diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php
index 783fc7156c2..77d10516daa 100644
--- a/htdocs/accountancy/class/accountancycategory.class.php
+++ b/htdocs/accountancy/class/accountancycategory.class.php
@@ -201,7 +201,7 @@ class AccountancyCategory // extends CommonObject
$sql .= "entity";
$sql .= ") VALUES (";
if ($this->rowid > 0) {
- $sql .= " ".$this->rowid.",";
+ $sql .= " ".((int) $this->rowid).",";
}
$sql .= " ".(!isset($this->code) ? 'NULL' : "'".$this->db->escape($this->code)."'").",";
$sql .= " ".(!isset($this->label) ? 'NULL' : "'".$this->db->escape($this->label)."'").",";
@@ -209,9 +209,9 @@ class AccountancyCategory // extends CommonObject
$sql .= " ".(!isset($this->sens) ? 'NULL' : "'".$this->db->escape($this->sens)."'").",";
$sql .= " ".(!isset($this->category_type) ? 'NULL' : "'".$this->db->escape($this->category_type)."'").",";
$sql .= " ".(!isset($this->formula) ? 'NULL' : "'".$this->db->escape($this->formula)."'").",";
- $sql .= " ".(!isset($this->position) ? 'NULL' : $this->db->escape($this->position)).",";
- $sql .= " ".(!isset($this->fk_country) ? 'NULL' : $this->db->escape($this->fk_country)).",";
- $sql .= " ".(!isset($this->active) ? 'NULL' : $this->db->escape($this->active));
+ $sql .= " ".(!isset($this->position) ? 'NULL' : ((int) $this->position)).",";
+ $sql .= " ".(!isset($this->fk_country) ? 'NULL' : ((int) $this->fk_country)).",";
+ $sql .= " ".(!isset($this->active) ? 'NULL' : ((int) $this->active));
$sql .= ", ".$conf->entity;
$sql .= ")";
diff --git a/htdocs/adherents/class/subscription.class.php b/htdocs/adherents/class/subscription.class.php
index bb5cdd20bd5..fff9d925cd9 100644
--- a/htdocs/adherents/class/subscription.class.php
+++ b/htdocs/adherents/class/subscription.class.php
@@ -168,7 +168,7 @@ class Subscription extends CommonObject
$sql .= " VALUES (".((int) $this->fk_adherent).", '".$this->db->escape($type)."', '".$this->db->idate($now)."',";
$sql .= " '".$this->db->idate($this->dateh)."',";
$sql .= " '".$this->db->idate($this->datef)."',";
- $sql .= " ".$this->amount.",";
+ $sql .= " ".((float) $this->amount).",";
$sql .= " '".$this->db->escape($this->note_public ? $this->note_public : $this->note)."')";
$resql = $this->db->query($sql);
diff --git a/htdocs/compta/localtax/class/localtax.class.php b/htdocs/compta/localtax/class/localtax.class.php
index 115dce99c9e..63b4f982316 100644
--- a/htdocs/compta/localtax/class/localtax.class.php
+++ b/htdocs/compta/localtax/class/localtax.class.php
@@ -110,7 +110,7 @@ class Localtax extends CommonObject
$sql .= "fk_user_creat,";
$sql .= "fk_user_modif";
$sql .= ") VALUES (";
- $sql .= " ".$this->ltt.",";
+ $sql .= " ".((int) $this->ltt).",";
$sql .= " '".$this->db->idate($this->tms)."',";
$sql .= " '".$this->db->idate($this->datep)."',";
$sql .= " '".$this->db->idate($this->datev)."',";
diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php
index 434078959b9..48ba4b06d30 100644
--- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php
+++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php
@@ -181,8 +181,8 @@ class PaymentSocialContribution extends CommonObject
$sql .= " fk_typepaiement, num_paiement, note, fk_user_creat, fk_bank)";
$sql .= " VALUES ($this->chid, '".$this->db->idate($now)."',";
$sql .= " '".$this->db->idate($this->datepaye)."',";
- $sql .= " ".$totalamount.",";
- $sql .= " ".$this->paiementtype.", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note)."', ".$user->id.",";
+ $sql .= " ".((float) $totalamount).",";
+ $sql .= " ".((int) $this->paiementtype).", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note)."', ".$user->id.",";
$sql .= " 0)";
$resql = $this->db->query($sql);
diff --git a/htdocs/compta/tva/class/paymentvat.class.php b/htdocs/compta/tva/class/paymentvat.class.php
index f8a397bdb9a..bc234b4516e 100644
--- a/htdocs/compta/tva/class/paymentvat.class.php
+++ b/htdocs/compta/tva/class/paymentvat.class.php
@@ -180,8 +180,8 @@ class PaymentVAT extends CommonObject
$sql .= " fk_typepaiement, num_paiement, note, fk_user_creat, fk_bank)";
$sql .= " VALUES ($this->chid, '".$this->db->idate($now)."',";
$sql .= " '".$this->db->idate($this->datepaye)."',";
- $sql .= " ".$totalamount.",";
- $sql .= " ".$this->paiementtype.", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note)."', ".$user->id.",";
+ $sql .= " ".((float) $totalamount).",";
+ $sql .= " ".((int) $this->paiementtype).", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note)."', ".$user->id.",";
$sql .= " 0)";
$resql = $this->db->query($sql);
diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php
index 86d38c5b3e1..3d545b40d63 100644
--- a/htdocs/contact/class/contact.class.php
+++ b/htdocs/contact/class/contact.class.php
@@ -455,18 +455,18 @@ class Contact extends CommonObject
$sql .= ") VALUES (";
$sql .= "'".$this->db->idate($now)."',";
if ($this->socid > 0) {
- $sql .= " ".$this->db->escape($this->socid).",";
+ $sql .= " ".((int) $this->socid).",";
} else {
$sql .= "null,";
}
$sql .= "'".$this->db->escape($this->lastname)."',";
$sql .= "'".$this->db->escape($this->firstname)."',";
- $sql .= " ".($user->id > 0 ? "'".$this->db->escape($user->id)."'" : "null").",";
- $sql .= " ".$this->db->escape($this->priv).",";
+ $sql .= " ".($user->id > 0 ? ((int) $user->id)."'" : "null").",";
+ $sql .= " ".((int) $this->priv).",";
$sql .= " 0,";
- $sql .= " ".$this->db->escape($this->statut).",";
+ $sql .= " ".((int) $this->statut).",";
$sql .= " ".(!empty($this->canvas) ? "'".$this->db->escape($this->canvas)."'" : "null").",";
- $sql .= " ".$this->db->escape($this->entity).",";
+ $sql .= " ".((int) $this->entity).",";
$sql .= "'".$this->db->escape($this->ref_ext)."',";
$sql .= " ".(!empty($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null");
$sql .= ")";
diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php
index 0275baeb3a9..5436c55faeb 100644
--- a/htdocs/contrat/class/contrat.class.php
+++ b/htdocs/contrat/class/contrat.class.php
@@ -1546,11 +1546,11 @@ class Contrat extends CommonObject
$sql .= ") VALUES (";
$sql .= $this->id.", '', '".$this->db->escape($desc)."',";
$sql .= ($fk_product > 0 ? $fk_product : "null").",";
- $sql .= " ".$qty.",";
- $sql .= " ".$txtva.",";
+ $sql .= " ".((float) $qty).",";
+ $sql .= " ".((float) $txtva).",";
$sql .= " ".($vat_src_code ? "'".$this->db->escape($vat_src_code)."'" : "null").",";
- $sql .= " ".$txlocaltax1.",";
- $sql .= " ".$txlocaltax2.",";
+ $sql .= " ".((float) $txlocaltax1).",";
+ $sql .= " ".((float) $txlocaltax2).",";
$sql .= " '".$this->db->escape($localtax1_type)."',";
$sql .= " '".$this->db->escape($localtax2_type)."',";
$sql .= " ".price2num($remise_percent).",";
@@ -1559,7 +1559,7 @@ class Contrat extends CommonObject
$sql .= " '".$this->db->escape($info_bits)."',";
$sql .= " ".price2num($price).",".price2num($remise).",";
if (isset($fk_fournprice)) {
- $sql .= ' '.$fk_fournprice.',';
+ $sql .= ' '.((int) $fk_fournprice).',';
} else {
$sql .= ' null,';
}
