Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Clean code

Browse Source
This commit is contained in:
Laurent Destailleur
2021-08-28 00:55:51 +02:00
parent 11096a5453
commit 51a4d7630f
44 changed files with 193 additions and 219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/compta/facture/class/facture.class.php
View File

@@ -4890,8 +4890,8 @@ class Facture extends CommonInvoice
if ($this->statut >= 0) {
$fieldname = 'retained_warranty_date_limit';
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET '.$fieldname.' = '.(strval($timestamp) != '' ? '\''.$this->db->idate($timestamp).'\'' : 'null');
$sql .= ' WHERE rowid='.((int) $this->id);
$sql .= " SET ".$fieldname." = ".(strval($timestamp) != '' ? "'".$this->db->idate($timestamp)."'" : 'null');
$sql .= ' WHERE rowid = '.((int) $this->id);
if ($this->db->query($sql)) {
$this->retained_warranty_date_limit = $timestamp;

4
htdocs/compta/stats/byratecountry.php
View File

@@ -306,7 +306,7 @@ if ($modecompta == 'CREANCES-DETTES') {
$sql .= " fd.product_type AS product_type,";
$sql .= " cc.code, cc.label AS country,";
for ($i = 1; $i <= 12; $i++) {
$sql .= " SUM(".$db->ifsql('MONTH(f.datef)='.$i, 'fd.total_ht', '0').") AS month".str_pad($i, 2, '0', STR_PAD_LEFT).",";
$sql .= " SUM(".$db->ifsql("MONTH(f.datef)=".$i, "fd.total_ht", "0").") AS month".str_pad($i, 2, "0", STR_PAD_LEFT).",";
}
$sql .= " SUM(fd.total_ht) as total";
$sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd";
@@ -393,7 +393,7 @@ if ($modecompta == 'CREANCES-DETTES') {
$sql2 .= " ffd.product_type AS product_type,";
$sql2 .= " cc.code, cc.label AS country,";
for ($i = 1; $i <= 12; $i++) {
$sql2 .= " SUM(".$db->ifsql('MONTH(ff.datef)='.$i, 'ffd.total_ht', '0').") AS month".str_pad($i, 2, '0', STR_PAD_LEFT).",";
$sql2 .= " SUM(".$db->ifsql("MONTH(ff.datef)=".$i, "ffd.total_ht", "0").") AS month".str_pad($i, 2, "0", STR_PAD_LEFT).",";
}
$sql2 .= " SUM(ffd.total_ht) as total";
$sql2 .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as ffd";

2
htdocs/compta/tva/class/tva.class.php
View File

@@ -768,7 +768,7 @@ class Tva extends CommonObject
$sql = 'SELECT sum(amount) as amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.$table;
$sql .= ' WHERE '.$field.' = '.((int) $this->id);
$sql .= " WHERE ".$field." = ".((int) $this->id);
dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG);
$resql = $this->db->query($sql);

8
htdocs/compta/tva/list.php
View File

@@ -161,16 +161,16 @@ if (!empty($search_label)) {
$sql .= natural_search('t.label', $search_label);
}
if (!empty($search_dateend_start)) {
$sql .= ' AND t.datev >= "'.$db->idate($search_dateend_start).'"';
$sql .= " AND t.datev >= '".$db->idate($search_dateend_start)."'";
}
if (!empty($search_dateend_end)) {
$sql .= ' AND t.datev <= "'.$db->idate($search_dateend_end).'"';
$sql .= " AND t.datev <= '".$db->idate($search_dateend_end)."'";
}
if (!empty($search_datepayment_start)) {
$sql .= ' AND t.datep >= "'.$db->idate($search_datepayment_start).'"';
$sql .= " AND t.datep >= '".$db->idate($search_datepayment_start)."'";
}
if (!empty($search_datepayment_end)) {
$sql .= ' AND t.datep <= "'.$db->idate($search_datepayment_end).'"';
$sql .= " AND t.datep <= '".$db->idate($search_datepayment_end)."'";
}
if (!empty($search_type) && $search_type > 0) {
$sql .= ' AND t.fk_typepayment = '.((int) $search_type);

4
htdocs/contact/class/contact.class.php
View File

@@ -388,8 +388,8 @@ class Contact extends CommonObject
$sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= ' '.$clause.' sp.entity IN ('.getEntity($this->element).')';
$sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".((int) $user->id)."))";
$sql .= " ".$clause." sp.entity IN (".getEntity($this->element).")";
$sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat = ".((int) $user->id)."))";
if ($user->socid > 0) {
$sql .= " AND sp.fk_soc = ".((int) $user->socid);
}

2
htdocs/contact/list.php
View File

@@ -478,7 +478,7 @@ if (strlen($search_fax)) {
if (!empty($conf->socialnetworks->enabled)) {
foreach ($socialnetworks as $key => $value) {
if ($value['active'] && strlen($search_[$key])) {
$sql .= ' AND p.socialnetworks LIKE \'%"'.$key.'":"'.$search_[$key].'%\'';
$sql .= " AND p.socialnetworks LIKE '%\"".$key."\":\"".$search_[$key]."%'";
}
}
}

6
htdocs/contrat/class/contrat.class.php
View File

@@ -1222,7 +1222,7 @@ class Contrat extends CommonObject
// Delete llx_ecm_files
if (!$error) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id);
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? "" : "@".$this->module))."' AND src_object_id = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();
@@ -3257,12 +3257,12 @@ class ContratLigne extends CommonObjectLine
$sql .= " '".$this->db->escape($this->info_bits)."',";
$sql .= " ".price2num($this->price_ht).",".price2num($this->remise).",";
if ($this->fk_fournprice > 0) {
$sql .= ' '.$this->fk_fournprice.',';
$sql .= ' '.((int) $this->fk_fournprice).',';
} else {
$sql .= ' null,';
}
if ($this->pa_ht > 0) {
$sql .= ' '.price2num($this->pa_ht);
$sql .= ' '.((float) price2num($this->pa_ht));
} else {
$sql .= ' null';
}

14
htdocs/contrat/index.php
View File

@@ -99,7 +99,7 @@ $sql .= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid";
$sql .= " AND (cd.statut != 4 OR (cd.statut = 4 AND (cd.date_fin_validite is null or cd.date_fin_validite >= '".$db->idate($now)."')))";
$sql .= " AND c.entity IN (".getEntity('contract', 0).")";
if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
$sql .= ' AND c.fk_soc = '.((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
@@ -136,7 +136,7 @@ $sql .= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid";
$sql .= " AND (cd.statut = 4 AND cd.date_fin_validite < '".$db->idate($now)."')";
$sql .= " AND c.entity IN (".getEntity('contract', 0).")";
if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
$sql .= ' AND c.fk_soc = '.((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
@@ -304,11 +304,11 @@ print '</div><div class="fichetwothirdright"><div class="ficheaddleft">';
// Last modified contracts
$max = 5;
$sql = 'SELECT ';
$sql .= ' sum('.$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,';
$sql .= ' sum('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,';
$sql .= ' sum('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,';
$sql .= ' sum('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,';
$sql .= ' sum('.$db->ifsql("cd.statut=5", 1, 0).') as nb_closed,';
$sql .= " sum(".$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,';
$sql .= " sum(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,';
$sql .= " sum(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,';
$sql .= " sum(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,';
$sql .= " sum(".$db->ifsql("cd.statut=5", 1, 0).') as nb_closed,';
$sql .= " c.rowid as cid, c.ref, c.datec, c.tms, c.statut, s.nom as name, s.rowid as socid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,";
if (!$user->rights->societe->client->voir && !$socid) {

10
htdocs/contrat/list.php
View File

@@ -236,11 +236,11 @@ $sql .= ' s.rowid as socid, s.nom as name, s.name_alias, s.email, s.town, s.zip,
$sql .= " typent.code as typent_code,";
$sql .= " state.code_departement as state_code, state.nom as state_name,";
$sql .= " MIN(".$db->ifsql("cd.statut=4", "cd.date_fin_validite", "null").") as lower_planned_end_date,";
$sql .= ' SUM('.$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,';
$sql .= ' SUM('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,';
$sql .= ' SUM('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,';
$sql .= ' SUM('.$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,';
$sql .= ' SUM('.$db->ifsql("cd.statut=5", 1, 0).') as nb_closed';
$sql .= " SUM(".$db->ifsql("cd.statut=0", 1, 0).') as nb_initial,';
$sql .= " SUM(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NULL OR cd.date_fin_validite >= '".$db->idate($now)."')", 1, 0).') as nb_running,';
$sql .= " SUM(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now)."')", 1, 0).') as nb_expired,';
$sql .= " SUM(".$db->ifsql("cd.statut=4 AND (cd.date_fin_validite IS NOT NULL AND cd.date_fin_validite < '".$db->idate($now - $conf->contrat->services->expires->warning_delay)."')", 1, 0).') as nb_late,';
$sql .= " SUM(".$db->ifsql("cd.statut=5", 1, 0).') as nb_closed';
// Add fields from extrafields
if (!empty($extrafields->attributes[$object->table_element]['label'])) {
foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) {

