowid = ".((int) $id); - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -289,7 +289,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = 'mailing'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -352,7 +352,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = '".$this->db->escape($type_element)."'"; } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -422,7 +422,7 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -600,31 +600,31 @@ class AdvanceTargetingMailing extends CommonObject if (($extrafields->attributes[$elementtype]['type'][$key] == 'varchar') || ($extrafields->attributes[$elementtype]['type'][$key] == 'text')) { if (!empty($arrayquery['options_'.$key])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key])."')"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') || ($extrafields->attributes[$elementtype]['type'][$key] == 'double')) { if (!empty($arrayquery['options_'.$key.'_max'])) { - $sqlwhere[] = " (te.".$key." >= ".$arrayquery['options_'.$key.'_max']." AND te.".$key." <= ".$arrayquery['options_'.$key.'_min'].")"; + $sqlwhere[] = " (te.".$key." >= ".((float) $arrayquery["options_".$key."_max"])." AND te.".$key." <= ".((float) $arrayquery["options_".$key.'_min']).")"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'date') || ($extrafields->attributes[$elementtype]['type'][$key] == 'datetime')) { if (!empty($arrayquery['options_'.$key.'_end_dt'])) { - $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery['options_'.$key.'_st_dt'])."' AND te.".$key." <= '".$this->db->idate($arrayquery['options_'.$key.'_end_dt'])."')"; + $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery["options_".$key."_st_dt"])."' AND te.".$key." <= '".$this->db->idate($arrayquery["options_".$key."_end_dt"])."')"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'boolean') { if ($arrayquery['options_'.$key] != '') { - $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery['options_'.$key]).")"; + $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery["options_".$key]).")"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'link') { if ($arrayquery['options_'.$key] > 0) { - $sqlwhere[]= " (te.".$key." = ".((int) $arrayquery['options_'.$key]).")"; + $sqlwhere[]= " (te.".$key." = ".((int) $arrayquery["options_".$key]).")"; } } else { if (is_array($arrayquery['options_'.$key])) { - $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key])."'", 1)."))"; + $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery["options_".$key])."'", 1)."))"; } elseif (!empty($arrayquery['options_'.$key])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key])."')"; } } } @@ -636,7 +636,7 @@ class AdvanceTargetingMailing extends CommonObject } - dol_syslog(get_class($this)."::query_thirdparty sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::query_thirdparty", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $this->thirdparty_lines = array(); @@ -743,31 +743,31 @@ class AdvanceTargetingMailing extends CommonObject if (($extrafields->attributes[$elementtype]['type'][$key] == 'varchar') || ($extrafields->attributes[$elementtype]['type'][$key] == 'text')) { if (!empty($arrayquery['options_'.$key.'_cnct'])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key.'_cnct'])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key."_cnct"])."')"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') || ($extrafields->attributes[$elementtype]['type'][$key] == 'double')) { if (!empty($arrayquery['options_'.$key.'_max_cnct'])) { - $sqlwhere[] = " (te.".$key." >= ".$arrayquery['options_'.$key.'_max_cnct']." AND te.".$key." <= ".$arrayquery['options_'.$key.'_min_cnct'].")"; + $sqlwhere[] = " (te.".$key." >= ".((float) $arrayquery["options_".$key."_max_cnct"])." AND te.".$key." <= ".((float) $arrayquery["options_".$key."_min_cnct"]).")"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'date') || ($extrafields->attributes[$elementtype]['type'][$key] == 'datetime')) { if (!empty($arrayquery['options_'.$key.'_end_dt_cnct'])) { - $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery['options_'.$key.'_st_dt_cnct'])."' AND te.".$key." <= '".$this->db->idate($arrayquery['options_'.$key.'_end_dt_cnct'])."')"; + $sqlwhere[] = " (te.".$key." >= '".$this->db->idate($arrayquery["options_".$key."_st_dt_cnct"])."' AND te.".$key." <= '".$this->db->idate($arrayquery["options_".$key."_end_dt_cnct"])."')"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'boolean') { if ($arrayquery['options_'.$key.'_cnct'] != '') { if ($arrayquery['options_'.$key.'_cnct'] == 0) { - $sqlwhere[] = " (te.".$key." = ".$arrayquery['options_'.$key.'_cnct']." OR ((te.".$key." IS NULL) AND (te.fk_object IS NOT NULL)))"; + $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery["options_".$key."_cnct"])." OR ((te.".$key." IS NULL) AND (te.fk_object IS NOT NULL)))"; } else { - $sqlwhere[] = " (te.".$key." = ".$arrayquery['options_'.$key.'_cnct'].")"; + $sqlwhere[] = " (te.".$key." = ".((int) $arrayquery["options_".$key."_cnct"]).")"; } } } else { if (is_array($arrayquery['options_'.$key.'_cnct'])) { - $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key.'_cnct'])."'", 1)."))"; + $sqlwhere[] = " (te.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery["options_".$key."_cnct"])."'", 1)."))"; } elseif (!empty($arrayquery['options_'.$key.'_cnct'])) { - $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key.'_cnct'])."')"; + $sqlwhere[] = " (te.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key."_cnct"])."')"; } } } @@ -850,22 +850,22 @@ class AdvanceTargetingMailing extends CommonObject } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'int') || ($extrafields->attributes[$elementtype]['type'][$key] == 'double')) { if (!empty($arrayquery['options_'.$key.'_max'])) { - $sqlwhere[] = " (tse.".$key." >= ".$arrayquery['options_'.$key.'_max']." AND tse.".$key." <= ".$arrayquery['options_'.$key.'_min'].")"; + $sqlwhere[] = " (tse.".$key." >= ".((float) $arrayquery["options_".$key."_max"])." AND tse.".$key." <= ".((float) $arrayquery["options_".$key."_min"]).")"; } } elseif (($extrafields->attributes[$elementtype]['type'][$key] == 'date') || ($extrafields->attributes[$elementtype]['type'][$key] == 'datetime')) { if (!empty($arrayquery['options_'.$key.'_end_dt'])) { - $sqlwhere[] = " (tse.".$key." >= '".$this->db->idate($arrayquery['options_'.$key.'_st_dt'])."' AND tse.".$key." <= '".$this->db->idate($arrayquery['options_'.$key.'_end_dt'])."')"; + $sqlwhere[] = " (tse.".$key." >= '".$this->db->idate($arrayquery["options_".$key."_st_dt"])."' AND tse.".$key." <= '".$this->db->idate($arrayquery["options_".$key."_end_dt"])."')"; } } elseif ($extrafields->attributes[$elementtype]['type'][$key] == 'boolean') { if ($arrayquery['options_'.$key] != '') { - $sqlwhere[] = " (tse.".$key." = ".$arrayquery['options_'.$key].")"; + $sqlwhere[] = " (tse.".$key." = ".((int) $arrayquery["options_".$key]).")"; } } else { if (is_array($arrayquery['options_'.$key])) { - $sqlwhere[] = " (tse.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery['options_'.$key])."'", 1)."))"; + $sqlwhere[] = " (tse.".$key." IN (".$this->db->sanitize("'".implode("','", $arrayquery["options_".$key])."'", 1)."))"; } elseif (!empty($arrayquery['options_'.$key])) { - $sqlwhere[] = " (tse.".$key." LIKE '".$this->db->escape($arrayquery['options_'.$key])."')"; + $sqlwhere[] = " (tse.".$key." LIKE '".$this->db->escape($arrayquery["options_".$key])."')"; } } } @@ -877,7 +877,7 @@ class AdvanceTargetingMailing extends CommonObject } } - dol_syslog(get_class($this)."::query_contact sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::query_contact", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $this->contact_lines = array(); diff --git a/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php b/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php index 12684e5f873..cfdca4a1fc2 100644 --- a/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php +++ b/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php @@ -237,22 +237,22 @@ class FormAdvTargetEmailing extends Form $keyList = 'rowid'; if (count($InfoFieldList) >= 3) { - if (strpos($InfoFieldList [3], 'extra.') !== false) { - $keyList = 'main.'.$InfoFieldList [2].' as rowid'; + if (strpos($InfoFieldList[3], 'extra.') !== false) { + $keyList = 'main.'.$InfoFieldList[2].' as rowid'; } else { - $keyList = $InfoFieldList [2].' as rowid'; + $keyList = $InfoFieldList[2].' as rowid'; } } - $sql = 'SELECT '.$keyList.', '.$InfoFieldList [1]; - $sql .= ' FROM '.MAIN_DB_PREFIX.$InfoFieldList [0]; - if (!empty($InfoFieldList [3])) { + $sql = "SELECT ".$keyList.", ".$InfoFieldList[1]; + $sql .= " FROM ".MAIN_DB_PREFIX.$InfoFieldList[0]; + if (!empty($InfoFieldList[3])) { // We have to join on extrafield table - if (strpos($InfoFieldList [3], 'extra') !== false) { - $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList [0].'_extrafields as extra'; - $sql .= ' WHERE extra.fk_object=main.'.$InfoFieldList [2].' AND '.$InfoFieldList [3]; + if (strpos($InfoFieldList[3], 'extra') !== false) { + $sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra'; + $sql .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[3]; } else { - $sql .= ' WHERE '.$InfoFieldList [3]; + $sql .= " WHERE ".$InfoFieldList[3]; } } if (!empty($InfoFieldList[1])) { @@ -267,7 +267,7 @@ class FormAdvTargetEmailing extends Form if ($num) { while ($i < $num) { $obj = $this->db->fetch_object($resql); - $labeltoshow = dol_trunc($obj->$InfoFieldList [1], 90); + $labeltoshow = dol_trunc($obj->$InfoFieldList[1], 90); $options_array[$obj->rowid] = $labeltoshow; $i++; } diff --git a/htdocs/comm/mailing/class/mailing.class.php b/htdocs/comm/mailing/class/mailing.class.php index 2d33d4219d8..2f9ef25af31 100644 --- a/htdocs/comm/mailing/class/mailing.class.php +++ b/htdocs/comm/mailing/class/mailing.class.php @@ -228,7 +228,7 @@ class Mailing extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing"; $sql .= " (date_creat, fk_user_creat, entity)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$user->id.", ".$conf->entity.")"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $user->id).", ".((int) $conf->entity).")"; if (!$this->title) { $this->title = $langs->trans("NoTitle"); @@ -647,7 +647,7 @@ class Mailing extends CommonObject $nbforupdate = $obj->nb; $sql = 'UPDATE '.MAIN_DB_PREFIX.'mailing SET nbemail = '.((int) $nbforupdate); - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' WHERE rowid = '.((int) $this->id); $resqlupdate = $this->db->query($sql); if (! $resqlupdate) { diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 6e3f60a7cf5..2d304f9b1a8 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1727,7 +1727,7 @@ class Propal extends CommonObject $sql .= ' d.fk_multicurrency, d.multicurrency_code, d.multicurrency_subprice, d.multicurrency_total_ht, d.multicurrency_total_tva, d.multicurrency_total_ttc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'propaldet as d'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON (d.fk_product = p.rowid)'; - $sql .= ' WHERE d.fk_propal = '.$this->id; + $sql .= ' WHERE d.fk_propal = '.((int) $this->id); if ($only_product) { $sql .= ' AND p.fk_product_type = 0'; } diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index 23a16e2cfe7..bf06a27e620 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -481,7 +481,7 @@ if ($search_categ_cus) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 050b7251898..837683c3800 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -934,8 +934,8 @@ class Commande extends CommonOrder $sql .= ", multicurrency_code"; $sql .= ", multicurrency_tx"; $sql .= ")"; - $sql .= " VALUES ('(PROV)', ".$this->socid.", '".$this->db->idate($now)."', ".$user->id; - $sql .= ", ".($this->fk_project > 0 ? $this->fk_project : "null"); + $sql .= " VALUES ('(PROV)', ".