diff --git a/htdocs/core/boxes/box_boms.php b/htdocs/core/boxes/box_boms.php
index ae0877c0369..ee248d0a083 100644
--- a/htdocs/core/boxes/box_boms.php
+++ b/htdocs/core/boxes/box_boms.php
@@ -97,7 +97,7 @@ class box_boms extends ModeleBoxes
$sql .= " WHERE c.fk_product = p.rowid";
$sql .= " AND c.entity = ".$conf->entity;
$sql .= " ORDER BY c.tms DESC, c.ref DESC";
- $sql .= " ".$this->db->plimit($max, 0);
+ $sql .= $this->db->plimit($max, 0);
$result = $this->db->query($sql);
if ($result) {
diff --git a/htdocs/core/boxes/box_mos.php b/htdocs/core/boxes/box_mos.php
index 43d1cd411e4..18a19da93dc 100644
--- a/htdocs/core/boxes/box_mos.php
+++ b/htdocs/core/boxes/box_mos.php
@@ -97,7 +97,7 @@ class box_mos extends ModeleBoxes
$sql .= " WHERE c.fk_product = p.rowid";
$sql .= " AND c.entity = ".$conf->entity;
$sql .= " ORDER BY c.tms DESC, c.ref DESC";
- $sql .= " ".$this->db->plimit($max, 0);
+ $sql .= $this->db->plimit($max, 0);
$result = $this->db->query($sql);
if ($result) {
diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
index 14eb0faa353..c927b833c71 100644
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -3541,17 +3541,16 @@ abstract class CommonObject
if (empty($nodatabaseupdate)) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET';
- $sql .= " ".$fieldht."='".price2num($this->total_ht)."',";
- $sql .= " ".$fieldtva."='".price2num($this->total_tva)."',";
- $sql .= " ".$fieldlocaltax1."='".price2num($this->total_localtax1)."',";
- $sql .= " ".$fieldlocaltax2."='".price2num($this->total_localtax2)."',";
- $sql .= " ".$fieldttc."='".price2num($this->total_ttc)."'";
- $sql .= ", multicurrency_total_ht='".price2num($this->multicurrency_total_ht, 'MT', 1)."'";
- $sql .= ", multicurrency_total_tva='".price2num($this->multicurrency_total_tva, 'MT', 1)."'";
- $sql .= ", multicurrency_total_ttc='".price2num($this->multicurrency_total_ttc, 'MT', 1)."'";
+ $sql .= " ".$fieldht." = ".price2num($this->total_ht).",";
+ $sql .= " ".$fieldtva." = ".price2num($this->total_tva).",";
+ $sql .= " ".$fieldlocaltax1." = ".price2num($this->total_localtax1).",";
+ $sql .= " ".$fieldlocaltax2." = ".price2num($this->total_localtax2).",";
+ $sql .= " ".$fieldttc." = ".price2num($this->total_ttc);
+ $sql .= ", multicurrency_total_ht = ".price2num($this->multicurrency_total_ht, 'MT', 1);
+ $sql .= ", multicurrency_total_tva = ".price2num($this->multicurrency_total_tva, 'MT', 1);
+ $sql .= ", multicurrency_total_ttc = ".price2num($this->multicurrency_total_ttc, 'MT', 1);
$sql .= ' WHERE rowid = '.$this->id;
-
dol_syslog(get_class($this)."::update_price", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php
index e1f1c9775c3..2aa829f4090 100644
--- a/htdocs/core/class/discount.class.php
+++ b/htdocs/core/class/discount.class.php
@@ -257,11 +257,11 @@ class DiscountAbsolute
$sql .= " multicurrency_amount_ht, multicurrency_amount_tva, multicurrency_amount_ttc,";
$sql .= " fk_facture_source, fk_invoice_supplier_source";
$sql .= ")";
- $sql .= " VALUES (".$conf->entity.", '".$this->db->idate($this->datec != '' ? $this->datec : dol_now())."', ".$this->fk_soc.", ".(empty($this->discount_type) ? 0 : intval($this->discount_type)).", ".$userid.", '".$this->db->escape($this->description)."',";
- $sql .= " ".$this->amount_ht.", ".$this->amount_tva.", ".$this->amount_ttc.", ".$this->tva_tx.", '".$this->db->escape($this->vat_src_code)."',";
- $sql .= " ".$this->multicurrency_amount_ht.", ".$this->multicurrency_amount_tva.", ".$this->multicurrency_amount_ttc.", ";
- $sql .= " ".($this->fk_facture_source ? "'".$this->db->escape($this->fk_facture_source)."'" : "null").",";
- $sql .= " ".($this->fk_invoice_supplier_source ? "'".$this->db->escape($this->fk_invoice_supplier_source)."'" : "null");
+ $sql .= " VALUES (".$conf->entity.", '".$this->db->idate($this->datec != '' ? $this->datec : dol_now())."', ".((int) $this->fk_soc).", ".(empty($this->discount_type) ? 0 : intval($this->discount_type)).", ".((int) $userid).", '".$this->db->escape($this->description)."',";
+ $sql .= " ".price2num($this->amount_ht).", ".price2num($this->amount_tva).", ".price2num($this->amount_ttc).", ".price2num($this->tva_tx).", '".$this->db->escape($this->vat_src_code)."',";
+ $sql .= " ".price2num($this->multicurrency_amount_ht).", ".price2num($this->multicurrency_amount_tva).", ".price2num($this->multicurrency_amount_ttc).", ";
+ $sql .= " ".($this->fk_facture_source ? ((int) $this->fk_facture_source) : "null").",";
+ $sql .= " ".($this->fk_invoice_supplier_source ? ((int) $this->fk_invoice_supplier_source) : "null");
$sql .= ")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);
diff --git a/htdocs/core/class/events.class.php b/htdocs/core/class/events.class.php
index 1771f0d18f0..c8799ebbd5e 100644
--- a/htdocs/core/class/events.class.php
+++ b/htdocs/core/class/events.class.php
@@ -163,7 +163,7 @@ class Events // extends CommonObject
$sql .= "prefix_session";
$sql .= ") VALUES (";
$sql .= " '".$this->db->escape($this->type)."',";
- $sql .= " ".$conf->entity.",";
+ $sql .= " ".((int) $conf->entity).",";
$sql .= " '".$this->db->escape(getUserRemoteIP())."',";
$sql .= " ".($this->user_agent ? "'".$this->db->escape(dol_trunc($this->user_agent, 250))."'" : 'NULL').",";
$sql .= " '".$this->db->idate($this->dateevent)."',";
diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php
index 59311b707dd..16d58f51eb3 100644
--- a/htdocs/core/class/extrafields.class.php
+++ b/htdocs/core/class/extrafields.class.php
@@ -472,14 +472,14 @@ class ExtraFields
$sql .= " VALUES('".$this->db->escape($attrname)."',";
$sql .= " '".$this->db->escape($label)."',";
$sql .= " '".$this->db->escape($type)."',";
- $sql .= " ".$pos.",";
+ $sql .= " ".((int) $pos).",";
$sql .= " '".$this->db->escape($size)."',";
$sql .= " ".($entity === '' ? $conf->entity : $entity).",";
$sql .= " '".$this->db->escape($elementtype)."',";
- $sql .= " ".$unique.",";
- $sql .= " ".$required.",";
+ $sql .= " ".((int) $unique).",";
+ $sql .= " ".((int) $required).",";
$sql .= " '".$this->db->escape($params)."',";
- $sql .= " ".$alwayseditable.",";
+ $sql .= " ".((int) $alwayseditable).",";
$sql .= " ".($perms ? "'".$this->db->escape($perms)."'" : "null").",";
$sql .= " ".($langfile ? "'".$this->db->escape($langfile)."'" : "null").",";
$sql .= " '".$this->db->escape($list)."',";
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index c5248fdf490..ebda2face9e 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -1849,7 +1849,7 @@ class Form
* @param string $force_entity '0' or Ids of environment to force
* @param int $maxlength Maximum length of string into list (0=no limit)
* @param int $showstatus 0=show user status only if status is disabled, 1=always show user status into label, -1=never show user status
- * @param string $morefilter Add more filters into sql request (Example: 'employee = 1')
+ * @param string $morefilter Add more filters into sql request (Example: 'employee = 1'). This value must not come from user input.