9
htdocs/core/ajax/check_notifications.php
View File

@@ -75,12 +75,9 @@ if ($action == 'stopreminder') {
$listofreminderid = GETPOST('listofreminderids', 'intcomma');
// Set the reminder as done
//foreach ($listofreminderidsarray as $listofreminderid) {
// if (empty($listofreminderid)) continue;
//$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'action_reminder WHERE rowid = '.$listofreminderid.' AND fk_user = '.$user->id;
$sql = 'UPDATE '.MAIN_DB_PREFIX.'actioncomm_reminder SET status = 1';
$sql .= ' WHERE status = 0 AND rowid IN ('.$db->sanitize($db->escape($listofreminderid)).')';
$sql .= ' AND fk_user = '.$user->id.' AND entity = '.$conf->entity;
$sql .= ' AND fk_user = '.((int) $user->id).' AND entity = '.((int) $conf->entity);
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
@@ -149,13 +146,13 @@ if (empty($_SESSION['auto_check_events_not_before']) || $time >= $_SESSION['auto
$sql = 'SELECT a.id as id_agenda, a.code, a.datep, a.label, a.location, ar.rowid as id_reminder, ar.dateremind, ar.fk_user as id_user_reminder';
$sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a';
if (!empty($user->conf->MAIN_USER_WANT_ALL_EVENTS_NOTIFICATIONS)) {
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.$user->id;
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.((int) $user->id);
$sql .= ' WHERE a.code <> "AC_OTH_AUTO"';
$sql .= ' AND (';
$sql .= " (ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".$conf->entity;
$sql .= ' )';
} else {
$sql .= ' JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.$user->id;
$sql .= ' JOIN '.MAIN_DB_PREFIX.'actioncomm_reminder as ar ON a.id = ar.fk_actioncomm AND ar.fk_user = '.((int) $user->id);
$sql .= " AND ar.typeremind = 'browser' AND ar.dateremind < '".$db->idate(dol_now())."' AND ar.status = 0 AND ar.entity = ".$conf->entity;
}
$sql .= $db->order('datep', 'ASC');

2
htdocs/core/boxes/box_services_expired.php
View File

@@ -93,7 +93,7 @@ class box_services_expired extends ModeleBoxes
$sql .= " AND c.entity = ".$conf->entity;
$sql .= " AND c.fk_soc=s.rowid AND cd.fk_contrat=c.rowid AND c.statut > 0";
if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
$sql .= ' AND c.fk_soc = '.((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);

4
htdocs/core/boxes/box_validated_projects.php
View File

@@ -157,7 +157,7 @@ class box_validated_projects extends ModeleBoxes
);
if ($objp->fk_soc > 0) {
$sql = 'SELECT rowid, nom as name FROM '.MAIN_DB_PREFIX.'societe WHERE rowid ='.$objp->fk_soc;
$sql = 'SELECT rowid, nom as name FROM '.MAIN_DB_PREFIX.'societe WHERE rowid = '.((int) $objp->fk_soc);
$resql = $this->db->query($sql);
//$socstatic = new Societe($this->db);
$obj2 = $this->db->fetch_object($resql);
@@ -165,7 +165,7 @@ class box_validated_projects extends ModeleBoxes
'td' => 'class="tdoverflowmax150 maxwidth200onsmartphone"',
'text' => $obj2->name,
'asis' => 1,
'url' => DOL_URL_ROOT.'/societe/card.php?socid='.$obj2->rowid
'url' => DOL_URL_ROOT.'/societe/card.php?socid='.urlencode($obj2->rowid)
);
} else {
$this->info_box_contents[$i][] = array(

7
htdocs/core/class/commoninvoice.class.php
View File

@@ -132,7 +132,7 @@ abstract class CommonInvoice extends CommonObject
$sql = 'SELECT sum(amount) as amount, sum(multicurrency_amount) as multicurrency_amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.$table;
$sql .= ' WHERE '.$field.' = '.((int) $this->id);
$sql .= " WHERE ".$field." = ".((int) $this->id);
dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -308,9 +308,8 @@ abstract class CommonInvoice extends CommonObject
$sql = 'SELECT p.ref, pf.amount, pf.multicurrency_amount, p.fk_paiement, p.datep, p.num_paiement as num, t.code'.$field3;
$sql .= ' FROM '.MAIN_DB_PREFIX.$table.' as pf, '.MAIN_DB_PREFIX.$table2.' as p, '.MAIN_DB_PREFIX.'c_paiement as t';
$sql .= ' WHERE pf.'.$field.' = '.((int) $this->id);
//$sql.= ' WHERE pf.'.$field.' = 1';
$sql .= ' AND pf.'.$field2.' = p.rowid';
$sql .= " WHERE pf.".$field." = ".((int) $this->id);
$sql .= " AND pf.".$field2." = p.rowid";
$sql .= ' AND p.fk_paiement = t.id';
$sql .= ' AND p.entity IN ('.getEntity($sharedentity).')';
if ($filtertype) {