((int) $this->socid).", '".$this->db->idate($now)."', ".((int) $user->id); + $sql .= ", ".($this->fk_project > 0 ? ((int) $this->fk_project) : "null"); $sql .= ", '".$this->db->idate($date)."'"; $sql .= ", ".($this->source >= 0 && $this->source != '' ? $this->db->escape($this->source) : 'null'); $sql .= ", '".$this->db->escape($this->note_private)."'"; @@ -944,15 +944,15 @@ class Commande extends CommonOrder $sql .= ", ".($this->ref_client ? "'".$this->db->escape($this->ref_client)."'" : "null"); $sql .= ", ".($this->ref_int ? "'".$this->db->escape($this->ref_int)."'" : "null"); $sql .= ", '".$this->db->escape($this->model_pdf)."'"; - $sql .= ", ".($this->cond_reglement_id > 0 ? $this->cond_reglement_id : "null"); - $sql .= ", ".($this->mode_reglement_id > 0 ? $this->mode_reglement_id : "null"); - $sql .= ", ".($this->fk_account > 0 ? $this->fk_account : 'NULL'); - $sql .= ", ".($this->availability_id > 0 ? $this->availability_id : "null"); - $sql .= ", ".($this->demand_reason_id > 0 ? $this->demand_reason_id : "null"); + $sql .= ", ".($this->cond_reglement_id > 0 ? ((int) $this->cond_reglement_id) : "null"); + $sql .= ", ".($this->mode_reglement_id > 0 ? ((int) $this->mode_reglement_id) : "null"); + $sql .= ", ".($this->fk_account > 0 ? ((int) $this->fk_account) : 'NULL'); + $sql .= ", ".($this->availability_id > 0 ? ((int) $this->availability_id) : "null"); + $sql .= ", ".($this->demand_reason_id > 0 ? ((int) $this->demand_reason_id) : "null"); $sql .= ", ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : "null"); - $sql .= ", ".($this->fk_delivery_address > 0 ? $this->fk_delivery_address : 'NULL'); - $sql .= ", ".(!empty($this->shipping_method_id) && $this->shipping_method_id > 0 ? $this->shipping_method_id : 'NULL'); - $sql .= ", ".(!empty($this->warehouse_id) && $this->warehouse_id > 0 ? $this->warehouse_id : 'NULL'); + $sql .= ", ".($this->fk_delivery_address > 0 ? ((int) $this->fk_delivery_address) : 'NULL'); + $sql .= ", ".(!empty($this->shipping_method_id) && $this->shipping_method_id > 0 ? ((int) $this->shipping_method_id) : 'NULL'); + $sql .= ", ".(!empty($this->warehouse_id) && $this->warehouse_id > 0 ? ((int) $this->warehouse_id) : 'NULL'); $sql .= ", ".($this->remise_absolue > 0 ? $this->db->escape($this->remise_absolue) : 'NULL'); $sql .= ", ".($this->remise_percent > 0 ? $this->db->escape($this->remise_percent) : 0); $sql .= ", ".(int) $this->fk_incoterms; @@ -962,7 +962,7 @@ class Commande extends CommonOrder $sql .= ", ".($this->pos_source != '' ? "'".$this->db->escape($this->pos_source)."'" : "null"); $sql .= ", ".(int) $this->fk_multicurrency; $sql .= ", '".$this->db->escape($this->multicurrency_code)."'"; - $sql .= ", ".(double) $this->multicurrency_tx; + $sql .= ", ".(float) $this->multicurrency_tx; $sql .= ")"; dol_syslog(get_class($this)."::create", LOG_DEBUG); diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index b11d97811c8..6f6643336f6 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -436,7 +436,7 @@ if ($search_categ_cus) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 14aeee29d69..51ff5a5b5c4 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -561,7 +561,7 @@ $sql .= " ba.rowid as bankid, ba.ref as bankref"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/compta/bank/list.php b/htdocs/compta/bank/list.php index 657b1cb8577..cd6e6cfd365 100644 --- a/htdocs/compta/bank/list.php +++ b/htdocs/compta/bank/list.php @@ -185,7 +185,7 @@ $sql = "SELECT b.rowid, b.label, b.courant, b.rappro, b.account_number, b.fk_acc // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php index 407e8b3cf73..dbaaf882bfb 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_list.php +++ b/htdocs/compta/cashcontrol/cashcontrol_list.php @@ -223,7 +223,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -287,7 +287,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/compta/facture/invoicetemplate_list.php b/htdocs/compta/facture/invoicetemplate_list.php index d099bfd57bc..660c7d7c4e4 100644 --- a/htdocs/compta/facture/invoicetemplate_list.php +++ b/htdocs/compta/facture/invoicetemplate_list.php @@ -260,7 +260,7 @@ $sql .= " f.fk_cond_reglement, f.fk_mode_reglement"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index cd274c686a9..76cddb2d909 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -561,7 +561,7 @@ if ($search_categ_cus && $search_categ_cus!=-1) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 94264d0f9f6..8c8a563f418 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -292,8 +292,8 @@ class Paiement extends CommonObject $note = ($this->note_private ? $this->note_private : $this->note); $sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement (entity, ref, ref_ext, datec, datep, amount, multicurrency_amount, fk_paiement, num_paiement, note, ext_payment_id, ext_payment_site, fk_user_creat, pos_change)"; - $sql .= " VALUES (".$conf->entity.", '".$this->db->escape($this->ref)."', '".$this->db->escape($this->ref_ext)."', '".$this->db->idate($now)."', '".$this->db->idate($this->datepaye)."', ".$total.", ".$mtotal.", ".$this->paiementid.", "; - $sql .= "'".$this->db->escape($num_payment)."', '".$this->db->escape($note)."', ".($this->ext_payment_id ? "'".$this->db->escape($this->ext_payment_id)."'" : "null").", ".($this->ext_payment_site ? "'".$this->db->escape($this->ext_payment_site)."'" : "null").", ".$user->id.", ".((float) $this->pos_change).")"; + $sql .= " VALUES (".((int) $conf->entity).", '".$this->db->escape($this->ref)."', '".$this->db->escape($this->ref_ext)."', '".$this->db->idate($now)."', '".$this->db->idate($this->datepaye)."', ".((float) $total).", ".((float) $mtotal).", ".((int) $this->paiementid).", "; + $sql .= "'".$this->db->escape($num_payment)."', '".$this->db->escape($note)."', ".($this->ext_payment_id ? "'".$this->db->escape($this->ext_payment_id)."'" : "null").", ".($this->ext_payment_site ? "'".$this->db->escape($this->ext_payment_site)."'" : "null").", ".((int) $user->id).", ".((float) $this->pos_change).")"; $resql = $this->db->query($sql); if ($resql) { @@ -305,7 +305,7 @@ class Paiement extends CommonObject if (is_numeric($amount) && $amount <> 0) { $amount = price2num($amount); $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'paiement_facture (fk_facture, fk_paiement, amount, multicurrency_amount)'; - $sql .= ' VALUES ('.$facid.', '.$this->id.', \''.$amount.'\', \''.$this->multicurrency_amounts[$key].'\')'; + $sql .= ' VALUES ('.((int) $facid).', '.((int) $this->id).", ".((float) $amount).", ".((float) $this->multicurrency_amounts[$key]).')'; dol_syslog(get_class($this).'::create Amount line '.$key.' insert paiement_facture', LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index a97facc592c..ed7ecae5cf9 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -868,7 +868,7 @@ class BonPrelevement extends CommonObject $sql .= " AND f.total_ttc > 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; - dol_syslog(__METHOD__."::Read invoices, sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__."::Read invoices,", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -992,7 +992,7 @@ class BonPrelevement extends CommonObject $sql .= " AND entity = ".((int) $conf->entity); $sql .= " ORDER BY ref DESC LIMIT 1"; - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1408,7 +1408,7 @@ class BonPrelevement extends CommonObject $now = dol_now(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec,fk_user, fk_soc, fk_contact, fk_action)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$userid.", 'NULL', 'NULL', '".$this->db->escape($action)."')"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $userid).", 'NULL', 'NULL', '".$this->db->escape($action)."')"; dol_syslog("adnotiff: ".$sql); if ($this->db->query($sql)) { diff --git a/htdocs/compta/stats/byratecountry.php b/htdocs/compta/stats/byratecountry.php index d65bed019fc..9a9ba40b56a 100644 --- a/htdocs/compta/stats/byratecountry.php +++ b/htdocs/compta/stats/byratecountry.php @@ -325,7 +325,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " GROUP BY fd.tva_tx,fd.product_type, cc.label, cc.code "; $sql .= " ORDER BY country, product_type, vatrate"; - dol_syslog("htdocs/compta/tva/index.php sql=".$sql, LOG_DEBUG); + dol_syslog("htdocs/compta/tva/index.php", LOG_DEBUG); $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); @@ -413,7 +413,7 @@ if ($modecompta == 'CREANCES-DETTES') { $sql2 .= " ORDER BY country, product_type, vatrate"; //print $sql2; - dol_syslog("htdocs/compta/tva/index.php sql=".$sql, LOG_DEBUG); + dol_syslog("htdocs/compta/tva/index.php", LOG_DEBUG); $resql2 = $db->query($sql2); if ($resql2) { $num = $db->num_rows($resql2); diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index a63a1bf7e49..3f98f556cb7 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -361,7 +361,7 @@ $sql .= " co.label as country, co.code as country_code"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 65ffcb7e99a..1ce51af2d90 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -957,13 +957,13 @@ class Contrat extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."contrat (datec, fk_soc, fk_user_author, date_contrat,"; $sql .= " fk_commercial_signature, fk_commercial_suivi, fk_projet,"; $sql .= " ref, entity, note_private, note_public, ref_customer, ref_supplier, ref_ext)"; - $sql .= " VALUES ('".$this->db->idate($now)."',".$this->socid.",".$user->id; + $sql .= " VALUES ('".$this->db->idate($now)."', ".((int) $this->socid).", ".((int) $user->id); $sql .= ", ".(dol_strlen($this->date_contrat) != 0 ? "'".$this->db->idate($this->date_contrat)."'" : "NULL"); - $sql .= ",".($this->commercial_signature_id > 0 ? $this->commercial_signature_id : "NULL"); - $sql .= ",".($this->commercial_suivi_id > 0 ? $this->commercial_suivi_id : "NULL"); - $sql .= ",".($this->fk_project > 0 ? $this->fk_project : "NULL"); + $sql .= ",".($this->commercial_signature_id > 0 ? ((int) $this->commercial_signature_id) : "NULL"); + $sql .= ",".($this->commercial_suivi_id > 0 ? ((int) $this->commercial_suivi_id) : "NULL"); + $sql .= ",".($this->fk_project > 0 ? ((int) $this->fk_project) : "NULL"); $sql .= ", ".(dol_strlen($this->ref) <= 0 ? "null" : "'".$this->db->escape($this->ref)."'"); - $sql .= ", ".$conf->entity; + $sql .= ", ".((int) $conf->entity); $sql .= ", ".(!empty($this->note_private) ? ("'".$this->db->escape($this->note_private)."'") : "NULL"); $sql .= ", ".(!empty($this->note_public) ? ("'".$this->db->escape($this->note_public)."'") : "NULL"); $sql .= ", ".(!empty($this->ref_customer) ? ("'".$this->db->escape($this->ref_customer)."'") : "NULL"); diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index 9062bb9fd9c..596e86df53e 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -244,7 +244,7 @@ $sql .= ' SUM('.$db->ifsql("cd.statut=5", 1, 0).') as nb_closed'; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/contrat/services_list.php b/htdocs/contrat/services_list.php index d98aca0927d..0c06a194fd4 100644 --- a/htdocs/contrat/services_list.php +++ b/htdocs/contrat/services_list.php @@ -235,7 +235,7 @@ $sql .