* @param integer $show_every 0=default list, 1=add also a value "Everybody" at beginning of list
* @param string $enableonlytext If option $enableonlytext is set, we use this text to explain into label why record is disabled. Not used if enableonly is empty.
* @param string $morecss More css
@@ -1903,9 +1903,9 @@ class Form
}
$sql .= " FROM ".MAIN_DB_PREFIX."user as u";
if (!empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && !$user->entity) {
- $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."entity as e ON e.rowid=u.entity";
+ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."entity as e ON e.rowid = u.entity";
if ($force_entity) {
- $sql .= " WHERE u.entity IN (0, ".$force_entity.")";
+ $sql .= " WHERE u.entity IN (0, ".$this->db->sanitize($force_entity).")";
} else {
$sql .= " WHERE u.entity IS NOT NULL";
}
@@ -1919,7 +1919,7 @@ class Form
}
}
if (!empty($user->socid)) {
- $sql .= " AND u.fk_soc = ".$user->socid;
+ $sql .= " AND u.fk_soc = ".((int) $user->socid);
}
if (is_array($exclude) && $excludeUsers) {
$sql .= " AND u.rowid NOT IN (".$this->db->sanitize($excludeUsers).")";
@@ -3052,20 +3052,20 @@ class Form
/**
* Return list of suppliers products
*
- * @param int $socid Id societe fournisseur (0 pour aucun filtre)
- * @param int $selected Product price pre-selected (must be 'id' in product_fournisseur_price or 'idprod_IDPROD')
- * @param string $htmlname Nom de la zone select
- * @param string $filtertype Filter on product type (''=nofilter, 0=product, 1=service)
- * @param string $filtre Pour filtre sql
- * @param string $filterkey Filtre des produits
- * @param int $statut -1=Return all products, 0=Products not on buy, 1=Products on buy
- * @param int $outputmode 0=HTML select string, 1=Array
- * @param int $limit Limit of line number
+ * @param int $socid Id of supplier thirdparty (0 = no filter)
+ * @param int $selected Product price pre-selected (must be 'id' in product_fournisseur_price or 'idprod_IDPROD')
+ * @param string $htmlname Name of HTML select
+ * @param string $filtertype Filter on product type (''=nofilter, 0=product, 1=service)
+ * @param string $filtre Generic filter. Data must not come from user input.
+ * @param string $filterkey Filter of produdts
+ * @param int $statut -1=Return all products, 0=Products not on buy, 1=Products on buy
+ * @param int $outputmode 0=HTML select string, 1=Array
+ * @param int $limit Limit of line number
* @param int $alsoproductwithnosupplierprice 1=Add also product without supplier prices
- * @param string $morecss Add more CSS
+ * @param string $morecss Add more CSS
* @param int $showstockinlist Show stock information (slower).
- * @param string $placeholder Placeholder
- * @return array Array of keys for json
+ * @param string $placeholder Placeholder
+ * @return array Array of keys for json
*/
public function select_produits_fournisseurs_list($socid, $selected = '', $htmlname = 'productid', $filtertype = '', $filtre = '', $filterkey = '', $statut = -1, $outputmode = 0, $limit = 100, $alsoproductwithnosupplierprice = 0, $morecss = '', $showstockinlist = 0, $placeholder = '')
{
@@ -3102,8 +3102,8 @@ class Form
}
$sql .= " FROM ".MAIN_DB_PREFIX."product as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON ( p.rowid = pfp.fk_product AND pfp.entity IN (".getEntity('product').") )";
- if ($socid) {
- $sql .= " AND pfp.fk_soc = ".$socid;
+ if ($socid > 0) {
+ $sql .= " AND pfp.fk_soc = ".((int) $socid);
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON pfp.fk_soc = s.rowid";
// Units
@@ -3115,7 +3115,7 @@ class Form
$sql .= " AND p.tobuy = ".((int) $statut);
}
if (strval($filtertype) != '') {
- $sql .= " AND p.fk_product_type=".$this->db->escape($filtertype);
+ $sql .= " AND p.fk_product_type = ".((int) $filtertype);
}
if (!empty($filtre)) {
$sql .= " ".$filtre;
diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php
index 4fa2f87f636..bb99b2a32e9 100644
--- a/htdocs/core/class/html.formcompany.class.php
+++ b/htdocs/core/class/html.formcompany.class.php
@@ -45,7 +45,7 @@ class FormCompany extends Form
* Return list of labels (translated) of third parties type
*
* @param int $mode 0=Return id+label, 1=Return code+label
- * @param string $filter Add a SQL filter to select
+ * @param string $filter Add a SQL filter to select. Data must not come from user input.
* @return array Array of types
*/
public function typent_array($mode = 0, $filter = '')
@@ -96,7 +96,7 @@ class FormCompany extends Form
* Renvoie la liste des types d'effectifs possibles (pas de traduction car nombre)
*
* @param int $mode 0=renvoi id+libelle, 1=renvoi code+libelle
- * @param string $filter Add a SQL filter to select
+ * @param string $filter Add a SQL filter to select. Data must not come from user input.