140
htdocs/core/class/commonobject.class.php
View File

@@ -2054,7 +2054,7 @@ abstract class CommonObject
}
if (isset($this->ismultientitymanaged) && !is_numeric($this->ismultientitymanaged)) {
$tmparray = explode('@', $this->ismultientitymanaged);
$sql .= ' AND te.'.$tmparray[0].' = '.($tmparray[1] == 'societe' ? 's' : 'parenttable').'.rowid'; // If we need to link to this table to limit select to entity
$sql .= " AND te.".$tmparray[0]." = ".($tmparray[1] == "societe" ? "s" : "parenttable").".rowid"; // If we need to link to this table to limit select to entity
} elseif ($restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) {
$sql .= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to socid
}
@@ -2075,13 +2075,13 @@ abstract class CommonObject
$sql .= ' AND parenttable.entity IN ('.getEntity($tmparray[1]).')';
}
if ($restrictiononfksoc == 1 && $socid && $this->element != 'societe') {
$sql .= ' AND te.fk_soc = '.$socid;
$sql .= ' AND te.fk_soc = '.((int) $socid);
}
if ($restrictiononfksoc == 2 && $socid && $this->element != 'societe') {
$sql .= ' AND (te.fk_soc = '.$socid.' OR te.fk_soc IS NULL)';
$sql .= ' AND (te.fk_soc = '.((int) $socid).' OR te.fk_soc IS NULL)';
}
if ($restrictiononfksoc && $socid && $this->element == 'societe') {
$sql .= ' AND te.rowid = '.$socid;
$sql .= ' AND te.rowid = '.((int) $socid);
}
//print 'socid='.$socid.' restrictiononfksoc='.$restrictiononfksoc.' ismultientitymanaged = '.$this->ismultientitymanaged.' filter = '.$filter.' -> '.$sql."<br>";
@@ -2124,7 +2124,7 @@ abstract class CommonObject
}
if (isset($this->ismultientitymanaged) && !is_numeric($this->ismultientitymanaged)) {
$tmparray = explode('@', $this->ismultientitymanaged);
$sql .= ' AND te.'.$tmparray[0].' = '.($tmparray[1] == 'societe' ? 's' : 'parenttable').'.rowid'; // If we need to link to this table to limit select to entity
$sql .= " AND te.".$tmparray[0]." = ".($tmparray[1] == "societe" ? "s" : "parenttable").".rowid"; // If we need to link to this table to limit select to entity
} elseif ($restrictiononfksoc == 1 && $this->element != 'societe' && !$user->rights->societe->client->voir && !$socid) {
$sql .= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to socid
}
@@ -2145,13 +2145,13 @@ abstract class CommonObject
$sql .= ' AND parenttable.entity IN ('.getEntity($tmparray[1]).')';
}
if ($restrictiononfksoc == 1 && $socid && $this->element != 'societe') {
$sql .= ' AND te.fk_soc = '.$socid;
$sql .= ' AND te.fk_soc = '.((int) $socid);
}
if ($restrictiononfksoc == 2 && $socid && $this->element != 'societe') {
$sql .= ' AND (te.fk_soc = '.$socid.' OR te.fk_soc IS NULL)';
$sql .= ' AND (te.fk_soc = '.((int) $socid).' OR te.fk_soc IS NULL)';
}
if ($restrictiononfksoc && $socid && $this->element == 'societe') {
$sql .= ' AND te.rowid = '.$socid;
$sql .= ' AND te.rowid = '.((int) $socid);
}
//print 'socid='.$socid.' restrictiononfksoc='.$restrictiononfksoc.' ismultientitymanaged = '.$this->ismultientitymanaged.' filter = '.$filter.' -> '.$sql."<br>";
// Rem: Bug in some mysql version: SELECT MIN(rowid) FROM llx_socpeople WHERE rowid > 1 when one row in database with rowid=1, returns 1 instead of null
@@ -2206,19 +2206,19 @@ abstract class CommonObject
return -1;
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
if (!empty($this->fields['fk_project'])) { // Common case
if ($projectid) {
$sql .= ' SET fk_project = '.((int) $projectid);
$sql .= " SET fk_project = ".((int) $projectid);
} else {
$sql .= ' SET fk_project = NULL';
$sql .= " SET fk_project = NULL";
}
$sql .= ' WHERE rowid = '.((int) $this->id);
} elseif ($this->table_element == 'actioncomm') { // Special case for actioncomm
if ($projectid) {
$sql .= ' SET fk_project = '.((int) $projectid);
$sql .= " SET fk_project = ".((int) $projectid);
} else {
$sql .= ' SET fk_project = NULL';
$sql .= " SET fk_project = NULL";
}
$sql .= ' WHERE id = '.((int) $this->id);
} else // Special case for old architecture objects
@@ -2266,8 +2266,8 @@ abstract class CommonObject
$fieldname = 'fk_typepayment';
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL');
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
$sql .= " SET ".$fieldname." = ".(($id > 0 || $id == '0') ? ((int) $id) : 'NULL');
$sql .= ' WHERE rowid='.((int) $this->id);
if ($this->db->query($sql)) {
@@ -2278,7 +2278,7 @@ abstract class CommonObject
}
return 1;
} else {
dol_syslog(get_class($this).'::setPaymentMethods Error '.$sql.' - '.$this->db->error());
dol_syslog(get_class($this).'::setPaymentMethods Error '.$this->db->error());
$this->error = $this->db->error();
return -1;
}
@@ -2302,7 +2302,7 @@ abstract class CommonObject
$fieldname = 'multicurrency_code';
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET '.$fieldname." = '".$this->db->escape($code)."'";
$sql .= " SET ".$fieldname." = '".$this->db->escape($code)."'";
$sql .= ' WHERE rowid='.((int) $this->id);
if ($this->db->query($sql)) {
@@ -2340,7 +2340,7 @@ abstract class CommonObject
$fieldname = 'multicurrency_tx';
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET '.$fieldname.' = '.((float) $rate);
$sql .= " SET ".$fieldname." = ".((float) $rate);
$sql .= ' WHERE rowid='.((int) $this->id);
if ($this->db->query($sql)) {
@@ -2548,7 +2548,7 @@ abstract class CommonObject
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL');
$sql .= " SET ".$fieldname." = ".(($id > 0 || $id == '0') ? ((int) $id) : 'NULL');
$sql .= ' WHERE rowid='.((int) $this->id);
if ($this->db->query($sql)) {
@@ -2590,7 +2590,7 @@ abstract class CommonObject
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET '.$fieldname.' = '.(($id > 0 || $id == '0') ? $id : 'NULL');
$sql .= " SET ".$fieldname." = ".(($id > 0 || $id == '0') ? ((int) $id) : 'NULL');
$sql .= ' WHERE rowid='.((int) $this->id);
if ($this->db->query($sql)) {
@@ -2625,7 +2625,7 @@ abstract class CommonObject
$fieldname = 'retained_warranty_fk_cond_reglement';
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET '.$fieldname.' = '.((int) $id);
$sql .= " SET ".$fieldname." = ".((int) $id);
$sql .= ' WHERE rowid='.((int) $this->id);
if ($this->db->query($sql)) {
@@ -2665,7 +2665,7 @@ abstract class CommonObject
return 1;
} else {
$this->error = $this->db->error();
dol_syslog(get_class($this).'::setDeliveryAddress Error '.$sql.' - '.$this->error);
dol_syslog(get_class($this).'::setDeliveryAddress Error '.$this->error);
return -1;
}
}
@@ -2884,7 +2884,7 @@ abstract class CommonObject
// Count number of lines to reorder (according to choice $renum)
$nl = 0;
$sql = 'SELECT count(rowid) FROM '.MAIN_DB_PREFIX.$this->table_element_line;
$sql .= ' WHERE '.$this->fk_element.'='.((int) $this->id);
$sql .= " WHERE ".$this->fk_element." = ".((int) $this->id);
if (!$renum) {
$sql .= ' AND rang = 0';
}
@@ -2906,7 +2906,7 @@ abstract class CommonObject
// We first search all lines that are parent lines (for multilevel details lines)
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line;
$sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql .= " WHERE ".$this->fk_element." = ".((int) $this->id);
if ($fk_parent_line) {
$sql .= ' AND fk_parent_line IS NULL';
}
@@ -2954,7 +2954,7 @@ abstract class CommonObject
$rows = array();
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line;
$sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql .= " WHERE ".$this->fk_element." = ".((int) $this->id);
$sql .= ' AND fk_parent_line = '.((int) $id);
$sql .= ' ORDER BY rang ASC';
@@ -3031,7 +3031,7 @@ abstract class CommonObject
$fieldposition = 'position';
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang);
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) $rang);
$sql .= ' WHERE rowid = '.((int) $rowid);
dol_syslog(get_class($this)."::updateRangOfLine", LOG_DEBUG);
@@ -3074,11 +3074,11 @@ abstract class CommonObject
$fieldposition = 'position';
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang);
$sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) $rang);
$sql .= " WHERE ".$this->fk_element." = ".((int) $this->id);
$sql .= ' AND rang = '.((int) ($rang - 1));
if ($this->db->query($sql)) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang - 1));
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) ($rang - 1));
$sql .= ' WHERE rowid = '.((int) $rowid);
if (!$this->db->query($sql)) {
dol_print_error($this->db);
@@ -3105,11 +3105,11 @@ abstract class CommonObject
$fieldposition = 'position';
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang);
$sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) $rang);
$sql .= " WHERE ".$this->fk_element." = ".((int) $this->id);
$sql .= ' AND rang = '.((int) ($rang + 1));
if ($this->db->query($sql)) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang + 1));
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element_line." SET ".$fieldposition." = ".((int) ($rang + 1));
$sql .= ' WHERE rowid = '.((int) $rowid);
if (!$this->db->query($sql)) {
dol_print_error($this->db);
@@ -3148,7 +3148,7 @@ abstract class CommonObject
public function getIdOfLine($rang)
{
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$this->table_element_line;
$sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql .= " WHERE ".$this->fk_element." = ".((int) $this->id);
$sql .= ' AND rang = '.((int) $rang);
$resql = $this->db->query($sql);
if ($resql) {
@@ -3174,8 +3174,8 @@ abstract class CommonObject
// Search the last rang with fk_parent_line
if ($fk_parent_line) {
$sql = 'SELECT max('.$positionfield.') FROM '.MAIN_DB_PREFIX.$this->table_element_line;
$sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql = "SELECT max(".$positionfield.") FROM ".MAIN_DB_PREFIX.$this->table_element_line;
$sql .= " WHERE ".$this->fk_element." = ".((int) $this->id);
$sql .= ' AND fk_parent_line = '.((int) $fk_parent_line);
dol_syslog(get_class($this)."::line_max", LOG_DEBUG);
@@ -3190,8 +3190,8 @@ abstract class CommonObject
}
} else {
// If not, search the last rang of element
$sql = 'SELECT max('.$positionfield.') FROM '.MAIN_DB_PREFIX.$this->table_element_line;
$sql .= ' WHERE '.$this->fk_element.' = '.$this->id;
$sql = "SELECT max(".$positionfield.") FROM ".MAIN_DB_PREFIX.$this->table_element_line;
$sql .= " WHERE ".$this->fk_element." = ".((int) $this->id);
dol_syslog(get_class($this)."::line_max", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -3217,7 +3217,7 @@ abstract class CommonObject
return -1;
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
$sql .= " SET ref_ext = '".$this->db->escape($ref_ext)."'";
$sql .= " WHERE ".(isset($this->table_rowid) ? $this->table_rowid : 'rowid')." = ".((int) $this->id);
@@ -3268,7 +3268,7 @@ abstract class CommonObject
} else {
$fieldusermod = "fk_user_modif";
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
$sql .= " SET note".$newsuffix." = ".(!empty($note) ? ("'".$this->db->escape($note)."'") : "NULL");
$sql .= ", ".$fieldusermod." = ".((int) $user->id);
$sql .= " WHERE rowid = ".((int) $this->id);
@@ -3386,21 +3386,21 @@ abstract class CommonObject
$fieldup = 'value_unit';
}
$sql = 'SELECT rowid, qty, '.$fieldup.' as up, remise_percent, total_ht, '.$fieldtva.' as total_tva, total_ttc, '.$fieldlocaltax1.' as total_localtax1, '.$fieldlocaltax2.' as total_localtax2,';
$sql = "SELECT rowid, qty, ".$fieldup." as up, remise_percent, total_ht, ".$fieldtva." as total_tva, total_ttc, ".$fieldlocaltax1." as total_localtax1, ".$fieldlocaltax2." as total_localtax2,";
$sql .= ' tva_tx as vatrate, localtax1_tx, localtax2_tx, localtax1_type, localtax2_type, info_bits, product_type';
if ($this->table_element_line == 'facturedet') {
$sql .= ', situation_percent';
}
$sql .= ', multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc';
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line;
$sql .= ' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql .= " WHERE ".$this->fk_element." = ".((int) $this->id);
if ($exclspec) {
$product_field = 'product_type';
if ($this->table_element_line == 'contratdet') {
$product_field = ''; // contratdet table has no product_type field
}
if ($product_field) {
$sql .= ' AND '.$product_field.' <> 9';
$sql .= " AND ".$product_field." <> 9";
}
}
$sql .= ' ORDER by rowid'; // We want to be sure to always use same order of line to not change lines differently when option MAIN_ROUNDOFTOTAL_NOT_TOTALOFROUND is used
@@ -3553,14 +3553,14 @@ abstract class CommonObject
if (empty($nodatabaseupdate)) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET';
$sql .= " ".$fieldht." = ".price2num($this->total_ht).",";
$sql .= " ".$fieldtva." = ".price2num($this->total_tva).",";
$sql .= " ".$fieldlocaltax1." = ".price2num($this->total_localtax1).",";
$sql .= " ".$fieldlocaltax2." = ".price2num($this->total_localtax2).",";
$sql .= " ".$fieldttc." = ".price2num($this->total_ttc);
$sql .= ", multicurrency_total_ht = ".price2num($this->multicurrency_total_ht, 'MT', 1);
$sql .= ", multicurrency_total_tva = ".price2num($this->multicurrency_total_tva, 'MT', 1);
$sql .= ", multicurrency_total_ttc = ".price2num($this->multicurrency_total_ttc, 'MT', 1);
$sql .= " ".$fieldht." = ".((float) price2num($this->total_ht)).",";
$sql .= " ".$fieldtva." = ".((float) price2num($this->total_tva)).",";
$sql .= " ".$fieldlocaltax1." = ".((float) price2num($this->total_localtax1)).",";
$sql .= " ".$fieldlocaltax2." = ".((float) price2num($this->total_localtax2)).",";
$sql .= " ".$fieldttc." = ".((float) price2num($this->total_ttc));
$sql .= ", multicurrency_total_ht = ".((float) price2num($this->multicurrency_total_ht, 'MT', 1));
$sql .= ", multicurrency_total_tva = ".((float) price2num($this->multicurrency_total_tva, 'MT', 1));
$sql .= ", multicurrency_total_ttc = ".((float) price2num($this->multicurrency_total_ttc, 'MT', 1));
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update_price", LOG_DEBUG);
@@ -4038,7 +4038,7 @@ abstract class CommonObject
global $db;
$sql = 'SELECT '.$field_select.' FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.((int) $fk_object_where);
$sql = "SELECT ".$field_select." FROM ".MAIN_DB_PREFIX.$table_element." WHERE ".$field_where." = ".((int) $fk_object_where);
$resql = $db->query($sql);
$TRes = array();
@@ -4067,7 +4067,7 @@ abstract class CommonObject
global $db;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.((int) $fk_object_where);
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$table_element." WHERE ".$field_where." = ".((int) $fk_object_where);
$resql = $db->query($sql);
if (empty($resql)) {
@@ -5317,7 +5317,7 @@ abstract class CommonObject
$update_main_doc_field = 1;
}
if ($update_main_doc_field && !empty($this->table_element)) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element." SET last_main_doc = '".$this->db->escape($ecmfile->filepath.'/'.$ecmfile->filename)."'";
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET last_main_doc = '".$this->db->escape($ecmfile->filepath."/".$ecmfile->filename)."'";
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
@@ -6677,17 +6677,17 @@ abstract class CommonObject
//We have to join on extrafield table
if (strpos($InfoFieldList[4], 'extra') !== false) {
$sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra';
$sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4];
$sql .= " as main, ".MAIN_DB_PREFIX.$InfoFieldList[0]."_extrafields as extra";
$sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4];
} else {
$sqlwhere .= ' WHERE '.$InfoFieldList[4];
$sqlwhere .= " WHERE ".$InfoFieldList[4];
}
} else {
$sqlwhere .= ' WHERE 1=1';
}
// Some tables may have field, some other not. For the moment we disable it.
if (in_array($InfoFieldList[0], array('tablewithentity'))) {
$sqlwhere .= ' AND entity = '.$conf->entity;
$sqlwhere .= " AND entity = ".((int) $conf->entity);
}
$sql .= $sqlwhere;
//print $sql;
@@ -6830,16 +6830,16 @@ abstract class CommonObject
// We have to join on extrafield table
if (strpos($InfoFieldList[4], 'extra') !== false) {
$sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra';
$sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4];
$sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4];
} else {
$sqlwhere .= ' WHERE '.$InfoFieldList[4];
$sqlwhere .= " WHERE ".$InfoFieldList[4];
}
} else {
$sqlwhere .= ' WHERE 1=1';
}
// Some tables may have field, some other not. For the moment we disable it.
if (in_array($InfoFieldList[0], array('tablewithentity'))) {
$sqlwhere .= ' AND entity = '.$conf->entity;
$sqlwhere .= " AND entity = ".((int) $conf->entity);
}
// $sql.=preg_replace('/^ AND /','',$sqlwhere);
// print $sql;
@@ -8770,8 +8770,8 @@ abstract class CommonObject
return 0;
}
$sql = 'SELECT '.$fieldlist;
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t';
$sql = "SELECT ".$fieldlist;
$sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element.' as t';
if (!empty($id)) {
$sql .= ' WHERE t.rowid = '.((int) $id);
@@ -8825,9 +8825,9 @@ abstract class CommonObject
$objectline = new $objectlineclassname($this->db);
$sql = 'SELECT '.$objectline->getFieldList('l');
$sql .= ' FROM '.MAIN_DB_PREFIX.$objectline->table_element.' as l';
$sql .= ' WHERE l.fk_'.$this->element.' = '.((int) $this->id);
$sql = "SELECT ".$objectline->getFieldList('l');
$sql .= " FROM ".MAIN_DB_PREFIX.$objectline->table_element." as l";
$sql .= " WHERE l.fk_".$this->element." = ".((int) $this->id);
if ($morewhere) {
$sql .= $morewhere;
}
@@ -8973,7 +8973,7 @@ abstract class CommonObject
if ($forcechilddeletion) { // Force also delete of childtables that should lock deletion in standard case when option force is off
foreach ($this->childtables as $table) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$table." WHERE ".$this->fk_element." = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();
@@ -9022,7 +9022,7 @@ abstract class CommonObject
}
} else {
// Delete record in child table
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table.' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$table." WHERE ".$this->fk_element." = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
@@ -9100,7 +9100,7 @@ abstract class CommonObject
$this->db->begin();
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX.$this->table_element;
$sql .= ' WHERE '.$parentField.' = '.(int) $parentId;
$sql .= " WHERE ".$parentField." = ".(int) $parentId;
$resql = $this->db->query($sql);
if (!$resql) {
@@ -9533,7 +9533,7 @@ abstract class CommonObject
// Delete in database with mode 1
if ($mode == 1) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files_extrafields";
$sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id).")";
$sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? "" : "@".$this->module))."' AND src_object_id = ".((int) $this->id).")";
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();
@@ -9542,7 +9542,7 @@ abstract class CommonObject
}
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files";
$sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id);
$sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? "" : "@".$this->module))."' AND src_object_id = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();