= " cd.tms as date_update"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/core/class/cproductnature.class.php b/htdocs/core/class/cproductnature.class.php index 6c3a1f7bb9d..cd2114d4929 100644 --- a/htdocs/core/class/cproductnature.class.php +++ b/htdocs/core/class/cproductnature.class.php @@ -226,7 +226,7 @@ class CProductNature // extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/ctyperesource.class.php b/htdocs/core/class/ctyperesource.class.php index b0a604e9e28..c286418caab 100644 --- a/htdocs/core/class/ctyperesource.class.php +++ b/htdocs/core/class/ctyperesource.class.php @@ -253,7 +253,7 @@ class Ctyperesource $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/cunits.class.php b/htdocs/core/class/cunits.class.php index 364565af3aa..536a596d2f1 100644 --- a/htdocs/core/class/cunits.class.php +++ b/htdocs/core/class/cunits.class.php @@ -269,7 +269,7 @@ class CUnits // extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/defaultvalues.class.php b/htdocs/core/class/defaultvalues.class.php index 5b49254b275..165ba87c45d 100644 --- a/htdocs/core/class/defaultvalues.class.php +++ b/htdocs/core/class/defaultvalues.class.php @@ -286,7 +286,7 @@ class DefaultValues extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/notify.class.php b/htdocs/core/class/notify.class.php index 2f160457ba1..019618366d1 100644 --- a/htdocs/core/class/notify.class.php +++ b/htdocs/core/class/notify.class.php @@ -622,10 +622,10 @@ class Notify if ($mailfile->sendfile()) { if ($obj->type_target == 'touserid') { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify (daten, fk_action, fk_soc, fk_user, type, objet_type, type_target, objet_id, email)"; - $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".$notifcodedefid.", ".($object->socid ? $object->socid : 'null').", ".$obj->cid.", '".$obj->type."', '".$object_type."', '".$obj->type_target."', ".$object->id.", '".$this->db->escape($obj->email)."')"; + $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".((int) $notifcodedefid).", ".($object->socid > 0 ? ((int) $object->socid) : 'null').", ".((int) $obj->cid).", '".$this->db->escape($obj->type)."', '".$this->db->escape($object_type)."', '".$this->db->escape($obj->type_target)."', ".((int) $object->id).", '".$this->db->escape($obj->email)."')"; } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify (daten, fk_action, fk_soc, fk_contact, type, objet_type, type_target, objet_id, email)"; - $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".$notifcodedefid.", ".($object->socid ? $object->socid : 'null').", ".$obj->cid.", '".$obj->type."', '".$object_type."', '".$obj->type_target."', ".$object->id.", '".$this->db->escape($obj->email)."')"; + $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".((int) $notifcodedefid).", ".($object->socid > 0 ? ((int) $object->socid) : 'null').", ".((int) $obj->cid).", '".$this->db->escape($obj->type)."', '".$this->db->escape($object_type)."', '".$this->db->escape($obj->type_target)."', ".((int) $object->id).", '".$this->db->escape($obj->email)."')"; } if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -857,7 +857,7 @@ class Notify if ($mailfile->sendfile()) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify (daten, fk_action, fk_soc, fk_contact, type, type_target, objet_type, objet_id, email)"; - $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".$notifcodedefid.", ".($object->socid ? $object->socid : 'null').", null, 'email', 'tofixedemail', '".$object_type."', ".$object->id.", '".$this->db->escape($conf->global->$param)."')"; + $sql .= " VALUES ('".$this->db->idate(dol_now())."', ".((int) $notifcodedefid).", ".($object->socid > 0 ? ((int) $object->socid) : 'null').", null, 'email', 'tofixedemail', '".$this->db->escape($object_type)."', ".((int) $object->id).", '".$this->db->escape($conf->global->$param)."')"; if (!$this->db->query($sql)) { dol_print_error($this->db); } diff --git a/htdocs/core/db/DoliDB.class.php b/htdocs/core/db/DoliDB.class.php index 8c62390f447..29ced10dc35 100644 --- a/htdocs/core/db/DoliDB.class.php +++ b/htdocs/core/db/DoliDB.class.php @@ -203,9 +203,9 @@ abstract class DoliDB implements Database $limit = $conf->liste_limit; } if ($offset > 0) { - return " LIMIT $offset,$limit "; + return " LIMIT ".((int) $offset).",".((int) $limit)." "; } else { - return " LIMIT $limit "; + return " LIMIT ".((int) $limit)." "; } } diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 6361860e392..3df3e7ee182 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -1806,7 +1806,7 @@ function addDocumentModel($name, $type, $label = '', $description = '') $db->begin(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)"; - $sql .= " VALUES ('".$db->escape($name)."','".$db->escape($type)."',".$conf->entity.", "; + $sql .= " VALUES ('".$db->escape($name)."','".$db->escape($type)."',".((int) $conf->entity).", "; $sql .= ($label ? "'".$db->escape($label)."'" : 'null').", "; $sql .= (!empty($description) ? "'".$db->escape($description)."'" : "null"); $sql .= ")"; diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php index ae7acf44861..f89156b24e1 100644 --- a/htdocs/core/lib/functions2.lib.php +++ b/htdocs/core/lib/functions2.lib.php @@ -1815,7 +1815,7 @@ function dol_set_user_param($db, $conf, &$user, $tab) // Set new parameters if ($value) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_param(fk_user,entity,param,value)"; - $sql .= " VALUES (".((int) $user->id).",".$conf->entity.","; + $sql .= " VALUES (".((int) $user->id).",".((int) $conf->entity).","; $sql .= " '".$db->escape($key)."','".$db->escape($value)."')"; dol_syslog("functions2.lib::dol_set_user_param", LOG_DEBUG); diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index 2e21e2c7ef1..e9688daf28e 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -1222,8 +1222,8 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it continue; // Not enabled by default onto this page. } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."boxes (box_id,position,box_order,fk_user,entity)"; - $sql .= " VALUES (".$lastid.", ".$key2.", '0', 0, ".$conf->entity.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."boxes (box_id, position, box_order, fk_user, entity)"; + $sql .= " VALUES (".((int) $lastid).", ".((int) $key2).", '0', 0, ".((int) $conf->entity).")"; dol_syslog(get_class($this)."::insert_boxes onto page ".$key2."=".$val2."", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2065,7 +2065,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it if ($row[0] == 0) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."const (name,type,value,note,visible,entity)"; - $sql .= " VALUES (".$this->db->encrypt($name, 1).",'chaine',".$this->db->encrypt($dir, 1).",'Directory for module ".$this->name."','0',".$conf->entity.")"; + $sql .= " VALUES ('".$this->db->escape($this->db->encrypt($name))."', 'chaine', '".$this->db->escape($this->db->encrypt($dir))."', 'Directory for module ".$this->name."', '0', ".((int) $conf->entity).")"; dol_syslog(get_class($this)."::insert_dirs", LOG_DEBUG); $this->db->query($sql); @@ -2156,12 +2156,12 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it $sql .= ", entity"; $sql .= ")"; $sql .= " VALUES ("; - $sql .= $this->db->encrypt($this->const_name."_".strtoupper($key), 1); + $sql .= "'".$this->db->escape($this->db->encrypt($this->const_name."_".strtoupper($key)))."'"; $sql .= ", 'chaine'"; - $sql .= ", ".$this->db->encrypt($newvalue, 1); + $sql .= ", '".$this->db->escape($this->db->encrypt($newvalue))."'"; $sql .= ", null"; $sql .= ", '0'"; - $sql .= ", ".$entity; + $sql .= ", ".((int) $entity); $sql .= ")"; dol_syslog(get_class($this)."::insert_module_parts for key=".$this->const_name."_".strtoupper($key), LOG_DEBUG); diff --git a/htdocs/core/modules/modAdherent.class.php b/htdocs/core/modules/modAdherent.class.php index d620c6244b7..ff0c67408c5 100644 --- a/htdocs/core/modules/modAdherent.class.php +++ b/htdocs/core/modules/modAdherent.class.php @@ -431,8 +431,8 @@ class modAdherent extends DolibarrModules }*/ $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type='member' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','member',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type='member' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','member',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modBom.class.php b/htdocs/core/modules/modBom.class.php index 18f46fda70f..71b40d5f19c 100644 --- a/htdocs/core/modules/modBom.class.php +++ b/htdocs/core/modules/modBom.class.php @@ -503,8 +503,8 @@ class modBom extends DolibarrModules } $sql = array( - //"DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape('standard')."' AND type = 'bom' AND entity = ".$conf->entity, - //"INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape('standard')."', 'bom', ".$conf->entity.")" + //"DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape('standard')."' AND type = 'bom' AND entity = ".((int) $conf->entity), + //"INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape('standard')."', 'bom', ".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modCommande.class.php b/htdocs/core/modules/modCommande.class.php index 4275d806d40..d9d30e8b7a1 100644 --- a/htdocs/core/modules/modCommande.class.php +++ b/htdocs/core/modules/modCommande.class.php @@ -466,8 +466,8 @@ class modCommande extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'order' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','order',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'order' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."', 'order', ".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modContrat.class.php b/htdocs/core/modules/modContrat.class.php index f91e54039f4..2fc0c7f1e0d 100644 --- a/htdocs/core/modules/modContrat.class.php +++ b/htdocs/core/modules/modContrat.class.php @@ -33,7 +33,6 @@ include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; */ class modContrat extends DolibarrModules { - /** * Constructor. Define names, constants, directories, boxes, permissions * @@ -246,8 +245,8 @@ class modContrat extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'contract' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','contract',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'contract' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."', 'contract', ".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modDon.class.php b/htdocs/core/modules/modDon.class.php index 7d8a8fc9455..da7ee6c5e82 100644 --- a/htdocs/core/modules/modDon.class.php +++ b/htdocs/core/modules/modDon.class.php @@ -156,8 +156,8 @@ class modDon extends DolibarrModules global $conf; $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'donation' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','donation',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'donation' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','donation',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modEmailCollector.class.php b/htdocs/core/modules/modEmailCollector.class.php index 53223ecd705..566d050aacd 100644 --- a/htdocs/core/modules/modEmailCollector.class.php +++ b/htdocs/core/modules/modEmailCollector.class.php @@ -264,16 +264,6 @@ class modEmailCollector extends DolibarrModules public function init($options = '') { global $conf, $user; - //$this->_load_tables('/dav/sql/'); - - // Create extrafields - //include_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; - //$extrafields = new ExtraFields($this->db); - //$result1=$extrafields->addExtraField('myattr1', "New Attr 1 label", 'boolean', 1, 3, 'thirdparty', 0, 0, '', '', 1, '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); - //$result2=$extrafields->addExtraField('myattr2', "New Attr 2 label", 'varchar', 1, 10, 'project', 0, 0, '', '', 1, '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); - //$result3=$extrafields->addExtraField('myattr3', "New Attr 3 label", 'varchar', 1, 10, 'bank_account', 0, 0, '', '', 1, '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); - //$result4=$extrafields->addExtraField('myattr4', "New Attr 4 label", 'select', 1, 3, 'thirdparty', 0, 1, '', array('options'=>array('code1'=>'Val1','code2'=>'Val2','code3'=>'Val3')), 1 '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); - //$result5=$extrafields->addExtraField('myattr5', "New Attr 5 label", 'text', 1, 10, 'user', 0, 0, '', '', 1, '', 0, 0, '', '', 'dav@dav', '$conf->dav->enabled'); $sql = array(); @@ -285,17 +275,17 @@ class modEmailCollector extends DolibarrModules $descriptionA1 .