* @return array Array of types d'effectifs
*/
public function effectif_array($mode = 0, $filter = '')
@@ -509,7 +509,7 @@ class FormCompany extends Form
*
* @param string $selected Preselected code of juridical type
* @param int $country_codeid 0=list for all countries, otherwise list only country requested
- * @param string $filter Add a SQL filter on list
+ * @param string $filter Add a SQL filter on list. Data must not come from user input.
* @param string $htmlname HTML name of select
* @param string $morecss More CSS
* @return string String with HTML select
diff --git a/htdocs/core/db/DoliDB.class.php b/htdocs/core/db/DoliDB.class.php
index 2ed93a9b5f4..b93a3f40cea 100644
--- a/htdocs/core/db/DoliDB.class.php
+++ b/htdocs/core/db/DoliDB.class.php
@@ -108,7 +108,7 @@ abstract class DoliDB implements Database
* Sanitize a string for SQL forging
*
* @param string $stringtosanitize String to escape
- * @param int $allowsimplequote Allow simple quote
+ * @param int $allowsimplequote 1=Allow simple quotes in string. When string is used as a list of SQL string ('aa', 'bb', ...)
* @return string String escaped
*/
public function sanitize($stringtosanitize, $allowsimplequote = 0)
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 6856cbab458..16b28814f64 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -5190,7 +5190,7 @@ function price($amount, $form = 0, $outlangs = '', $trunc = 1, $rounding = -1, $
* @param int $option Put 1 if you know that content is already universal format number (so no correction on decimal will be done)
* Put 2 if you know that number is a user input (so we know we don't have to fix decimal separator).
* @return string Amount with universal numeric format (Example: '99.99999').
- * If conversion fails, it return text unchanged if $rounding = '' or '0' if $rounding is defined.
+ * If conversion fails, it return text unchanged if ($rounding = '' and $option = 1) or '0' if ($rounding is defined and $option = 1).
* If amount is null or '', it returns '' if $rounding = '' or '0' if $rounding is defined..
*
* @see price() Opposite function of price2num
diff --git a/htdocs/don/class/paymentdonation.class.php b/htdocs/don/class/paymentdonation.class.php
index 82c3ddde7fa..b5775ce18ac 100644
--- a/htdocs/don/class/paymentdonation.class.php
+++ b/htdocs/don/class/paymentdonation.class.php
@@ -189,8 +189,8 @@ class PaymentDonation extends CommonObject
$sql .= " fk_user_creat, fk_bank)";
$sql .= " VALUES ($this->chid, '".$this->db->idate($now)."',";
$sql .= " '".$this->db->idate($this->datepaid)."',";
- $sql .= " ".$totalamount.",";
- $sql .= " ".$this->paymenttype.", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note_public)."', ";
+ $sql .= " ".price2num($totalamount).",";
+ $sql .= " ".((int) $this->paymenttype).", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note_public)."', ";
$sql .= " ".($this->ext_payment_id ? "'".$this->db->escape($this->ext_payment_id)."'" : "null").", ".($this->ext_payment_site ? "'".$this->db->escape($this->ext_payment_site)."'" : "null").",";
$sql .= " ".$user->id.", 0)";
diff --git a/htdocs/ecm/class/ecmdirectory.class.php b/htdocs/ecm/class/ecmdirectory.class.php
index 52897e84b1a..c2961794bbc 100644
--- a/htdocs/ecm/class/ecmdirectory.class.php
+++ b/htdocs/ecm/class/ecmdirectory.class.php
@@ -196,7 +196,7 @@ class EcmDirectory extends CommonObject
$sql .= " '".$this->db->escape($conf->entity)."',";
$sql .= " '".$this->db->escape($this->fk_parent)."',";
$sql .= " '".$this->db->escape($this->description)."',";
- $sql .= " ".$this->cachenbofdoc.",";
+ $sql .= " ".((int) $this->cachenbofdoc).",";
$sql .= " '".$this->db->idate($this->date_c)."',";
$sql .= " '".$this->db->escape($this->fk_user_c)."'";
$sql .= ")";
diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php
index 6cd3531f82d..9592f9548af 100644
--- a/htdocs/expensereport/class/expensereport.class.php
+++ b/htdocs/expensereport/class/expensereport.class.php
@@ -2697,20 +2697,20 @@ class ExpenseReportLine
$sql .= ' (fk_expensereport, fk_c_type_fees, fk_projet,';
$sql .= ' tva_tx, vat_src_code, comments, qty, value_unit, total_ht, total_tva, total_ttc, date, rule_warning_message, fk_c_exp_tax_cat, fk_ecm_files)';
$sql .= " VALUES (".$this->db->escape($this->fk_expensereport).",";
- $sql .= " ".$this->db->escape($this->fk_c_type_fees).",";
- $sql .= " ".$this->db->escape((!empty($this->fk_project) && $this->fk_project > 0) ? $this->fk_project : ((!empty($this->fk_projet) && $this->fk_projet > 0) ? $this->fk_projet : 'null')).",";
- $sql .= " ".$this->db->escape($this->vatrate).",";
+ $sql .= " ".((int) $this->fk_c_type_fees).",";
+ $sql .= " ".((int) (!empty($this->fk_project) && $this->fk_project > 0) ? $this->fk_project : ((!empty($this->fk_projet) && $this->fk_projet > 0) ? $this->fk_projet : 'null')).",";
+ $sql .= " ".((float) $this->vatrate).",";
$sql .= " '".$this->db->escape(empty($this->vat_src_code) ? '' : $this->vat_src_code)."',";
$sql .= " '".$this->db->escape($this->comments)."',";
- $sql .= " ".$this->db->escape($this->qty).",";
- $sql .= " ".$this->db->escape($this->value_unit).",";
- $sql .= " ".$this->db->escape($this->total_ht).",";
- $sql .= " ".$this->db->escape($this->total_tva).",";
- $sql .= " ".$this->db->escape($this->total_ttc).",";
+ $sql .= " ".((float) $this->qty).",";
+ $sql .= " ".((int) $this->value_unit).",";
+ $sql .= " ".price2num($this->total_ht).",";
+ $sql .= " ".price2num($this->total_tva).",";
+ $sql .= " ".price2num($this->total_ttc).",";
$sql .= " '".$this->db->idate($this->date)."',";
$sql .= " ".(empty($this->rule_warning_message) ? 'null' : "'".$this->db->escape($this->rule_warning_message)."'").",";