4
htdocs/core/class/commonobjectline.class.php
View File

@@ -86,7 +86,7 @@ abstract class CommonObjectLine extends CommonObject
$label_type = 'code';
}
$sql = 'select '.$label_type.', code from '.MAIN_DB_PREFIX.'c_units where rowid='.$this->fk_unit;
$sql = "SELECT ".$label_type.", code from ".MAIN_DB_PREFIX."c_units where rowid = ".((int) $this->fk_unit);
$resql = $this->db->query($sql);
if ($resql && $this->db->num_rows($resql) > 0) {
$res = $this->db->fetch_array($resql);
@@ -98,7 +98,7 @@ abstract class CommonObjectLine extends CommonObject
$this->db->free($resql);
return $label;
} else {
$this->error = $this->db->error().' sql='.$sql;
$this->error = $this->db->lasterror();
dol_syslog(get_class($this)."::getLabelOfUnit Error ".$this->error, LOG_ERR);
return -1;
}

2
htdocs/core/class/coreobject.class.php
View File

@@ -183,7 +183,7 @@ class CoreObject extends CommonObject
$this->{$className} = array();
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.$childTable.' WHERE '.$this->fk_element.' = '.((int) $this->id);
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX.$childTable." WHERE ".$this->fk_element." = ".((int) $this->id);
$res = $this->db->query($sql);
if ($res) {

20
htdocs/core/class/discount.class.php
View File

@@ -516,10 +516,10 @@ class DiscountAbsolute
$sql .= " AND rc.fk_user = ".((int) $user->id);
}
if ($filter) {
$sql .= ' AND ('.$filter.')';
$sql .= " AND (".$filter.")";
}
if ($maxvalue) {
$sql .= ' AND rc.amount_ttc <= '.price2num($maxvalue);
$sql .= ' AND rc.amount_ttc <= '.((float) price2num($maxvalue));
}
$resql = $this->db->query($sql);
@@ -555,12 +555,12 @@ class DiscountAbsolute
if ($invoice->element == 'facture' || $invoice->element == 'invoice') {
$sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture as f';
$sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.$invoice->id;
$sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.((int) $invoice->id);
$sql .= ' AND f.type = 3';
} elseif ($invoice->element == 'invoice_supplier') {
$sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture_fourn as f';
$sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.$invoice->id;
$sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.((int) $invoice->id);
$sql .= ' AND f.type = 3';
} else {
$this->error = get_class($this)."::getSumDepositsUsed was called with a bad object as a first parameter";
@@ -596,13 +596,13 @@ class DiscountAbsolute
if ($invoice->element == 'facture' || $invoice->element == 'invoice') {
$sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture as f';
$sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.$invoice->id;
$sql .= ' AND f.type IN ('.$this->db->sanitize($invoice::TYPE_STANDARD.', '.$invoice::TYPE_CREDIT_NOTE.', '.$invoice::TYPE_SITUATION).')'; // Find discount coming from credit note or excess received
$sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.((int) $invoice->id);
$sql .= " AND f.type IN (".$this->db->sanitize($invoice::TYPE_STANDARD.", ".$invoice::TYPE_CREDIT_NOTE.", ".$invoice::TYPE_SITUATION).')'; // Find discount coming from credit note or excess received
} elseif ($invoice->element == 'invoice_supplier') {
$sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture_fourn as f';
$sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.$invoice->id;
$sql .= ' AND f.type IN ('.$this->db->sanitize($invoice::TYPE_STANDARD.', '.$invoice::TYPE_CREDIT_NOTE).')'; // Find discount coming from credit note or excess paid
$sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.((int) $invoice->id);
$sql .= " AND f.type IN (".$this->db->sanitize($invoice::TYPE_STANDARD.", ".$invoice::TYPE_CREDIT_NOTE).')'; // Find discount coming from credit note or excess paid
} else {
$this->error = get_class($this)."::getSumCreditNotesUsed was called with a bad object as a first parameter";
dol_print_error($this->error);
@@ -636,11 +636,11 @@ class DiscountAbsolute
if ($invoice->element == 'facture' || $invoice->element == 'invoice') {
$sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc';
$sql .= ' WHERE rc.fk_facture IS NULL AND rc.fk_facture_source = '.$invoice->id;
$sql .= ' WHERE rc.fk_facture IS NULL AND rc.fk_facture_source = '.((int) $invoice->id);
} elseif ($invoice->element == 'invoice_supplier') {
$sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc';
$sql .= ' WHERE rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_source = '.$invoice->id;
$sql .= ' WHERE rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_source = '.((int) $invoice->id);
} else {
$this->error = get_class($this)."::getSumCreditNotesUsed was called with a bad object as a first parameter";
dol_print_error($this->error);

4
htdocs/core/class/dolreceiptprinter.class.php
View File

@@ -867,7 +867,7 @@ class dolReceiptPrinter extends Printer
$error = 0;
$sql = 'SELECT template';
$sql .= ' FROM '.MAIN_DB_PREFIX.'printer_receipt_template';
$sql .= ' WHERE rowid='.$templateid;
$sql .= ' WHERE rowid = '.((int) $templateid);
$sql .= ' AND entity = '.$conf->entity;
$resql = $this->db->query($sql);
if ($resql) {
@@ -905,7 +905,7 @@ class dolReceiptPrinter extends Printer
$sql = 'SELECT rowid, name, fk_type, fk_profile, parameter';
$sql .= ' FROM '.MAIN_DB_PREFIX.'printer_receipt';
$sql .= ' WHERE rowid = '.((int) $printerid);
$sql .= ' AND entity = '.$conf->entity;
$sql .= ' AND entity = '.((int) $conf->entity);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_array($resql);

12
htdocs/core/class/extrafields.class.php
View File

@@ -1273,16 +1273,16 @@ class ExtraFields
//We have to join on extrafield table
if (strpos($InfoFieldList[4], 'extra') !== false) {
$sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra';
$sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4];
$sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4];
} else {
$sqlwhere .= ' WHERE '.$InfoFieldList[4];
$sqlwhere .= " WHERE ".$InfoFieldList[4];
}
} else {
$sqlwhere .= ' WHERE 1=1';
}
// Some tables may have field, some other not. For the moment we disable it.
if (in_array($InfoFieldList[0], array('tablewithentity'))) {
$sqlwhere .= ' AND entity = '.$conf->entity;
$sqlwhere .= ' AND entity = '.((int) $conf->entity);
}
$sql .= $sqlwhere;
//print $sql;
@@ -1485,16 +1485,16 @@ class ExtraFields
// We have to join on extrafield table
if (strpos($InfoFieldList[4], 'extra.') !== false) {
$sql .= ' as main, '.MAIN_DB_PREFIX.$InfoFieldList[0].'_extrafields as extra';
$sqlwhere .= ' WHERE extra.fk_object=main.'.$InfoFieldList[2].' AND '.$InfoFieldList[4];
$sqlwhere .= " WHERE extra.fk_object=main.".$InfoFieldList[2]." AND ".$InfoFieldList[4];
} else {
$sqlwhere .= ' WHERE '.$InfoFieldList[4];
$sqlwhere .= " WHERE ".$InfoFieldList[4];
}
} else {
$sqlwhere .= ' WHERE 1=1';
}
// Some tables may have field, some other not. For the moment we disable it.
if (in_array($InfoFieldList[0], array('tablewithentity'))) {
$sqlwhere .= ' AND entity = '.$conf->entity;
$sqlwhere .= " AND entity = ".((int) $conf->entity);
}
// $sql.=preg_replace('/^ AND /','',$sqlwhere);
// print $sql;

1
htdocs/core/class/hookmanager.class.php
View File

@@ -172,6 +172,7 @@ class HookManager
'addSearchEntry',
'addStatisticLine',
'addSectionECMAuto',
'checkSecureAccess',
'createDictionaryFieldlist',
'editDictionaryFieldlist',
'getFormMail',