= ' If the collector Collect_Responses is also enabled, when you send an email from the ticket, you may also see answers of your customers or partners directly on the ticket view.'; $sqlforexampleA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleA1 .= " VALUES (".$conf->entity.", 'Collect_Ticket_Requets', 'Example to collect ticket requests', '".$this->db->escape($descriptionA1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleA1 .= " VALUES (".$conf->entity.", 'Collect_Ticket_Requets', 'Example to collect ticket requests', '".$this->db->escape($descriptionA1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleFilterA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterA2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterA3 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, rulevalue, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'to', 'support@example.com', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'to', 'support@example.com', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleA4 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleA4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'ticket', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleA4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Ticket_Requets' and entity = ".$conf->entity."), 'ticket', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleA1; $sql[] = $sqlforexampleFilterA1; @@ -314,14 +304,14 @@ class modEmailCollector extends DolibarrModules $descriptionA1 = 'This collector will scan your mailbox "Sent" directory to find emails that was sent as an answer of another email directly from your email software and not from Dolibarr. If such an email is found, the event of answer is recorded into Dolibarr.'; $sqlforexampleA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleA1 .= " VALUES (".$conf->entity.", 'Collect_Responses_Out', 'Example to collect answers to emails done from your external email software', '".$this->db->escape($descriptionA1)."', 'Sent', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleA1 .= " VALUES (".$conf->entity.", 'Collect_Responses_Out', 'Example to collect answers to emails done from your external email software', '".$this->db->escape($descriptionA1)."', 'Sent', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleFilterA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".$conf->entity."), 'isanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".((int) $conf->entity)."), 'isanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterA2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterA2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".$conf->entity."), 'withouttrackingidinmsgid', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterA2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".((int) $conf->entity)."), 'withouttrackingidinmsgid', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleActionA1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleActionA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".$conf->entity."), 'recordevent', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleActionA1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_Out' and entity = ".((int) $conf->entity)."), 'recordevent', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleA1; $sql[] = $sqlforexampleFilterA1; @@ -330,18 +320,18 @@ class modEmailCollector extends DolibarrModules } } - $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".$conf->entity; + $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".((int) $conf->entity); $tmpresql = $this->db->query($tmpsql); if ($tmpresql) { if ($this->db->num_rows($tmpresql) == 0) { $descriptionB1 = 'This collector will scan your mailbox to find all emails that are an answer of an email sent from your application. An event (Module Agenda must be enabled) with the email response will be recorded at the good place. For example, if your send a commercial proposal, order, invoice or message for a ticket by email from the application, and your customer answers your email, the system will automatically catch the answer and add it into your ERP.'; $sqlforexampleB1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleB1 .= " VALUES (".$conf->entity.", 'Collect_Responses_In', 'Example to collect any received email that is a response of an email sent from Dolibarr', '".$this->db->escape($descriptionB1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleB1 .= " VALUES (".$conf->entity.", 'Collect_Responses_In', 'Example to collect any received email that is a response of an email sent from Dolibarr', '".$this->db->escape($descriptionB1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleB2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleB2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".$conf->entity."), 'isanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleB2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".((int) $conf->entity)."), 'isanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleB3 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleB3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".$conf->entity."), 'recordevent', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleB3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Responses_In' and entity = ".((int) $conf->entity)."), 'recordevent', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleB1; $sql[] = $sqlforexampleB2; @@ -351,7 +341,7 @@ class modEmailCollector extends DolibarrModules dol_print_error($this->db); } - $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity; + $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity); $tmpresql = $this->db->query($tmpsql); if ($tmpresql) { if ($this->db->num_rows($tmpresql) == 0) { @@ -360,17 +350,17 @@ class modEmailCollector extends DolibarrModules $descriptionC1 .= "Note: With this initial example, the title of the lead is generated including the email. If the thirdparty can't be found in database (new customer), the lead will be attached to the thirdparty with ID 1."; $sqlforexampleC1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleC1 .= " VALUES (".$conf->entity.", 'Collect_Leads', 'Example to collect leads', '".$this->db->escape($descriptionC1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleC1 .= " VALUES (".$conf->entity.", 'Collect_Leads', 'Example to collect leads', '".$this->db->escape($descriptionC1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleFilterC1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity)."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterC2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity)."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterC3 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, rulevalue, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity."), 'to', 'sales@example.com', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity)."), 'to', 'sales@example.com', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleC4 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, actionparam, date_creation, fk_user_creat, status)"; - $sqlforexampleC4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".$conf->entity."), 'project', 'tmp_from=EXTRACT:HEADER:^From:(.*);socid=SETIFEMPTY:1;usage_opportunity=SET:1;description=EXTRACT:BODY:(.*);title=SET:Lead or message from __tmp_from__ received by email', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleC4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Leads' and entity = ".((int) $conf->entity)."), 'project', 'tmp_from=EXTRACT:HEADER:^From:(.*);socid=SETIFEMPTY:1;usage_opportunity=SET:1;description=EXTRACT:BODY:(.*);title=SET:Lead or message from __tmp_from__ received by email', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleC1; $sql[] = $sqlforexampleFilterC1; @@ -382,7 +372,7 @@ class modEmailCollector extends DolibarrModules dol_print_error($this->db); } - $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity; + $tmpsql = "SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity); $tmpresql = $this->db->query($tmpsql); if ($tmpresql) { if ($this->db->num_rows($tmpresql) == 0) { @@ -390,17 +380,17 @@ class modEmailCollector extends DolibarrModules $descriptionC1 .= "Note: With this initial example, the title of the candidature is generated including the email."; $sqlforexampleC1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollector (entity, ref, label, description, source_directory, date_creation, fk_user_creat, status)"; - $sqlforexampleC1 .= " VALUES (".$conf->entity.", 'Collect_Candidatures', 'Example to collect email for job candidatures', '".$this->db->escape($descriptionC1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".$user->id.", 0)"; + $sqlforexampleC1 .= " VALUES (".$conf->entity.", 'Collect_Candidatures', 'Example to collect email for job candidatures', '".$this->db->escape($descriptionC1)."', 'INBOX', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 0)"; $sqlforexampleFilterC1 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC1 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity)."), 'isnotanswer', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterC2 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC2 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity)."), 'withouttrackingid', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleFilterC3 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectorfilter (fk_emailcollector, type, rulevalue, date_creation, fk_user_creat, status)"; - $sqlforexampleFilterC3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity."), 'to', 'jobs@example.com', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleFilterC3 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity)."), 'to', 'jobs@example.com', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sqlforexampleC4 = "INSERT INTO ".MAIN_DB_PREFIX."emailcollector_emailcollectoraction (fk_emailcollector, type, actionparam, date_creation, fk_user_creat, status)"; - $sqlforexampleC4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".$conf->entity."), 'candidature', 'tmp_from=EXTRACT:HEADER:^From:(.*)(<.*>)?;fk_recruitmentjobposition=EXTRACT:HEADER:^To:[^\n]*\+([^\n]*);description=EXTRACT:BODY:(.*);lastname=SET:__tmp_from__', '".$this->db->idate(dol_now())."', ".$user->id.", 1)"; + $sqlforexampleC4 .= " VALUES ((SELECT rowid FROM ".MAIN_DB_PREFIX."emailcollector_emailcollector WHERE ref = 'Collect_Candidatures' and entity = ".((int) $conf->entity)."), 'candidature', 'tmp_from=EXTRACT:HEADER:^From:(.*)(<.*>)?;fk_recruitmentjobposition=EXTRACT:HEADER:^To:[^\n]*\+([^\n]*);description=EXTRACT:BODY:(.*);lastname=SET:__tmp_from__', '".$this->db->idate(dol_now())."', ".((int) $user->id).", 1)"; $sql[] = $sqlforexampleC1; $sql[] = $sqlforexampleFilterC1; diff --git a/htdocs/core/modules/modEventOrganization.class.php b/htdocs/core/modules/modEventOrganization.class.php index 4ba73d4fe2c..8a3fb3d80cf 100644 --- a/htdocs/core/modules/modEventOrganization.class.php +++ b/htdocs/core/modules/modEventOrganization.class.php @@ -387,10 +387,10 @@ class modEventOrganization extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".$this->db->escape(strtolower($myTmpObjectKey))."