- $sql .= " ".$this->db->escape($this->fk_c_exp_tax_cat).",";
- $sql .= " ".($this->fk_ecm_files > 0 ? $this->fk_ecm_files : 'null');
+ $sql .= " ".((int) $this->fk_c_exp_tax_cat).",";
+ $sql .= " ".($this->fk_ecm_files > 0 ? ((int) $this->fk_ecm_files) : 'null');
$sql .= ")";
$resql = $this->db->query($sql);
diff --git a/htdocs/expensereport/class/paymentexpensereport.class.php b/htdocs/expensereport/class/paymentexpensereport.class.php
index c673316d491..a453b810e6a 100644
--- a/htdocs/expensereport/class/paymentexpensereport.class.php
+++ b/htdocs/expensereport/class/paymentexpensereport.class.php
@@ -168,7 +168,7 @@ class PaymentExpenseReport extends CommonObject
$sql .= " fk_typepayment, num_payment, note, fk_user_creat, fk_bank)";
$sql .= " VALUES ($this->fk_expensereport, '".$this->db->idate($now)."',";
$sql .= " '".$this->db->idate($this->datepaid)."',";
- $sql .= " ".$totalamount.",";
+ $sql .= " ".price2num($totalamount).",";
$sql .= " ".$this->fk_typepayment.", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note_public)."', ".$user->id.",";
$sql .= " 0)";
diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php
index 2e9d8a4a9b1..0bb5d2522ab 100644
--- a/htdocs/fichinter/class/fichinter.class.php
+++ b/htdocs/fichinter/class/fichinter.class.php
@@ -1499,8 +1499,8 @@ class FichinterLigne extends CommonObjectLine
$sql .= " VALUES (".$this->fk_fichinter.",";
$sql .= " '".$this->db->escape($this->desc)."',";
$sql .= " '".$this->db->idate($this->datei)."',";
- $sql .= " ".$this->duration.",";
- $sql .= ' '.$rangToUse;
+ $sql .= " ".((int) $this->duration).",";
+ $sql .= ' '.((int) $rangToUse);
$sql .= ')';
dol_syslog("FichinterLigne::insert", LOG_DEBUG);
diff --git a/htdocs/fourn/card.php b/htdocs/fourn/card.php
index e9b61e53406..866fd31318e 100644
--- a/htdocs/fourn/card.php
+++ b/htdocs/fourn/card.php
@@ -592,7 +592,7 @@ if ($object->id > 0) {
$sql .= " WHERE p.fk_soc =".$object->id;
$sql .= " AND p.entity IN (".getEntity('supplier_proposal').")";
$sql .= " ORDER BY p.date_valid DESC";
- $sql .= " ".$db->plimit($MAXLIST);
+ $sql .= $db->plimit($MAXLIST);
$resql = $db->query($sql);
if ($resql) {
@@ -694,7 +694,8 @@ if ($object->id > 0) {
$sql .= " WHERE p.fk_soc =".$object->id;
$sql .= " AND p.entity IN (".getEntity('commande_fournisseur').")";
$sql .= " ORDER BY p.date_commande DESC";
- $sql .= " ".$db->plimit($MAXLIST);
+ $sql .= $db->plimit($MAXLIST);
+
$resql = $db->query($sql);
if ($resql) {
$i = 0;
diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php
index d9ca371c133..daa943ffee9 100644
--- a/htdocs/fourn/class/fournisseur.commande.class.php
+++ b/htdocs/fourn/class/fournisseur.commande.class.php
@@ -3681,19 +3681,19 @@ class CommandeFournisseurLigne extends CommonOrderLine
$sql .= "'".$this->db->escape($this->rang)."',";
$sql .= "'".$this->db->escape($this->qty)."', ";
$sql .= " ".(empty($this->vat_src_code) ? "''" : "'".$this->db->escape($this->vat_src_code)."'").",";
- $sql .= " ".$this->tva_tx.", ";
- $sql .= " ".$this->localtax1_tx.",";
- $sql .= " ".$this->localtax2_tx.",";
+ $sql .= " ".price2num($this->tva_tx).", ";
+ $sql .= " ".price2num($this->localtax1_tx).",";
+ $sql .= " ".price2num($this->localtax2_tx).",";
$sql .= " '".$this->db->escape($this->localtax1_type)."',";
$sql .= " '".$this->db->escape($this->localtax2_type)."',";
- $sql .= " ".$this->remise_percent.", ".price2num($this->subprice, 'MU').", '".$this->db->escape($this->ref_supplier)."',";
+ $sql .= " ".((float) $this->remise_percent).", ".price2num($this->subprice, 'MU').", '".$this->db->escape($this->ref_supplier)."',";
$sql .= " ".price2num($this->total_ht).",";
$sql .= " ".price2num($this->total_tva).",";
$sql .= " ".price2num($this->total_localtax1).",";
$sql .= " ".price2num($this->total_localtax2).",";
$sql .= " ".price2num($this->total_ttc).",";
$sql .= ($this->fk_unit ? "'".$this->db->escape($this->fk_unit)."'" : "null");
- $sql .= ", ".($this->fk_multicurrency ? $this->fk_multicurrency : "null");
+ $sql .= ", ".($this->fk_multicurrency ? ((int) $this->fk_multicurrency) : "null");
$sql .= ", '".$this->db->escape($this->multicurrency_code)."'";
$sql .= ", ".($this->multicurrency_subprice ? price2num($this->multicurrency_subprice) : '0');
$sql .= ", ".($this->multicurrency_total_ht ? price2num($this->multicurrency_total_ht) : '0');
diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php
index 377f09028df..f5840712807 100644
--- a/htdocs/fourn/class/fournisseur.facture.class.php
+++ b/htdocs/fourn/class/fournisseur.facture.class.php
@@ -3584,17 +3584,17 @@ class SupplierInvoiceLine extends CommonObjectLine
$sql .= " '".$this->db->escape($this->localtax1_type)."',";
$sql .= " '".$this->db->escape($this->localtax2_type)."',";
$sql .= ' '.(!empty($this->fk_product) ? $this->fk_product : "null").',';
- $sql .= " ".$this->product_type.",";
+ $sql .= " ".((int) $this->product_type).",";
$sql .= " ".price2num($this->remise_percent).",";
- $sql .= ' '.(! empty($this->fk_remise_except)?$this->fk_remise_except:"null").',';
+ $sql .= ' '.(! empty($this->fk_remise_except) ? ((int) $this->fk_remise_except) : "null").',';
$sql .= " ".price2num($this->subprice).",";
$sql .= " ".(!empty($this->qty) ?price2num($this->total_ttc / $this->qty) : price2num($this->total_ttc)).",";
$sql .= " ".(!empty($this->date_start) ? "'".$this->db->idate($this->date_start)."'" : "null").",";
$sql .= " ".(!empty($this->date_end) ? "'".$this->db->idate($this->date_end)."'" : "null").",";
$sql .= ' '.(!empty($this->fk_code_ventilation) ? $this->fk_code_ventilation : 0).',';
- $sql .= ' '.$this->rang.',';