6
htdocs/core/class/html.form.class.php
View File

@@ -2565,7 +2565,7 @@ class Form
$sql .= ')';
}
if (count($warehouseStatusArray)) {
$sql .= ' GROUP BY'.$selectFields;
$sql .= " GROUP BY ".$selectFields;
}
//Sort by category
@@ -6988,7 +6988,7 @@ class Form
if (isset($objecttmp->ismultientitymanaged)) {
if (!is_numeric($objecttmp->ismultientitymanaged)) {
$tmparray = explode('@', $objecttmp->ismultientitymanaged);
$sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$tmparray[1].' as parenttable ON parenttable.rowid = t.'.$tmparray[0];
$sql .= " INNER JOIN ".MAIN_DB_PREFIX.$tmparray[1]." as parenttable ON parenttable.rowid = t.".$tmparray[0];
}
if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') {
if (!$user->rights->societe->client->voir && !$user->socid) {
@@ -7009,7 +7009,7 @@ class Form
$sql .= " AND t.entity IN (".getEntity($objecttmp->table_element).")";
}
if (!is_numeric($objecttmp->ismultientitymanaged)) {
$sql .= ' AND parenttable.entity = t.'.$tmparray[0];
$sql .= " AND parenttable.entity = t.".$tmparray[0];
}
if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) {
if ($objecttmp->element == 'societe') {

2
htdocs/core/class/html.formmail.class.php
View File

@@ -601,7 +601,7 @@ class FormMail extends Form
// Add also email aliases from the c_email_senderprofile table
$sql = 'SELECT rowid, label, email FROM '.MAIN_DB_PREFIX.'c_email_senderprofile';
$sql .= ' WHERE active = 1 AND (private = 0 OR private = '.$user->id.')';
$sql .= ' WHERE active = 1 AND (private = 0 OR private = '.((int) $user->id).')';
$sql .= ' ORDER BY position';
$resql = $this->db->query($sql);
if ($resql) {

4
htdocs/core/class/utils.class.php
View File

@@ -1088,11 +1088,11 @@ class Utils
fwrite($handle, "/*!40000 ALTER TABLE `".$table."` DISABLE KEYS */;\n");
}
$sql = 'SELECT * FROM '.$table; // Here SELECT * is allowed because we don't have definition of columns to take
$sql = "SELECT * FROM ".$table; // Here SELECT * is allowed because we don't have definition of columns to take
$result = $db->query($sql);
while ($row = $db->fetch_row($result)) {
// For each row of data we print a line of INSERT
fwrite($handle, 'INSERT '.$delayed.$ignore.'INTO `'.$table.'` VALUES (');
fwrite($handle, "INSERT ".$delayed.$ignore."INTO ".$table." VALUES (");
$columns = count($row);
for ($j = 0; $j < $columns; $j++) {
// Processing each columns of the row to ensure that we correctly save the value (eg: add quotes for string - in fact we add quotes for everything, it's easier)

2
htdocs/core/class/validate.class.php
View File

@@ -263,7 +263,7 @@ class Validate
}
foreach ($value_arr as $val) {
$sql = 'SELECT ' . $col . ' FROM ' . MAIN_DB_PREFIX . $table . " WHERE " . $col ." = '" . $this->db->escape($val) . "'"; // nore quick than count(*) to check existing of a row
$sql = "SELECT ".$col." FROM ".MAIN_DB_PREFIX.$table." WHERE ".$col." = '".$this->db->escape($val)."'"; // nore quick than count(*) to check existing of a row
$resql = $this->db->getRow($sql);
if ($resql) {
continue;

59
htdocs/core/customreports.php
View File

@@ -239,13 +239,14 @@ if (is_array($search_groupby) && count($search_groupby)) {
$fieldtocount = $search_groupby[$gkey];
}
$sql = 'SELECT DISTINCT '.$fieldtocount.' as val';
$sql = "SELECT DISTINCT ".$fieldtocount." as val";
if (strpos($fieldtocount, 'te.') === 0) {
$sql .= ' FROM '.MAIN_DB_PREFIX.$object->table_element.'_extrafields as te';
} else {
$sql .= ' FROM '.MAIN_DB_PREFIX.$object->table_element.' as t';
}
// TODO Add the where here
// ...
$sql .= ' LIMIT '.($MAXUNIQUEVALFORGROUP + 1);
@@ -469,60 +470,60 @@ if (!empty($search_measures) && !empty($search_xaxis)) {
foreach ($search_xaxis as $key => $val) {
if (preg_match('/\-year$/', $val)) {
$tmpval = preg_replace('/\-year$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y') as x_".$key.', ';
$sql .= "DATE_FORMAT(".$tmpval.", '%Y') as x_".$key.', ';
} elseif (preg_match('/\-month$/', $val)) {
$tmpval = preg_replace('/\-month$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m') as x_".$key.', ';
$sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m') as x_".$key.', ';
} elseif (preg_match('/\-day$/', $val)) {
$tmpval = preg_replace('/\-day$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d') as x_".$key.', ';
$sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d') as x_".$key.', ';
} else {
$sql .= $val.' as x_'.$key.', ';
$sql .= $val." as x_".$key.", ";
}
}
foreach ($search_groupby as $key => $val) {
if (preg_match('/\-year$/', $val)) {
$tmpval = preg_replace('/\-year$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y') as g_".$key.', ';
$sql .= "DATE_FORMAT(".$tmpval.", '%Y') as g_".$key.', ';
} elseif (preg_match('/\-month$/', $val)) {
$tmpval = preg_replace('/\-month$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m') as g_".$key.', ';
$sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m') as g_".$key.', ';
} elseif (preg_match('/\-day$/', $val)) {
$tmpval = preg_replace('/\-day$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d') as g_".$key.', ';
$sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d') as g_".$key.', ';
} else {
$sql .= $val.' as g_'.$key.', ';
$sql .= $val." as g_".$key.", ";
}
}
foreach ($search_measures as $key => $val) {
if ($val == 't.count') {
$sql .= 'COUNT(t.'.$fieldid.') as y_'.$key.', ';
$sql .= "COUNT(t.".$fieldid.") as y_".$key.', ';
} elseif (preg_match('/\-sum$/', $val)) {
$tmpval = preg_replace('/\-sum$/', '', $val);
$sql .= 'SUM('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', ';
$sql .= "SUM(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", ";
} elseif (preg_match('/\-average$/', $val)) {
$tmpval = preg_replace('/\-average$/', '', $val);
$sql .= 'AVG('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', ';
$sql .= "AVG(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", ";
} elseif (preg_match('/\-min$/', $val)) {
$tmpval = preg_replace('/\-min$/', '', $val);
$sql .= 'MIN('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', ';
$sql .= "MIN(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", ";
} elseif (preg_match('/\-max$/', $val)) {
$tmpval = preg_replace('/\-max$/', '', $val);
$sql .= 'MAX('.$db->ifsql($tmpval.' IS NULL', '0', $tmpval).') as y_'.$key.', ';
$sql .= "MAX(".$db->ifsql($tmpval.' IS NULL', '0', $tmpval).") as y_".$key.", ";
}
}
$sql = preg_replace('/,\s*$/', '', $sql);
$sql .= ' FROM '.MAIN_DB_PREFIX.$object->table_element.' as t';
// Add measure from extrafields
if ($object->isextrafieldmanaged) {
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.$object->table_element.'_extrafields as te ON te.fk_object = t.'.$fieldid;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$object->table_element."_extrafields as te ON te.fk_object = t.".$fieldid;
}
if ($object->ismultientitymanaged) {
if ($object->ismultientitymanaged == 1) {
// Nothing here
} else {
$tmparray = explode('@', $object->ismultientitymanaged);
$sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$tmparray[1].' as parenttable ON t.'.$tmparray[0].' = parenttable.rowid';
$sql .= " INNER JOIN ".MAIN_DB_PREFIX.$tmparray[1]." as parenttable ON t.".$tmparray[0]." = parenttable.rowid";
$sql .= ' AND parenttable.entity IN ('.getEntity($tmparray[1]).')';
}
}
@@ -537,27 +538,27 @@ if (!empty($search_measures) && !empty($search_xaxis)) {
foreach ($search_xaxis as $key => $val) {
if (preg_match('/\-year$/', $val)) {
$tmpval = preg_replace('/\-year$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), ";
$sql .= "DATE_FORMAT(".$tmpval.", '%Y'), ";
} elseif (preg_match('/\-month$/', $val)) {
$tmpval = preg_replace('/\-month$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), ";
$sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), ";
} elseif (preg_match('/\-day$/', $val)) {
$tmpval = preg_replace('/\-day$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), ";
$sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), ";
} else {
$sql .= $val.', ';
$sql .= $val.", ";
}
}
foreach ($search_groupby as $key => $val) {
if (preg_match('/\-year$/', $val)) {
$tmpval = preg_replace('/\-year$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), ";
$sql .= "DATE_FORMAT(".$tmpval.", '%Y'), ";
} elseif (preg_match('/\-month$/', $val)) {
$tmpval = preg_replace('/\-month$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), ";
$sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), ";
} elseif (preg_match('/\-day$/', $val)) {
$tmpval = preg_replace('/\-day$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), ";
$sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), ";
} else {
$sql .= $val.', ';
}
@@ -567,13 +568,13 @@ if (!empty($search_measures) && !empty($search_xaxis)) {
foreach ($search_xaxis as $key => $val) {
if (preg_match('/\-year$/', $val)) {
$tmpval = preg_replace('/\-year$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), ";
$sql .= "DATE_FORMAT(".$tmpval.", '%Y'), ";
} elseif (preg_match('/\-month$/', $val)) {
$tmpval = preg_replace('/\-month$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), ";
$sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), ";
} elseif (preg_match('/\-day$/', $val)) {
$tmpval = preg_replace('/\-day$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), ";
$sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), ";
} else {
$sql .= $val.', ';
}
@@ -581,13 +582,13 @@ if (!empty($search_measures) && !empty($search_xaxis)) {
foreach ($search_groupby as $key => $val) {
if (preg_match('/\-year$/', $val)) {
$tmpval = preg_replace('/\-year$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y'), ";
$sql .= "DATE_FORMAT(".$tmpval.", '%Y'), ";
} elseif (preg_match('/\-month$/', $val)) {
$tmpval = preg_replace('/\-month$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m'), ";
$sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m'), ";
} elseif (preg_match('/\-day$/', $val)) {
$tmpval = preg_replace('/\-day$/', '', $val);
$sql .= 'DATE_FORMAT('.$tmpval.", '%Y-%m-%d'), ";
$sql .= "DATE_FORMAT(".$tmpval.", '%Y-%m-%d'), ";
} else {
$sql .= $val.', ';
}