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/modExpedition.class.php b/htdocs/core/modules/modExpedition.class.php index 238eef2d6fe..c10e13a46d8 100644 --- a/htdocs/core/modules/modExpedition.class.php +++ b/htdocs/core/modules/modExpedition.class.php @@ -359,10 +359,10 @@ class modExpedition extends DolibarrModules $sql = array(); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'shipping' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','shipping',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'delivery' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','delivery',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'shipping' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','shipping',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'delivery' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','delivery',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modExpenseReport.class.php b/htdocs/core/modules/modExpenseReport.class.php index 63bc99f41ee..53708ece3dd 100644 --- a/htdocs/core/modules/modExpenseReport.class.php +++ b/htdocs/core/modules/modExpenseReport.class.php @@ -249,8 +249,8 @@ class modExpenseReport extends DolibarrModules $this->remove($options); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard' AND type='expensereport' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard','expensereport',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard' AND type='expensereport' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard','expensereport',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modFacture.class.php b/htdocs/core/modules/modFacture.class.php index bb044900acd..2fadb5d86ae 100644 --- a/htdocs/core/modules/modFacture.class.php +++ b/htdocs/core/modules/modFacture.class.php @@ -458,8 +458,8 @@ class modFacture extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'invoice' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','invoice',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'invoice' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','invoice',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modFicheinter.class.php b/htdocs/core/modules/modFicheinter.class.php index af99e6f646f..784eeb006c3 100644 --- a/htdocs/core/modules/modFicheinter.class.php +++ b/htdocs/core/modules/modFicheinter.class.php @@ -231,8 +231,8 @@ class modFicheinter extends DolibarrModules $this->remove($options); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'ficheinter' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','ficheinter',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'ficheinter' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','ficheinter',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modFournisseur.class.php b/htdocs/core/modules/modFournisseur.class.php index 5d71a5abdc8..baa983fc7cf 100644 --- a/htdocs/core/modules/modFournisseur.class.php +++ b/htdocs/core/modules/modFournisseur.class.php @@ -857,8 +857,8 @@ class modFournisseur extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'order_supplier' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','order_supplier',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'order_supplier' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."', 'order_supplier', ".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modHoliday.class.php b/htdocs/core/modules/modHoliday.class.php index be0b39ecc7e..63c76e24548 100644 --- a/htdocs/core/modules/modHoliday.class.php +++ b/htdocs/core/modules/modHoliday.class.php @@ -336,8 +336,8 @@ class modHoliday extends DolibarrModules */ $sql = array( - // "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'holiday' AND entity = ".$conf->entity, - // "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','holiday',".$conf->entity.")" + // "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'holiday' AND entity = ".((int) $conf->entity), + // "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','holiday',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modKnowledgeManagement.class.php b/htdocs/core/modules/modKnowledgeManagement.class.php index 6d9bef40232..5957158e893 100644 --- a/htdocs/core/modules/modKnowledgeManagement.class.php +++ b/htdocs/core/modules/modKnowledgeManagement.class.php @@ -474,10 +474,10 @@ class modKnowledgeManagement extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/modMrp.class.php b/htdocs/core/modules/modMrp.class.php index eb3baae78cd..1cfbd76caf7 100644 --- a/htdocs/core/modules/modMrp.class.php +++ b/htdocs/core/modules/modMrp.class.php @@ -352,8 +352,8 @@ class modMrp extends DolibarrModules } $sql = array( - //"DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape('standard')."' AND type = 'mo' AND entity = ".$conf->entity, - //"INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape('standard')."', 'mo', ".$conf->entity.")" + //"DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape('standard')."' AND type = 'mo' AND entity = ".((int) $conf->entity), + //"INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape('standard')."', 'mo', ".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modPartnership.class.php b/htdocs/core/modules/modPartnership.class.php index d7041eca754..a036613fcec 100644 --- a/htdocs/core/modules/modPartnership.class.php +++ b/htdocs/core/modules/modPartnership.class.php @@ -453,10 +453,10 @@ class modPartnership extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/modPrelevement.class.php b/htdocs/core/modules/modPrelevement.class.php index 8d68b372e91..a42d3c8b5a0 100644 --- a/htdocs/core/modules/modPrelevement.class.php +++ b/htdocs/core/modules/modPrelevement.class.php @@ -145,8 +145,8 @@ class modPrelevement extends DolibarrModules $this->remove($options); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'bankaccount' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','bankaccount',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'bankaccount' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','bankaccount',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modProjet.class.php b/htdocs/core/modules/modProjet.class.php index 25448f239e6..66138c584b5 100644 --- a/htdocs/core/modules/modProjet.class.php +++ b/htdocs/core/modules/modProjet.class.php @@ -366,12 +366,12 @@ class modProjet extends DolibarrModules } $sql = array(); - $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'task' AND entity = ".$conf->entity; - $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','task',".$conf->entity.")"; - $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'beluga' AND type = 'project' AND entity = ".$conf->entity; - $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('beluga','project',".$conf->entity.")"; - $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'baleine' AND type = 'project' AND entity = ".$conf->entity; - $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('baleine','project',".$conf->entity.")"; + $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'task' AND entity = ".((int) $conf->entity); + $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','task',".((int) $conf->entity).")"; + $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'beluga' AND type = 'project' AND entity = ".((int) $conf->entity); + $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('beluga','project',".((int) $conf->entity).")"; + $sql[] = "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'baleine' AND type = 'project' AND entity = ".((int) $conf->entity); + $sql[] = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('baleine','project',".((int) $conf->entity).")"; return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modPropale.class.php b/htdocs/core/modules/modPropale.class.php index 83e2b5a0402..33a28c9ec11 100644 --- a/htdocs/core/modules/modPropale.class.php +++ b/htdocs/core/modules/modPropale.class.php @@ -470,8 +470,8 @@ class modPropale extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'propal' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','propal',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'propal' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','propal',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modReception.class.php b/htdocs/core/modules/modReception.class.php index 02f17cf0fbe..4696f15019a 100644 --- a/htdocs/core/modules/modReception.class.php +++ b/htdocs/core/modules/modReception.class.php @@ -282,8 +282,8 @@ class modReception extends DolibarrModules $sql = array(); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'reception' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','reception',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'reception' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','reception',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modRecruitment.class.php b/htdocs/core/modules/modRecruitment.class.php index 3d4e88872ef..02e7cdfbf4c 100644 --- a/htdocs/core/modules/modRecruitment.class.php +++ b/htdocs/core/modules/modRecruitment.class.php @@ -448,10 +448,10 @@ class modRecruitment extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".$this->db->escape(strtolower($myTmpObjectKey))."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/modStock.class.php b/htdocs/core/modules/modStock.class.php index 3494cb684dc..d0cfa64c884 100644 --- a/htdocs/core/modules/modStock.class.php +++ b/htdocs/core/modules/modStock.class.php @@ -35,7 +35,6 @@ include_once DOL_DOCUMENT_ROOT.'/core/modules/DolibarrModules.class.php'; */ class modStock extends DolibarrModules { - /** * Constructor. Define names, constants, directories, boxes, permissions * @@ -454,10 +453,10 @@ class modStock extends DolibarrModules $sql = array(); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'stock' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','stock',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[2][2])."' AND type = 'mouvement' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[2][2])."','mouvement',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'stock' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','stock',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[2][2])."' AND type = 'mouvement' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[2][2])."','mouvement',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modSupplierProposal.class.php b/htdocs/core/modules/modSupplierProposal.class.php index 4a0fc21fa44..36df0dd27bd 100644 --- a/htdocs/core/modules/modSupplierProposal.class.php +++ b/htdocs/core/modules/modSupplierProposal.class.php @@ -179,8 +179,8 @@ class modSupplierProposal extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'supplier_proposal' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','supplier_proposal',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'supplier_proposal' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','supplier_proposal',".((int) $conf->entity).")", ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modTicket.class.php b/htdocs/core/modules/modTicket.class.php index 78bcb9901af..01561b40b01 100644 --- a/htdocs/core/modules/modTicket.class.php +++ b/htdocs/core/modules/modTicket.class.php @@ -344,8 +344,8 @@ class modTicket extends DolibarrModules array("sql" => "insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (110121, 'ticket', 'internal', 'CONTRIBUTOR', 'Intervenant', 1);", "ignoreerror" => 1), array("sql" => "insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (110122, 'ticket', 'external', 'SUPPORTCLI', 'Contact client suivi incident', 1);", "ignoreerror" => 1), array("sql" => "insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (110123, 'ticket', 'external', 'CONTRIBUTOR', 'Intervenant', 1);", "ignoreerror" => 1), - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'TICKET_ADDON_PDF_ODT_PATH' AND type = 'ticket' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('TICKET_ADDON_PDF_ODT_PATH','ticket',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'TICKET_ADDON_PDF_ODT_PATH' AND type = 'ticket' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('TICKET_ADDON_PDF_ODT_PATH','ticket',".((int) $conf->entity).")" ); return $this->_init($sql, $options); diff --git a/htdocs/core/modules/modWorkstation.class.php b/htdocs/core/modules/modWorkstation.class.php index 8e2d676bf27..3069be8ced5 100755 --- a/htdocs/core/modules/modWorkstation.class.php +++ b/htdocs/core/modules/modWorkstation.class.php @@ -435,10 +435,10 @@ class modWorkstation extends DolibarrModules } $sql = array_merge($sql, array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".