- $sql .= ' '.$this->special_code.',';
- $sql .= " '".$this->db->escape($this->info_bits)."',";
+ $sql .= ' '.((int) $this->rang).',';
+ $sql .= ' '.((int) $this->special_code).',';
+ $sql .= " ".((int) $this->info_bits)."',";
$sql .= " ".price2num($this->total_ht).",";
$sql .= " ".price2num($this->total_tva).",";
$sql .= " ".price2num($this->total_ttc).",";
diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php
index 2172af578e9..3eaed8d27b8 100644
--- a/htdocs/fourn/class/fournisseur.product.class.php
+++ b/htdocs/fourn/class/fournisseur.product.class.php
@@ -455,28 +455,28 @@ class ProductFournisseur extends Product
$sql .= (isset($fk_multicurrency) ? "'".$this->db->escape($fk_multicurrency)."'" : 'null').",";
$sql .= (isset($multicurrency_code) ? "'".$this->db->escape($multicurrency_code)."'" : 'null').",";
$sql .= " '".$this->db->idate($now)."',";
- $sql .= " ".$this->id.",";
- $sql .= " ".$fourn->id.",";
+ $sql .= " ".((int) $this->id).",";
+ $sql .= " ".((int) $fourn->id).",";
$sql .= " '".$this->db->escape($ref_fourn)."',";
$sql .= " '".$this->db->escape($desc_fourn)."',";
$sql .= " ".$user->id.",";
- $sql .= " ".$buyprice.",";
- $sql .= " ".$qty.",";
- $sql .= " ".$remise_percent.",";
- $sql .= " ".$remise.",";
- $sql .= " ".$unitBuyPrice.",";
- $sql .= " ".$tva_tx.",";
- $sql .= " ".$charges.",";
- $sql .= " ".$availability.",";
+ $sql .= " ".price2num($buyprice).",";
+ $sql .= " ".((float) $qty).",";
+ $sql .= " ".((float) $remise_percent).",";
+ $sql .= " ".((float) $remise).",";
+ $sql .= " ".price2num($unitBuyPrice).",";
+ $sql .= " ".price2num($tva_tx).",";
+ $sql .= " ".price2num($charges).",";
+ $sql .= " ".((int) $availability).",";
$sql .= " ".($newdefaultvatcode ? "'".$this->db->escape($newdefaultvatcode)."'" : "null").",";
- $sql .= " ".$newnpr.",";
+ $sql .= " ".((int) $newnpr).",";
$sql .= $conf->entity.",";
- $sql .= ($delivery_time_days != '' ? $delivery_time_days : 'null').",";
+ $sql .= ($delivery_time_days != '' ? ((int) $delivery_time_days) : 'null').",";
$sql .= (empty($supplier_reputation) ? 'NULL' : "'".$this->db->escape($supplier_reputation)."'").",";
$sql .= (empty($barcode) ? 'NULL' : "'".$this->db->escape($barcode)."'").",";
$sql .= (empty($fk_barcode_type) ? 'NULL' : "'".$this->db->escape($fk_barcode_type)."'");
if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) {
- $sql .= ", ".(empty($this->packaging) ? 1 : $this->db->escape($this->packaging));
+ $sql .= ", ".(empty($this->packaging) ? '1' : "'".$this->db->escape($this->packaging)."'");
}
$sql .= ")";
@@ -1253,10 +1253,10 @@ class ProductFournisseur extends Product
$sql .= (isset($fk_multicurrency) ? "'".$this->db->escape($fk_multicurrency)."'" : 'null').",";
$sql .= (isset($multicurrency_code) ? "'".$this->db->escape($multicurrency_code)."'" : 'null').",";
$sql .= "'".$this->db->idate($datec)."',";
- $sql .= " ".$this->product_fourn_price_id.",";
+ $sql .= " ".((int) $this->product_fourn_price_id).",";
$sql .= " ".$user->id.",";
$sql .= " ".price2num($buyprice).",";
- $sql .= " ".$qty;
+ $sql .= " ".price2num($qty);
$sql .= ")";
$resql = $this->db->query($sql);
diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php
index 7e3585bd5bc..f51e1ed85cf 100644
--- a/htdocs/holiday/class/holiday.class.php
+++ b/htdocs/holiday/class/holiday.class.php
@@ -275,17 +275,17 @@ class Holiday extends CommonObject
$sql .= "entity";
$sql .= ") VALUES (";
$sql .= "'(PROV)',";
- $sql .= "'".$this->db->escape($this->fk_user)."',";
+ $sql .= " ".((int) $this->fk_user)."',";
$sql .= " '".$this->db->idate($now)."',";
$sql .= " '".$this->db->escape($this->description)."',";
$sql .= " '".$this->db->idate($this->date_debut)."',";
$sql .= " '".$this->db->idate($this->date_fin)."',";
- $sql .= " ".$this->halfday.",";
+ $sql .= " ".((int) $this->halfday).",";
$sql .= " '1',";
- $sql .= " '".$this->db->escape($this->fk_validator)."',";
- $sql .= " ".$this->fk_type.",";
- $sql .= " ".$user->id.",";
- $sql .= " ".$conf->entity;
+ $sql .= " ".((int) $this->fk_validator).",";
+ $sql .= " ".((int) $this->fk_type).",";
+ $sql .= " ".((int) $user->id).",";
+ $sql .= " ".((int) $conf->entity);
$sql .= ")";
$this->db->begin();
@@ -1952,12 +1952,12 @@ class Holiday extends CommonObject
$sql .= "fk_type";
$sql .= ") VALUES (";
$sql .= " '".$this->db->idate(dol_now())."',";
- $sql .= " '".$this->db->escape($fk_user_action)."',";
- $sql .= " '".$this->db->escape($fk_user_update)."',";
+ $sql .= " ".((int) $fk_user_action).",";
+ $sql .= " ".((int) $fk_user_update).",";
$sql .= " '".$this->db->escape($label)."',";
$sql .= " '".$this->db->escape($prev_solde)."',";
$sql .= " '".$this->db->escape($new_solde)."',";
- $sql .= " ".$fk_type;
+ $sql .= " ".((int) $fk_type);
$sql .= ")";
$resql = $this->db->query($sql);
diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php
index e814e69574a..824f05bc059 100644
--- a/htdocs/install/upgrade2.php
+++ b/htdocs/install/upgrade2.php
@@ -2465,7 +2465,7 @@ function migrate_restore_missing_links($db, $langs, $conf)
print 'Line '.$obj->rowid.' in '.$table1.' is linked to record '.$obj->field.' in '.$table2.' that has no link to '.$table1.'. We fix this.
';
$sql = "UPDATE ".MAIN_DB_PREFIX.$table2." SET";
$sql .= " ".$field2." = '".$db->escape($obj->rowid)."'";
- $sql .= " WHERE rowid=".$obj->field;
+ $sql .= " WHERE rowid = ".((int) $obj->field);
$resql2 = $db->query($sql);
if (!$resql2) {
@@ -2522,7 +2522,7 @@ function migrate_restore_missing_links($db, $langs, $conf)
print 'Line '.$obj->rowid.' in '.$table1.' is linked to record '.$obj->field.' in '.$table2.' that has no link to '.$table1.'. We fix this.