2
htdocs/core/db/pgsql.class.php
View File

@@ -905,7 +905,7 @@ class DoliDBPgsql extends DoliDB
// Test charset match LC_TYPE (pgsql error otherwise)
//print $charset.' '.setlocale(LC_CTYPE,'0'); exit;
$sql = 'CREATE DATABASE "'.$database.'" OWNER "'.$owner.'" ENCODING \''.$charset.'\'';
$sql = "CREATE DATABASE '".$this->escape($database)."' OWNER '".$this->escape($owner)."' ENCODING '".$this->escape($charset)."'";
dol_syslog($sql, LOG_DEBUG);
$ret = $this->query($sql);
return $ret;

17
htdocs/core/db/sqlite3.class.php
View File

@@ -421,7 +421,7 @@ class DoliDBSqlite3 extends DoliDB
$descTable = $this->db->querySingle("SELECT sql FROM sqlite_master WHERE name='".$this->escape($tablename)."'");
// 1- Renommer la table avec un nom temporaire
$this->query('ALTER TABLE '.$tablename.' RENAME TO tmp_'.$tablename);
$this->query("ALTER TABLE ".$tablename." RENAME TO tmp_".$tablename);
// 2- Recréer la table avec la contrainte ajoutée
@@ -436,10 +436,10 @@ class DoliDBSqlite3 extends DoliDB
$this->query($descTable);
// 3- Transférer les données
$this->query('INSERT INTO '.$tablename.' SELECT * FROM tmp_'.$tablename);
$this->query("INSERT INTO ".$tablename." SELECT * FROM tmp_".$tablename);
// 4- Supprimer la table temporaire
$this->query('DROP TABLE tmp_'.$tablename);
$this->query("DROP TABLE tmp_".$tablename);
// dummy statement
$query = "SELECT 0";
@@ -840,17 +840,12 @@ class DoliDBSqlite3 extends DoliDB
}
// ALTER DATABASE dolibarr_db DEFAULT CHARACTER SET latin DEFAULT COLLATE latin1_swedish_ci
$sql = 'CREATE DATABASE '.$database;
$sql .= ' DEFAULT CHARACTER SET '.$charset.' DEFAULT COLLATE '.$collation;
$sql = "CREATE DATABASE ".$this->escape($database);
$sql .= " DEFAULT CHARACTER SET ".$this->escape($charset)." DEFAULT COLLATE ".$this->escape($collation);
dol_syslog($sql, LOG_DEBUG);
$ret = $this->query($sql);
if (!$ret) {
// We try again for compatibility with Mysql < 4.1.1
$sql = 'CREATE DATABASE '.$database;
$ret = $this->query($sql);
dol_syslog($sql, LOG_DEBUG);
}
return $ret;
}

4
htdocs/core/lib/admin.lib.php
View File

@@ -306,8 +306,8 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
// with
// 'INSERT INTO llx_accounting_account (entity, rowid, fk_pcg_version, pcg_type, account_number, account_parent, label, active) VALUES (__ENTITY__, 1401 + 200100000, 'PCG99-ABREGE','CAPIT', '1234', 1400 + 200100000,...'
// Note: string with 'PCG99-ABREGE','CAPIT', 1234 instead of 'PCG99-ABREGE','CAPIT', '1234' is also supported
$newsql = preg_replace('/VALUES\s*\(__ENTITY__, \s*(\d+)\s*,(\s*\'[^\',]*\'\s*,\s*\'[^\',]*\'\s*,\s*\'?[^\',]*\'?\s*),\s*\'?([^\',]*)\'?/ims', 'VALUES (__ENTITY__, \1 + '.$offsetforchartofaccount.', \2, \3 + '.$offsetforchartofaccount, $newsql);
$newsql = preg_replace('/([,\s])0 \+ '.$offsetforchartofaccount.'/ims', '\1 0', $newsql);
$newsql = preg_replace('/VALUES\s*\(__ENTITY__, \s*(\d+)\s*,(\s*\'[^\',]*\'\s*,\s*\'[^\',]*\'\s*,\s*\'?[^\',]*\'?\s*),\s*\'?([^\',]*)\'?/ims', 'VALUES (__ENTITY__, \1 + '.((int) $offsetforchartofaccount).', \2, \3 + '.((int) $offsetforchartofaccount), $newsql);
$newsql = preg_replace('/([,\s])0 \+ '.((int) $offsetforchartofaccount).'/ims', '\1 0', $newsql);
//var_dump($newsql);
$arraysql[$i] = $newsql;

2
htdocs/core/lib/company.lib.php
View File

@@ -1526,7 +1526,7 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin
}
} elseif (is_object($filterobj) && is_array($filterobj->fields) && is_array($filterobj->fields['rowid']) && is_array($filterobj->fields['ref']) && $filterobj->table_element && $filterobj->element) {
// Generic case
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? '@'.$module : '')."'";
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? "@".$module : "")."'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}

19
htdocs/core/lib/files.lib.php
View File

@@ -2945,25 +2945,6 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
$sqlprotectagainstexternals = $hookmanager->resArray['sqlprotectagainstexternals'];
}
}
/*
// For modules who wants to manage different levels of permissions for documents
$subPermCategoryConstName = strtoupper($modulepart).'_SUBPERMCATEGORY_FOR_DOCUMENTS';
if (!empty($conf->global->$subPermCategoryConstName)) {
$subPermCategory = $conf->global->$subPermCategoryConstName;
if (!empty($subPermCategory) && (($fuser->rights->$modulepart->$subPermCategory->{$lire}) || ($fuser->rights->$modulepart->$subPermCategory->{$read}) || ($fuser->rights->$modulepart->$subPermCategory->{$download}))) {
$accessallowed = 1;
}
}
// Define $sqlprotectagainstexternals for modules who want to protect access using a SQL query.
$sqlProtectConstName = strtoupper($modulepart).'_SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS';
if (!empty($conf->global->$sqlProtectConstName)) { // If module want to define its own $sqlprotectagainstexternals
// Example: mymodule_SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS = "SELECT fk_soc FROM ".MAIN_DB_PREFIX.$modulepart." WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
// TODO Replace this with a hook
eval('$sqlprotectagainstexternals = "'.$conf->global->$sqlProtectConstName.'";');
}
*/
}
$ret = array(