$this->db->escape(strtolower($myTmpObjectKey))."',".((int) $conf->entity).")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity), + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")" )); } } diff --git a/htdocs/core/modules/movement/doc/pdf_standard.modules.php b/htdocs/core/modules/movement/doc/pdf_standard.modules.php index e029c4d5d66..528f45ee962 100644 --- a/htdocs/core/modules/movement/doc/pdf_standard.modules.php +++ b/htdocs/core/modules/movement/doc/pdf_standard.modules.php @@ -278,7 +278,7 @@ class pdf_stdandard extends ModelePDFMovement // Add fields from extrafields if (!empty($extrafields->attributes[$element]['label'])) { foreach ($extrafields->attributes[$element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php index 035a7aee9c6..049ba50bfbe 100644 --- a/htdocs/ecm/class/ecmfiles.class.php +++ b/htdocs/ecm/class/ecmfiles.class.php @@ -548,7 +548,7 @@ class EcmFiles extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $this->lines = array(); diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php index bb84bbe37bd..09997716c01 100644 --- a/htdocs/eventorganization/class/conferenceorbooth.class.php +++ b/htdocs/eventorganization/class/conferenceorbooth.class.php @@ -313,7 +313,7 @@ class ConferenceOrBooth extends ActionComm $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/eventorganization/class/conferenceorboothattendee.class.php b/htdocs/eventorganization/class/conferenceorboothattendee.class.php index cdc350480c5..825451e9868 100644 --- a/htdocs/eventorganization/class/conferenceorboothattendee.class.php +++ b/htdocs/eventorganization/class/conferenceorboothattendee.class.php @@ -434,7 +434,7 @@ class ConferenceOrBoothAttendee extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/eventorganization/conferenceorbooth_list.php b/htdocs/eventorganization/conferenceorbooth_list.php index 9430d2c52ad..d3bbd835367 100644 --- a/htdocs/eventorganization/conferenceorbooth_list.php +++ b/htdocs/eventorganization/conferenceorbooth_list.php @@ -449,7 +449,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks diff --git a/htdocs/eventorganization/conferenceorboothattendee_list.php b/htdocs/eventorganization/conferenceorboothattendee_list.php index 72d66b7fb87..9184d9ae771 100644 --- a/htdocs/eventorganization/conferenceorboothattendee_list.php +++ b/htdocs/eventorganization/conferenceorboothattendee_list.php @@ -225,7 +225,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index d28435092b2..2c0239d44e2 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -245,7 +245,7 @@ if ($search_categ_cus) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index a83ef94e520..c2b63f9393e 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -497,7 +497,7 @@ class ExpenseReport extends CommonObject $sql .= " , detail_refuse = ".(!empty($this->detail_refuse) ? "'".$this->db->escape($this->detail_refuse)."'" : "''"); $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { if (!$notrigger) { @@ -552,7 +552,7 @@ class ExpenseReport extends CommonObject } //$sql.= $restrict; - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -665,7 +665,7 @@ class ExpenseReport extends CommonObject $sql .= " SET fk_statut = ".self::STATUS_CLOSED.", paid=1"; $sql .= " WHERE rowid = ".((int) $id)." AND fk_statut = ".self::STATUS_APPROVED; - dol_syslog(get_class($this)."::set_paid sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::set_paid", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->affected_rows($resql)) { @@ -882,7 +882,7 @@ class ExpenseReport extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as de"; $sql .= " WHERE de.fk_projet = ".((int) $projectid); - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $num = $this->db->num_rows($result); @@ -1353,7 +1353,7 @@ class ExpenseReport extends CommonObject $sql .= " SET fk_statut = ".self::STATUS_VALIDATED; $sql .= ' WHERE rowid = '.$this->id; - dol_syslog(get_class($this)."::set_save_from_refuse sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::set_save_from_refuse", LOG_DEBUG); if ($this->db->query($sql)) { return 1; @@ -1509,7 +1509,7 @@ class ExpenseReport extends CommonObject $sql .= " SET paid = 0, fk_statut = ".self::STATUS_APPROVED; $sql .= ' WHERE rowid = '.$this->id; - dol_syslog(get_class($this)."::set_unpaid sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::set_unpaid", LOG_DEBUG); if ($this->db->query($sql)) { if (!$notrigger) { @@ -1563,7 +1563,7 @@ class ExpenseReport extends CommonObject $sql .= " ,detail_cancel='".$this->db->escape($detail)."'"; $sql .= ' WHERE rowid = '.$this->id; - dol_syslog(get_class($this)."::set_cancel sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::set_cancel", LOG_DEBUG); if ($this->db->query($sql)) { if (!$notrigger) { diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php index 610713d6f48..760c25e4db8 100644 --- a/htdocs/expensereport/list.php +++ b/htdocs/expensereport/list.php @@ -277,7 +277,7 @@ $sql .= " u.rowid as id_user, u.firstname, u.lastname, u.login, u.email, u.statu // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index 508eb984307..6f4dccd878d 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -231,7 +231,7 @@ if (!empty($conf->contrat->enabled)) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index d248ed44321..4b74b596be5 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -2537,10 +2537,10 @@ class CommandeFournisseur extends CommonOrder $sql = "INSERT INTO ".MAIN_DB_PREFIX."commande_fournisseurdet"; $sql .= " (fk_commande, label, description, fk_product, price, qty, tva_tx, localtax1_tx, localtax2_tx, remise_percent, subprice, remise, ref)"; - $sql .= " VALUES (".$idc.", '".$this->db->escape($label)."', ".$this->db->escape($comclient->lines[$i]->desc); - $sql .= ",".$comclient->lines[$i]->fk_product.", ".price2num($comclient->lines[$i]->price); - $sql .= ", ".$comclient->lines[$i]->qty.", ".$comclient->lines[$i]->tva_tx.", ".$comclient->lines[$i]->localtax1_tx.", ".$comclient->lines[$i]->localtax2_tx.", ".$comclient->lines[$i]->remise_percent; - $sql .= ", '".price2num($comclient->lines[$i]->subprice)."','0', '".$this->db->escape($ref)."');"; + $sql .= " VALUES (".((int) $idc).", '".$this->db->escape($label)."', '".$this->db->escape($comclient->lines[$i]->desc)."'"; + $sql .= ",".$comclient->lines[$i]->fk_product.", ".price2num($comclient->lines[$i]->price, 'MU'); + $sql .= ", ".price2num($comclient->lines[$i]->qty, 'MS').", ".price2num($comclient->lines[$i]->tva_tx, 5).", ".price2num($comclient->lines[$i]->localtax1_tx, 5).", ".price2num($comclient->lines[$i]->localtax2_tx, 5).", ".price2num($comclient->lines[$i]->remise_percent, 3); + $sql .= ", '".price2num($comclient->lines[$i]->subprice, 'MT')."','0', '".$this->db->escape($ref)."');"; if ($this->db->query($sql)) { $this->update_price(); } @@ -2564,8 +2564,8 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur'; - $sql .= ' SET fk_statut='.$status; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= " SET fk_statut = ".$status; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setStatus", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php index cd1ff267fb7..39aaea1bbfe 100644 --- a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php +++ b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php @@ -684,7 +684,7 @@ class CommandeFournisseurDispatch extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $this->lines = array(); diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index a5d0382dbdc..e4d10cbb23d 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -653,7 +653,7 @@ $sql .= " u.firstname, u.lastname, u.photo, u.login, u.email as user_email, u.st // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 8f2aaadb8ea..d6f07426a04 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -430,7 +430,7 @@ if (!$search_all) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index 334f68da404..6aecff5eac0 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -296,7 +296,7 @@ $sql .= " ua.photo as validator_photo"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/hrm/class/establishment.class.php b/htdocs/hrm/class/establishment.class.php index cbbe1670a09..d26a10a923a 100644 --- a/htdocs/hrm/class/establishment.class.php +++ b/htdocs/hrm/class/establishment.class.php @@ -269,7 +269,7 @@ class Establishment extends CommonObject $sql .= ", entity = ".((int) $this->entity); $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $this->db->commit(); diff --git a/htdocs/intracommreport/list.php b/htdocs/intracommreport/list.php index 686bd16d5de..a4fed4def2d 100644 --- a/htdocs/intracommreport/list.php +++ b/htdocs/intracommreport/list.php @@ -207,7 +207,7 @@ $sql = 'SELECT DISTINCT i.rowid, i.type_declaration, i.type_export, i.periods, i /* // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { - foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) $sql.=($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) $sql.=($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } */ // Add fields from hooks diff --git a/htdocs/knowledgemanagement/class/knowledgerecord.class.php b/htdocs/knowledgemanagement/class/knowledgerecord.class.php index f85e795326e..559e6f21cf0 100644 --- a/htdocs/knowledgemanagement/class/knowledgerecord.class.php +++ b/htdocs/knowledgemanagement/class/knowledgerecord.class.php @@ -387,15 +387,15 @@ class KnowledgeRecord extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -407,7 +407,7 @@ class KnowledgeRecord extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/knowledgemanagement/knowledgerecord_list.php b/htdocs/knowledgemanagement/knowledgerecord_list.php index 828137556ce..868c64e8786 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_list.php +++ b/htdocs/knowledgemanagement/knowledgerecord_list.php @@ -220,7 +220,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ",ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ",ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -284,7 +284,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php index 243567082fa..dc72b81a96a 100644 --- a/htdocs/modulebuilder/template/class/myobject.class.php +++ b/htdocs/modulebuilder/template/class/myobject.class.php @@ -443,27 +443,27 @@ class MyObject extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')'; + $sql .= " AND (".implode(" ".$filtermode." ", $sqlwhere).")"; } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index 3656531809a..2eee13fd879 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -266,7 +266,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -330,7 +330,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required $sql .= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php index a0bc74bc4ad..bc5e8eca58a 100644 --- a/htdocs/mrp/class/mo.class.php +++ b/htdocs/mrp/class/mo.class.php @@ -437,13 +437,13 @@ class Mo extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -455,7 +455,7 @@ class Mo extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); @@ -1546,13 +1546,13 @@ class MoLine extends CommonObjectLine if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -1564,7 +1564,7 @@ class MoLine extends CommonObjectLine $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/mrp/mo_list.php b/htdocs/mrp/mo_list.php index 012b43ff61a..5b4215f91db 100644 --- a/htdocs/mrp/mo_list.php +++ b/htdocs/mrp/mo_list.php @@ -207,7 +207,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -272,7 +272,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/mrp/mo_movements.php b/htdocs/mrp/mo_movements.php index 803fb3bf5b7..bab57db22ea 100644 --- a/htdocs/mrp/mo_movements.php +++ b/htdocs/mrp/mo_movements.php @@ -423,7 +423,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea // Add fields from extrafields if (!empty($extrafields->attributes[$objectlist->table_element]['label'])) { foreach ($extrafields->attributes[$objectlist->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$objectlist->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$objectlist->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php index 6de34719f77..121b53007df 100644 --- a/htdocs/partnership/class/partnership.class.php +++ b/htdocs/partnership/class/partnership.class.php @@ -483,15 +483,15 @@ class Partnership extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -503,7 +503,7 @@ class Partnership extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/partnership/partnership_list.php b/htdocs/partnership/partnership_list.php index e36e94d39c7..e9c577213d6 100644 --- a/htdocs/partnership/partnership_list.php +++ b/htdocs/partnership/partnership_list.php @@ -260,7 +260,7 @@ if ($managedfor == 'member') { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks @@ -342,7 +342,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index ae2aca9fbc9..4dcdb0df538 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1605,7 +1605,7 @@ class Product extends CommonObject $sql .= "$field = '".$this->db->escape($value)."'"; $sql .= " WHERE rowid = ".((int) $this->id); - dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG); + dol_syslog(__METHOD__."", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 07590099571..701b10093af 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -418,7 +418,7 @@ class Productcustomerprice extends CommonObject } $sql .= $this->db->order($sortfield, $sortorder); if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } dol_syslog(get_class($this)."::fetch_all", LOG_DEBUG); @@ -531,7 +531,7 @@ class Productcustomerprice extends CommonObject } $sql .= $this->db->order($sortfield, $sortorder); if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } dol_syslog(get_class($this)."::fetch_all_log", LOG_DEBUG); diff --git a/htdocs/product/class/productfournisseurprice.class.php b/htdocs/product/class/productfournisseurprice.class.php index 41e1d2d0f6b..7597b32f21a 100644 --- a/htdocs/product/class/productfournisseurprice.class.php +++ b/htdocs/product/class/productfournisseurprice.class.php @@ -326,15 +326,15 @@ class ProductFournisseurPrice extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -346,7 +346,7 @@ class ProductFournisseurPrice extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/product/inventory/list.php b/htdocs/product/inventory/list.php index 2d6b5374caa..36910c75fb2 100644 --- a/htdocs/product/inventory/list.php +++ b/htdocs/product/inventory/list.php @@ -205,7 +205,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -271,7 +271,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/product/list.php b/htdocs/product/list.php index ff21caf96f9..4d208133759 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -394,7 +394,7 @@ if (!empty($conf->variants->enabled) && (!empty($conf->global->PRODUIT_ATTRIBUTE // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/product/stock/class/productstockentrepot.class.php b/htdocs/product/stock/class/productstockentrepot.class.php index d8138c7f149..0fdbba51041 100644 --- a/htdocs/product/stock/class/productstockentrepot.class.php +++ b/htdocs/product/stock/class/productstockentrepot.class.php @@ -291,7 +291,7 @@ class ProductStockEntrepot extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $lines = array(); diff --git a/htdocs/product/stock/list.php b/htdocs/product/stock/list.php index b8f998c0ec0..cba4c43bce1 100644 --- a/htdocs/product/stock/list.php +++ b/htdocs/product/stock/list.php @@ -200,12 +200,12 @@ $title = $langs->trans("ListOfWarehouses"); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } @@ -273,7 +273,7 @@ $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters, $objec $sql .= $hookmanager->resPrint; $sql .= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/product/stock/movement_card.php b/htdocs/product/stock/movement_card.php index b6d5ae78407..24e5ae2b689 100644 --- a/htdocs/product/stock/movement_card.php +++ b/htdocs/product/stock/movement_card.php @@ -439,7 +439,7 @@ $sql .= " u.login, u.photo, u.lastname, u.firstname"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/product/stock/movement_list.php b/htdocs/product/stock/movement_list.php index 1096d8b9e09..3a162cc640f 100644 --- a/htdocs/product/stock/movement_list.php +++ b/htdocs/product/stock/movement_list.php @@ -488,7 +488,7 @@ $sql .= " u.login, u.photo, u.lastname, u.firstname, u.email as user_email, u.st // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index 78a18ca960b..25c9921ce18 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -201,12 +201,12 @@ $title = $langs->trans('LotSerialList'); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -253,7 +253,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 53973f7672e..c05f726031c 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -795,12 +795,12 @@ class Task extends CommonObject $sql .= " p.fk_opp_status, p.opp_amount, p.opp_percent, p.budget_amount"; if (!empty($extrafields->attributes['projet']['label'])) { foreach ($extrafields->attributes['projet']['label'] as $key => $val) { - $sql .= ($extrafields->attributes['projet']['type'][$key] != 'separate' ? ",efp.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes['projet']['type'][$key] != 'separate' ? ",efp.".$key." as options_".$key : ''); } } if (!empty($extrafields->attributes['projet_task']['label'])) { foreach ($extrafields->attributes['projet_task']['label'] as $key => $val) { - $sql .= ($extrafields->attributes['projet_task']['type'][$key] != 'separate' ? ",efpt.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes['projet_task']['type'][$key] != 'separate' ? ",efpt.".$key." as options_".$key : ''); } } if ($includebilltime) { diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index 43f5bd6ff2f..f9910813720 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -353,7 +353,7 @@ $sql .= " cls.code as opp_status_code"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php index 8dc369b6a0a..36c4a22d763 100644 --- a/htdocs/projet/tasks/list.php +++ b/htdocs/projet/tasks/list.php @@ -304,7 +304,7 @@ if (!empty($arrayfields['t.tobill']['checked']) || !empty($arrayfields['t.billed // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/public/recruitment/index.php b/htdocs/public/recruitment/index.php index f3d84ec996f..f6fdd94b6f1 100644 --- a/htdocs/public/recruitment/index.php +++ b/htdocs/public/recruitment/index.php @@ -247,7 +247,7 @@ if ($display_ticket_list) { // Add fields for extrafields if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } $sql .= " FROM ".MAIN_DB_PREFIX."recruitment_recruitmentjobposition as t"; diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index 3c5dfffba17..2249dcaa930 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -332,7 +332,7 @@ if ($action == "view_ticketlist") { // Add fields for extrafields if (is_array($extrafields->attributes[$object->table_element]['label']) && count($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } $sql .= " FROM ".MAIN_DB_PREFIX."ticket as t"; diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index dd9f365c39a..3541a1b8065 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -428,7 +428,7 @@ $sql .= ' e.date_creation as date_creation, e.tms as date_update'; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/recruitment/class/recruitmentcandidature.class.php b/htdocs/recruitment/class/recruitmentcandidature.class.php index 3c5cf401a92..e0008d1a694 100644 --- a/htdocs/recruitment/class/recruitmentcandidature.class.php +++ b/htdocs/recruitment/class/recruitmentcandidature.class.php @@ -375,15 +375,15 @@ class RecruitmentCandidature extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -395,7 +395,7 @@ class RecruitmentCandidature extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/recruitment/class/recruitmentjobposition.class.php b/htdocs/recruitment/class/recruitmentjobposition.class.php index 7e44aad7b64..94ce1f8683d 100644 --- a/htdocs/recruitment/class/recruitmentjobposition.class.php +++ b/htdocs/recruitment/class/recruitmentjobposition.class.php @@ -384,15 +384,15 @@ class RecruitmentJobPosition extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -404,7 +404,7 @@ class RecruitmentJobPosition extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/recruitment/recruitmentcandidature_list.php b/htdocs/recruitment/recruitmentcandidature_list.php index 7a5a88bc6c4..70b5366aec7 100644 --- a/htdocs/recruitment/recruitmentcandidature_list.php +++ b/htdocs/recruitment/recruitmentcandidature_list.php @@ -238,12 +238,12 @@ $title = $langs->trans('ListOfCandidatures'); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -290,7 +290,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/recruitment/recruitmentjobposition_list.php b/htdocs/recruitment/recruitmentjobposition_list.php index c82c8312b40..8f45caed040 100644 --- a/htdocs/recruitment/recruitmentjobposition_list.php +++ b/htdocs/recruitment/recruitmentjobposition_list.php @@ -246,7 +246,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -312,7 +312,7 @@ $sql .= $hookmanager->resPrint; /* If a group by is required */ $sql .= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index b7f16a9ff9d..db70bc571bf 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -499,7 +499,7 @@ class Dolresource extends CommonObject // Add fields from extrafields if (!empty($extrafields->attributes[$this->table_element]['label'])) { foreach ($extrafields->attributes[$this->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$this->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$this->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } $sql .= " ty.label as type_label"; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 555fa3b05e1..d7dde07af5f 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -4774,7 +4774,7 @@ class Societe extends CommonObject $sql.= $field." = '".$this->db->escape($value)."'"; $sql.= " WHERE rowid = ".((int) $this->id); - dol_syslog(get_class($this)."::".__FUNCTION__." sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::".__FUNCTION__."", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 3105700ff65..66d045e1210 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -476,7 +476,7 @@ if ($search_categ_sup && $search_categ_sup!=-1) { // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/societe/website.php b/htdocs/societe/website.php index 0740200867d..0ea53355629 100644 --- a/htdocs/societe/website.php +++ b/htdocs/societe/website.php @@ -261,12 +261,12 @@ print '
'; // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($objectwebsiteaccount->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -304,7 +304,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY " foreach($objectwebsiteaccount->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 2529e594f2d..a3ab70c8c5a 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -306,7 +306,7 @@ $sql .= " u.firstname, u.lastname, u.photo, u.login"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : ''); } } // Add fields from hooks diff --git a/htdocs/ticket/class/cticketcategory.class.php b/htdocs/ticket/class/cticketcategory.class.php index 4e3e6311354..34321b5b898 100644 --- a/htdocs/ticket/class/cticketcategory.class.php +++ b/htdocs/ticket/class/cticketcategory.class.php @@ -395,15 +395,15 @@ class CTicketCategory extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -415,7 +415,7 @@ class CTicketCategory extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index bf08e2fdf01..e2860d240d7 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -472,7 +472,7 @@ class Ticket extends CommonObject $this->db->begin(); - dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -582,7 +582,7 @@ class Ticket extends CommonObject } } - dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { if ($this->db->num_rows($resql)) { @@ -692,7 +692,7 @@ class Ticket extends CommonObject $sql .= ", type.label as type_label, category.label as category_label, severity.label as severity_label"; // Add fields for extrafields foreach ($extrafields->attributes[$this->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$this->table_element]['type'][$key] != 'separate' ? ",ef.".$key.' as options_'.$key : ''); + $sql .= ($extrafields->attributes[$this->table_element]['type'][$key] != 'separate' ? ",ef.".$key." as options_".$key : ''); } $sql .= " FROM ".MAIN_DB_PREFIX."ticket as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_type as type ON type.code=t.type_code"; @@ -736,10 +736,10 @@ class Ticket extends CommonObject $sql .= " ORDER BY ".$sortfield.' '.$sortorder; if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit + 1, $offset); + $sql .= $this->db->plimit($limit + 1, $offset); } - dol_syslog(get_class($this)."::fetch_all sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::fetch_all", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1143,7 +1143,7 @@ class Ticket extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_type"; $sql .= " WHERE active > 0"; $sql .= " ORDER BY pos"; - dol_syslog(get_class($this)."::load_cache_type_tickets sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::load_cache_type_tickets", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -1183,7 +1183,7 @@ class Ticket extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_category"; $sql .= " WHERE active > 0"; $sql .= " ORDER BY pos"; - dol_syslog(get_class($this)."::load_cache_categories_tickets sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::load_cache_categories_tickets", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -1227,7 +1227,7 @@ class Ticket extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_severity"; $sql .= " WHERE active > 0"; $sql .= " ORDER BY pos"; - dol_syslog(get_class($this)."::loadCacheSeveritiesTickets sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::loadCacheSeveritiesTickets", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); @@ -1725,7 +1725,7 @@ class Ticket extends CommonObject $sql .= " AND elementtype = 'ticket'"; $sql .= " ORDER BY datec DESC"; - dol_syslog(get_class($this)."::load_cache_actions_ticket sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::load_cache_actions_ticket", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index c79a75e851c..625503538b5 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -335,12 +335,12 @@ $title = $langs->trans('TicketList'); // -------------------------------------------------------------------- $sql = 'SELECT '; foreach ($object->fields as $key => $val) { - $sql .= 't.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 325db34141d..f22882b1852 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -3125,7 +3125,7 @@ class User extends CommonObject $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."user"; $sql .= " WHERE fk_user = ".((int) $this->id); - dol_syslog(get_class($this)."::get_children sql=".$sql, LOG_DEBUG); + dol_syslog(get_class($this)."::get_children", LOG_DEBUG); $res = $this->db->query($sql); if ($res) { $users = array(); @@ -3515,13 +3515,13 @@ class User extends CommonObject if (!empty($filter)) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; - } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = ".((int) $value); + } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/user/list.php b/htdocs/user/list.php index a3b69d1dff8..69e94e1cfdc 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -336,7 +336,7 @@ $sql .= " s.nom as name, s.canvas,"; // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php index 05b45ebf829..a0cc0128b4c 100644 --- a/htdocs/user/notify/card.php +++ b/htdocs/user/notify/card.php @@ -38,7 +38,7 @@ $id = GETPOST("id", 'int'); $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -$actionid = GETPOST('actionid'); +$actionid = GETPOST('actionid', 'int'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -99,8 +99,8 @@ if ($action == 'add') { $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def"; $sql .= " WHERE fk_user=".((int) $id)." AND fk_action=".((int) $actionid); if ($db->query($sql)) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec,fk_user, fk_action)"; - $sql .= " VALUES ('".$db->idate($now)."',".$id.",".$actionid.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec, fk_user, fk_action)"; + $sql .= " VALUES ('".$db->idate($now)."', ".((int) $id).", ".$actionid.")"; if (!$db->query($sql)) { $error++; diff --git a/htdocs/variants/class/ProductAttributeValue.class.php b/htdocs/variants/class/ProductAttributeValue.class.php index e91542f90c5..5ee341526bb 100644 --- a/htdocs/variants/class/ProductAttributeValue.class.php +++ b/htdocs/variants/class/ProductAttributeValue.class.php @@ -160,8 +160,7 @@ class ProductAttributeValue extends CommonObject $this->value = $this->db->escape($this->value); $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_attribute_value (fk_product_attribute, ref, value, entity) - VALUES ('".(int) $this->fk_product_attribute."', '".$this->db->escape($this->ref)."', - '".$this->value."', ".(int) $this->entity.")"; + VALUES (".(int) $this->fk_product_attribute.", '".$this->db->escape($this->ref)."', '".$this->db->escape($this->value)."', ".(int) $this->entity.")"; $query = $this->db->query($sql); diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 7e70bfddc6d..4e19c057fd0 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -426,7 +426,7 @@ class Website extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $this->records = array(); diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php index 16053069d30..f255b4e92e5 100644 --- a/htdocs/website/class/websitepage.class.php +++ b/htdocs/website/class/websitepage.class.php @@ -448,7 +448,7 @@ class WebsitePage extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/workstation/class/workstation.class.php b/htdocs/workstation/class/workstation.class.php index 03d1e6e3dd4..8b550add124 100755 --- a/htdocs/workstation/class/workstation.class.php +++ b/htdocs/workstation/class/workstation.class.php @@ -427,15 +427,15 @@ class Workstation extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key." = ".((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")"; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -447,7 +447,7 @@ class Workstation extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/htdocs/workstation/workstation_list.php b/htdocs/workstation/workstation_list.php index d305e0c2c33..b395c5e5a1b 100755 --- a/htdocs/workstation/workstation_list.php +++ b/htdocs/workstation/workstation_list.php @@ -220,7 +220,7 @@ $sql .= $object->getFieldList('t'); // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : ''); + $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : ''); } } // Add fields from hooks @@ -300,7 +300,7 @@ $sql .= $hookmanager->resPrint; $sql.= " GROUP BY "; foreach ($object->fields as $key => $val) { - $sql.='t.'.$key.', '; + $sql .= "t.".$key.", "; } // Add fields from extrafields if (! empty($extrafields->attributes[$object->table_element]['label'])) { diff --git a/htdocs/zapier/class/hook.class.php b/htdocs/zapier/class/hook.class.php index ba04f504da6..fc03942d978 100644 --- a/htdocs/zapier/class/hook.class.php +++ b/htdocs/zapier/class/hook.class.php @@ -419,13 +419,13 @@ class Hook extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.' = '.((int) $value); + $sqlwhere[] = $key." = ".((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -437,7 +437,7 @@ class Hook extends CommonObject $sql .= $this->db->order($sortfield, $sortorder); } if (!empty($limit)) { - $sql .= ' '.$this->db->plimit($limit, $offset); + $sql .= $this->db->plimit($limit, $offset); } $resql = $this->db->query($sql); diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index e4a0e015fe8..a9f6221ea58 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -143,6 +143,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $user=$this->savuser; $langs=$this->savlangs; $db=$this->savdb; + print __METHOD__."\n"; } @@ -286,7 +287,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $matches=array(); // Check sql string DELETE|OR|AND|WHERE|INSERT ... yyy = ".$xxx - // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string or an (int) if int when forging sql request. + // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string, or an (int) if int, when forging sql request. preg_match_all('/(DELETE|OR|AND|WHERE|INSERT)\s.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($val[2] == 'ity' && $val[3] == 'con') { // exclude entity = $conf->entity @@ -300,6 +301,22 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.'); //exit; + // Check sql string VALUES ... , ".$xxx + // with xxx that is not 'db-' (for $db->escape). It means we forget a ' if string, or an (int) if int, when forging sql request. + preg_match_all('/(VALUES).*,\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); + foreach ($matches as $key => $val) { + if ($val[2] == 'VALUES' && $val[3] == 'db-') { // exclude $db->escape( + continue; + } + var_dump($matches); + $ok=false; + break; + } + //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; + $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.'); + //exit; + + // Check '".$xxx non escaped // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/=\s*\'"\s*\.\s*\$this->(....)/', $filecontent, $matches, PREG_SET_ORDER); @@ -310,10 +327,10 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase } } //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; - $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['relativename'].' - Bad.'); + $this->assertTrue($ok, 'Found non escaped string in building of a sql request (case 1) in '.$file['relativename'].' - Bad.'); // Check string sql|set...'".$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. - preg_match_all('/(sql|SET|WHERE).+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('/(sql|SET|WHERE|INSERT|VALUES).+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if (! in_array($val[2], array('this->db-', 'this->esc', 'db->escap', 'mydb->esc', 'dbsession', 'db->idate', 'escapedli', 'excludeGr', 'includeGr'))) { $ok=false; @@ -322,9 +339,25 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase //if ($reg[0] != 'db') $ok=false; } //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; - $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['relativename'].': '.$val[0].' - Bad.'); + $this->assertTrue($ok, 'Found non escaped string in building of a sql request (case 2) in '.$file['relativename'].': '.$val[0].' - Bad.'); //exit; + // Check string sql|set...'.$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. + preg_match_all('/(\$sql|SET\s|WHERE\s|INSERT\s|VALUES\s|VALUES\().+\s*\'\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); + foreach ($matches as $key => $val) { + if (! in_array($val[2], array('this->db-', 'db->sanit', 'conf->ent', 'key : \'\')', 'key])."\')', 'excludefi', 'regexstri', 'filtermod'))) { + $ok=false; + var_dump($matches); + break; + } + //if ($reg[0] != 'db') $ok=false; + } + //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; + $this->assertTrue($ok, 'Found non escaped string in building of a sql request (case 3) in '.$file['relativename'].': '.$val[0].' - Bad.'); + //exit; + + // Checks with IN + // Check string 'IN (".xxx' or 'IN (\'.xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request. preg_match_all('/ IN \([\'"]\s*\.\s*(.........)/i', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) {