';
$sql = "UPDATE ".MAIN_DB_PREFIX.$table2." SET";
$sql .= " ".$field2." = '".$db->escape($obj->rowid)."'";
- $sql .= " WHERE rowid=".$obj->field;
+ $sql .= " WHERE rowid = ".((int) $obj->field);
$resql2 = $db->query($sql);
if (!$resql2) {
diff --git a/htdocs/loan/class/loanschedule.class.php b/htdocs/loan/class/loanschedule.class.php
index 54d4607ab70..126002eb47a 100644
--- a/htdocs/loan/class/loanschedule.class.php
+++ b/htdocs/loan/class/loanschedule.class.php
@@ -177,12 +177,12 @@ class LoanSchedule extends CommonObject
$sql .= " fk_typepayment, fk_user_creat, fk_bank)";
$sql .= " VALUES (".$this->fk_loan.", '".$this->db->idate($now)."',";
$sql .= " '".$this->db->idate($this->datep)."',";
- $sql .= " ".$this->amount_capital.",";
- $sql .= " ".$this->amount_insurance.",";
- $sql .= " ".$this->amount_interest.",";
- $sql .= " ".$this->fk_typepayment.", ";
- $sql .= " ".$user->id.",";
- $sql .= " ".$this->fk_bank.")";
+ $sql .= " ".price2num($this->amount_capital).",";
+ $sql .= " ".price2num($this->amount_insurance).",";
+ $sql .= " ".price2num($this->amount_interest).",";
+ $sql .= " ".price2num($this->fk_typepayment).", ";
+ $sql .= " ".((int) $user->id).",";
+ $sql .= " ".((int) $this->fk_bank).")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);
$resql = $this->db->query($sql);
diff --git a/htdocs/loan/class/paymentloan.class.php b/htdocs/loan/class/paymentloan.class.php
index cf0a8e87f63..fd4dbf42081 100644
--- a/htdocs/loan/class/paymentloan.class.php
+++ b/htdocs/loan/class/paymentloan.class.php
@@ -182,10 +182,10 @@ class PaymentLoan extends CommonObject
$sql .= " fk_typepayment, num_payment, note_private, note_public, fk_user_creat, fk_bank)";
$sql .= " VALUES (".$this->chid.", '".$this->db->idate($now)."',";
$sql .= " '".$this->db->idate($this->datep)."',";
- $sql .= " ".$this->amount_capital.",";
- $sql .= " ".$this->amount_insurance.",";
- $sql .= " ".$this->amount_interest.",";
- $sql .= " ".$this->paymenttype.", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note_private)."', '".$this->db->escape($this->note_public)."', ".$user->id.",";
+ $sql .= " ".price2num($this->amount_capital).",";
+ $sql .= " ".price2num($this->amount_insurance).",";
+ $sql .= " ".price2num($this->amount_interest).",";
+ $sql .= " ".((int) $this->paymenttype).", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note_private)."', '".$this->db->escape($this->note_public)."', ".$user->id.",";
$sql .= " 0)";
dol_syslog(get_class($this)."::create", LOG_DEBUG);
diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index 70327386dd1..8d53db4c0b7 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -1714,8 +1714,8 @@ class Product extends CommonObject
// Add new price
$sql = "INSERT INTO ".MAIN_DB_PREFIX."product_price(price_level,date_price, fk_product, fk_user_author, price, price_ttc, price_base_type,tosell, tva_tx, default_vat_code, recuperableonly,";
$sql .= " localtax1_tx, localtax2_tx, localtax1_type, localtax2_type, price_min,price_min_ttc,price_by_qty,entity,fk_price_expression) ";
- $sql .= " VALUES(".($level ? $level : 1).", '".$this->db->idate($now)."',".$this->id.",".$user->id.",".$this->price.",".$this->price_ttc.",'".$this->db->escape($this->price_base_type)."',".$this->status.",".$this->tva_tx.", ".($this->default_vat_code ? ("'".$this->db->escape($this->default_vat_code)."'") : "null").",".$this->tva_npr.",";
- $sql .= " ".$this->localtax1_tx.", ".$this->localtax2_tx.", '".$this->db->escape($this->localtax1_type)."', '".$this->db->escape($this->localtax2_type)."', ".$this->price_min.",".$this->price_min_ttc.",".$this->price_by_qty.",".$conf->entity.",".($this->fk_price_expression > 0 ? $this->fk_price_expression : 'null');
+ $sql .= " VALUES(".($level ? $level : 1).", '".$this->db->idate($now)."', ".$this->id.", ".$user->id.", ".price2num($this->price).", ".price2num($this->price_ttc).",'".$this->db->escape($this->price_base_type)."',".((int) $this->status).", ".price2num($this->tva_tx).", ".($this->default_vat_code ? ("'".$this->db->escape($this->default_vat_code)."'") : "null").", ".((int) $this->tva_npr).",";
+ $sql .= " ".price2num($this->localtax1_tx).", ".price2num($this->localtax2_tx).", '".$this->db->escape($this->localtax1_type)."', '".$this->db->escape($this->localtax2_type)."', ".price2num($this->price_min).", ".price2num($this->price_min_ttc).", ".price2num($this->price_by_qty).", ".$conf->entity.",".($this->fk_price_expression > 0 ? ((int) $this->fk_price_expression) : 'null');
$sql .= ")";
dol_syslog(get_class($this)."::_log_price", LOG_DEBUG);
diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php
index 9b0d29b4cdd..0683732d6cb 100644
--- a/htdocs/product/class/productcustomerprice.class.php
+++ b/htdocs/product/class/productcustomerprice.class.php
@@ -209,7 +209,7 @@ class Productcustomerprice extends CommonObject
$sql .= "fk_user,";
$sql .= "import_key";
$sql .= ") VALUES (";
- $sql .= " ".$conf->entity.",";
+ $sql .= " ".((int) $conf->entity).",";
$sql .= " '".$this->db->idate(dol_now())."',";
$sql .= " ".(!isset($this->fk_product) ? 'NULL' : "'".$this->db->escape($this->fk_product)."'").",";
$sql .= " ".(!isset($this->fk_soc) ? 'NULL' : "'".$this->db->escape($this->fk_soc)."'").",";
@@ -226,7 +226,7 @@ class Productcustomerprice extends CommonObject
$sql .= " ".(!isset($this->localtax1_tx) ? 'NULL' : (empty($this->localtax1_tx) ? 0 : $this->localtax1_tx)).",";
$sql .= " ".(empty($this->localtax2_type) ? "'0'" : "'".$this->db->escape($this->localtax2_type)."'").",";
$sql .= " ".(!isset($this->localtax2_tx) ? 'NULL' : (empty($this->localtax2_tx) ? 0 : $this->localtax2_tx)).",";
- $sql .= " ".$user->id.",";
+ $sql .= " ".((int) $user->id).",";
$sql .= " ".(!isset($this->import_key) ? 'NULL' : "'".$this->db->escape($this->import_key)."'")."";
$sql .= ")";
diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php
index 0b5ea0cc2a6..67c24ac37c8 100644
--- a/htdocs/product/class/propalmergepdfproduct.class.php
+++ b/htdocs/product/class/propalmergepdfproduct.class.php
@@ -105,7 +105,6 @@ class Propalmergepdfproduct extends CommonObject
// Insert request
$sql = "INSERT INTO ".MAIN_DB_PREFIX."propal_merge_pdf_product(";
-
$sql .= "fk_product,";
$sql .= "file_name,";
if ($conf->global->MAIN_MULTILANGS) {
@@ -114,25 +113,19 @@ class Propalmergepdfproduct extends CommonObject
$sql .= "fk_user_author,";
$sql .= "fk_user_mod,";
$sql .= "datec";
-
-
$sql .= ") VALUES (";
-
- $sql .= " ".(!isset($this->fk_product) ? 'NULL' : "'".$this->db->escape($this->fk_product)."'").",";
+ $sql .= " ".(!isset($this->fk_product) ? 'NULL' : ((int) $this->fk_product)).",";