4
htdocs/core/lib/invoice.lib.php
View File

@@ -239,7 +239,7 @@ function getCustomerInvoicePieChart($socid = 0)
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('facture').")";
if ($user->socid) {
$sql .= ' AND f.fk_soc = '.$user->socid;
$sql .= ' AND f.fk_soc = '.((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
@@ -359,7 +359,7 @@ function getPurchaseInvoicePieChart($socid = 0)
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('facture_fourn').")";
if ($user->socid) {
$sql .= ' AND f.fk_soc = '.$user->socid;
$sql .= ' AND f.fk_soc = '.((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);

2
htdocs/core/lib/order.lib.php
View File

@@ -205,7 +205,7 @@ function getCustomerOrderPieChart($socid = 0)
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('societe').")";
if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
$sql .= ' AND c.fk_soc = '.((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);

2
htdocs/core/lib/propal.lib.php
View File

@@ -184,7 +184,7 @@ function getCustomerProposalPieChart($socid = 0)
$sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")";
$sql .= " AND p.fk_soc = s.rowid";
if ($user->socid) {
$sql .= ' AND p.fk_soc = '.$user->socid;
$sql .= ' AND p.fk_soc = '.((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);

6
htdocs/core/modules/modFournisseur.class.php
View File

@@ -353,7 +353,7 @@ class modFournisseur extends DolibarrModules
$this->export_sql_end[$r] .= ' WHERE f.fk_soc = s.rowid AND f.rowid = fd.fk_facture_fourn';
$this->export_sql_end[$r] .= ' AND f.entity IN ('.getEntity('supplier_invoice').')';
if (is_object($user) && empty($user->rights->societe->client->voir)) {
$this->export_sql_end[$r] .= ' AND sc.fk_user = '.$user->id;
$this->export_sql_end[$r] .= ' AND sc.fk_user = '.((int) $user->id);
}
$r++;
@@ -417,7 +417,7 @@ class modFournisseur extends DolibarrModules
$this->export_sql_end[$r] .= ' WHERE f.fk_soc = s.rowid';
$this->export_sql_end[$r] .= ' AND f.entity IN ('.getEntity('supplier_invoice').')';
if (is_object($user) && empty($user->rights->societe->client->voir)) {
$this->export_sql_end[$r] .= ' AND sc.fk_user = '.$user->id;
$this->export_sql_end[$r] .= ' AND sc.fk_user = '.((int) $user->id);
}
// Order
@@ -493,7 +493,7 @@ class modFournisseur extends DolibarrModules
$this->export_sql_end[$r] .= ' WHERE f.fk_soc = s.rowid AND f.rowid = fd.fk_commande';
$this->export_sql_end[$r] .= ' AND f.entity IN ('.getEntity('supplier_order').')';
if (is_object($user) && empty($user->rights->societe->client->voir)) {
$this->export_sql_end[$r] .= ' AND sc.fk_user = '.$user->id;
$this->export_sql_end[$r] .= ' AND sc.fk_user = '.((int) $user->id);
}
//Import Supplier Invoice

4
htdocs/core/modules/modSociete.class.php
View File

@@ -340,7 +340,7 @@ class modSociete extends DolibarrModules
$this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as incoterm ON s.fk_incoterms = incoterm.rowid';
$this->export_sql_end[$r] .= ' WHERE s.entity IN ('.getEntity('societe').')';
if (is_object($user) && empty($user->rights->societe->client->voir)) {
$this->export_sql_end[$r] .= ' AND (sc.fk_user = '.$user->id.' ';
$this->export_sql_end[$r] .= ' AND (sc.fk_user = '.((int) $user->id).' ';
if (!empty($conf->global->SOCIETE_EXPORT_SUBORDINATES_CHILDS)) {
$subordinatesids = $user->getAllChildIds();
$this->export_sql_end[$r] .= count($subordinatesids) > 0 ? ' OR (sc.fk_user IN ('.$this->db->sanitize(implode(',', $subordinatesids)).')' : '';
@@ -410,7 +410,7 @@ class modSociete extends DolibarrModules
$this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_typent as t ON s.fk_typent = t.id';
$this->export_sql_end[$r] .= ' WHERE c.entity IN ('.getEntity('socpeople').')';
if (is_object($user) && empty($user->rights->societe->client->voir)) {
$this->export_sql_end[$r] .= ' AND (sc.fk_user = '.$user->id.' ';
$this->export_sql_end[$r] .= ' AND (sc.fk_user = '.((int) $user->id).' ';
if (!empty($conf->global->SOCIETE_EXPORT_SUBORDINATES_CHILDS)) {
$subordinatesids = $user->getAllChildIds();
$this->export_sql_end[$r] .= count($subordinatesids) > 0 ? ' OR (sc.fk_user IN ('.$this->db->sanitize(implode(',', $subordinatesids)).')' : '';

2
htdocs/expensereport/class/expensereport.class.php
View File

@@ -2525,7 +2525,7 @@ class ExpenseReport extends CommonObject
$sql = 'SELECT sum(amount) as amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.$table;
$sql .= ' WHERE '.$field.' = '.((int) $this->id);
$sql .= " WHERE ".$field." = ".((int) $this->id);
dol_syslog(get_class($this)."::getSumPayments", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/fichinter/index.php
View File

@@ -80,7 +80,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE f.entity IN (".getEntity('intervention').")";
$sql .= " AND f.fk_soc = s.rowid";
if ($user->socid) {
$sql .= ' AND f.fk_soc = '.$user->socid;
$sql .= ' AND f.fk_soc = '.((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);

2
htdocs/fourn/class/fournisseur.facture.class.php
View File

@@ -2411,7 +2411,7 @@ class FactureFournisseur extends CommonInvoice
$sql .= ' AND ff.fk_statut > 0';
$sql .= " AND ff.entity = ".$conf->entity;
if ($user->socid) {
$sql .= ' AND ff.fk_soc = '.$user->socid;
$sql .= ' AND ff.fk_soc = '.((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND ff.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);

2
htdocs/fourn/commande/index.php
View File

@@ -73,7 +73,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE cf.fk_soc = s.rowid";
$sql .= " AND cf.entity IN (".getEntity('supplier_order').")";
if ($user->socid) {
$sql .= ' AND cf.fk_soc = '.$user->socid;
$sql .= ' AND cf.fk_soc = '.((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);

2
htdocs/fourn/paiement/list.php
View File

@@ -192,7 +192,7 @@ if (!$user->rights->societe->client->voir) {
$sql .= ' WHERE f.entity = '.$conf->entity;
if (!$user->rights->societe->client->voir) {
$sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.$user->id;
$sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.((int) $user->id);
}
if ($socid > 0) {
$sql .= ' AND f.fk_soc = '.((int) $socid);

2
htdocs/loan/class/loan.class.php
View File

@@ -651,7 +651,7 @@ class Loan extends CommonObject
$sql = 'SELECT sum(amount_capital) as amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.$table;
$sql .= ' WHERE '.$field.' = '.((int) $this->id);
$sql .= " WHERE ".$field." = ".((int) $this->id);
dol_syslog(get_class($this)."::getSumPayment", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/product/stock/replenishorders.php
View File

@@ -135,7 +135,7 @@ if ($conf->global->STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER) {
$sql .= ' AND cf.fk_statut < 5';
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.$user->id;
$sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.((int) $user->id);
}
if ($sref) {
$sql .= natural_search('cf.ref', $sref);

2
htdocs/salaries/class/salary.class.php
View File

@@ -570,7 +570,7 @@ class Salary extends CommonObject
$sql = 'SELECT sum(amount) as amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.$table;
$sql .= ' WHERE '.$field.' = '.((int) $this->id);
$sql .= " WHERE ".$field." = ".((int) $this->id);
dol_syslog(get_class($this)."::getSommePaiement", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/supplier_proposal/index.php
View File

@@ -72,7 +72,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE p.fk_soc = s.rowid";
$sql .= " AND p.entity IN (".getEntity('supplier_proposal').")";
if ($user->socid) {
$sql .= ' AND p.fk_soc = '.$user->socid;
$sql .= ' AND p.fk_soc = '.((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);