$sql .= " ".(!isset($this->file_name) ? 'NULL' : "'".$this->db->escape($this->file_name)."'").",";
if ($conf->global->MAIN_MULTILANGS) {
$sql .= " ".(!isset($this->lang) ? 'NULL' : "'".$this->db->escape($this->lang)."'").",";
}
- $sql .= " ".$user->id.",";
- $sql .= " ".$user->id.",";
+ $sql .= " ".((int) $user->id).",";
+ $sql .= " ".((int) $user->id).",";
$sql .= " '".$this->db->idate(dol_now())."'";
-
-
$sql .= ")";
$this->db->begin();
- dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
$error++; $this->errors[] = "Error ".$this->db->lasterror();
diff --git a/htdocs/product/dynamic_price/class/price_global_variable.class.php b/htdocs/product/dynamic_price/class/price_global_variable.class.php
index 0404f0bd97a..87cb8dea2c5 100644
--- a/htdocs/product/dynamic_price/class/price_global_variable.class.php
+++ b/htdocs/product/dynamic_price/class/price_global_variable.class.php
@@ -93,7 +93,7 @@ class PriceGlobalVariable
$sql .= ") VALUES (";
$sql .= " ".(isset($this->code) ? "'".$this->db->escape($this->code)."'" : "''").",";
$sql .= " ".(isset($this->description) ? "'".$this->db->escape($this->description)."'" : "''").",";
- $sql .= " ".$this->value;
+ $sql .= " ".((float) $this->value);
$sql .= ")";
$this->db->begin();
diff --git a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php
index 4272beb44bc..331a65971b6 100644
--- a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php
+++ b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php
@@ -103,12 +103,12 @@ class PriceGlobalVariableUpdater
$sql = "INSERT INTO ".MAIN_DB_PREFIX.$this->table_element." (";
$sql .= "type, description, parameters, fk_variable, update_interval, next_update, last_status";
$sql .= ") VALUES (";
- $sql .= " ".$this->type.",";
+ $sql .= " ".((int) $this->type).",";
$sql .= " ".(isset($this->description) ? "'".$this->db->escape($this->description)."'" : "''").",";
$sql .= " ".(isset($this->parameters) ? "'".$this->db->escape($this->parameters)."'" : "''").",";
- $sql .= " ".$this->fk_variable.",";
- $sql .= " ".$this->update_interval.",";
- $sql .= " ".$this->next_update.",";
+ $sql .= " ".((int) $this->fk_variable).",";
+ $sql .= " ".((int) $this->update_interval).",";
+ $sql .= " ".((int) $this->next_update).",";
$sql .= " ".(isset($this->last_status) ? "'".$this->db->escape($this->last_status)."'" : "''");
$sql .= ")";
diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php
index 5e609bbe301..f0c7d51c86b 100644
--- a/htdocs/product/stock/class/mouvementstock.class.php
+++ b/htdocs/product/stock/class/mouvementstock.class.php
@@ -432,14 +432,14 @@ class MouvementStock extends CommonObject
$sql .= " ".($batch ? "'".$this->db->escape($batch)."'" : "null").", ";
$sql .= " ".($eatby ? "'".$this->db->idate($eatby)."'" : "null").", ";
$sql .= " ".($sellby ? "'".$this->db->idate($sellby)."'" : "null").", ";
- $sql .= " ".$this->entrepot_id.", ".$this->qty.", ".((int) $this->type).",";
- $sql .= " ".$user->id.",";
+ $sql .= " ".((int) $this->entrepot_id).", ".((float) $this->qty).", ".((int) $this->type).",";
+ $sql .= " ".((int) $user->id).",";
$sql .= " '".$this->db->escape($label)."',";
$sql .= " ".($inventorycode ? "'".$this->db->escape($inventorycode)."'" : "null").",";
$sql .= " ".price2num($price).",";
- $sql .= " ".$fk_origin.",";
+ $sql .= " ".((int) $fk_origin).",";
$sql .= " '".$this->db->escape($origintype)."',";
- $sql .= " ".$fk_project;
+ $sql .= " ".((int) $fk_project);
$sql .= ")";
dol_syslog(get_class($this)."::_create insert record into stock_mouvement", LOG_DEBUG);
diff --git a/htdocs/salaries/class/paymentsalary.class.php b/htdocs/salaries/class/paymentsalary.class.php
index dcb50dac49a..e2b199780f0 100644
--- a/htdocs/salaries/class/paymentsalary.class.php
+++ b/htdocs/salaries/class/paymentsalary.class.php
@@ -168,8 +168,8 @@ class PaymentSalary extends CommonObject
$sql .= " fk_typepayment, num_payment, note, fk_user_author, fk_bank)";
$sql .= " VALUES ($this->chid, '".$this->db->idate($now)."',";
$sql .= " '".$this->db->idate($this->datepaye)."',";
- $sql .= " ".$totalamount.",";
- $sql .= " ".$this->paiementtype.", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note)."', ".$user->id.",";
+ $sql .= " ".price2num($totalamount).",";
+ $sql .= " ".((int) $this->paiementtype).", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note)."', ".((int) $user->id).",";
$sql .= " 0)";
$resql = $this->db->query($sql);
diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php
index e885912e2a1..07da47dc2ce 100644
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@@ -2112,9 +2112,9 @@ class Societe extends CommonObject
// Writes trace in discount history
$sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_remise";
$sql .= " (entity, datec, fk_soc, remise_client, note, fk_user_author)";
- $sql .= " VALUES (".$conf->entity.", '".$this->db->idate($now)."', ".$this->id.", '".$this->db->escape($remise)."',";
+ $sql .= " VALUES (".$conf->entity.", '".$this->db->idate($now)."', ".((int) $this->id).", '".$this->db->escape($remise)."',";
$sql .= " '".$this->db->escape($note)."',";
- $sql .= " ".$user->id;
+ $sql .= " ".((int) $user->id);
$sql .= ")";
$resql = $this->db->query($sql);
@@ -2171,9 +2171,9 @@ class Societe extends CommonObject
// Writes trace in discount history
$sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_remise_supplier";
$sql .= " (entity, datec, fk_soc, remise_supplier, note, fk_user_author)";
- $sql .= " VALUES (".$conf->entity.", '".$this->db->idate($now)."', ".$this->id.", '".$this->db->escape($remise)."',";
+ $sql .= " VALUES (".$conf->entity.", '".$this->db->idate($now)."', ".((int) $this->id).", '".$this->db->escape($remise)."',";
$sql .= " '".$this->db->escape($note)."',";
- $sql .= " ".$user->id;
+ $sql .= " ".((int) $user->id);
$sql .= ")";
$resql = $this->db->query($sql);
diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php
index f4e92ecab18..31f1b0b243a 100644
--- a/htdocs/ticket/class/ticket.class.php
+++ b/htdocs/ticket/class/ticket.class.php
@@ -1829,7 +1829,6 @@ class Ticket extends CommonObject
public function searchSocidByEmail($email, $type = '0', $filters = array(), $clause = 'AND')
{
$thirdparties = array();
- $case = 0;
$exact = 0;
// Generation requete recherche
@@ -1843,7 +1842,7 @@ class Ticket extends CommonObject
}
}
if (!empty($email)) {
- if (!$exact) {
+ if (empty($exact)) {
$regs = array();
if (preg_match('/^([\*])?[^*]+([\*])?$/', $email, $regs) && count($regs) > 1) {
$email = str_replace('*', '%', $email);
@@ -1856,15 +1855,11 @@ class Ticket extends CommonObject
$sql .= "(";
}
- if (!$case) {
- $sql .= "email LIKE '".$this->db->escape($email)."'";
- } else {
- $sql .= "email LIKE BINARY '".$this->db->escape($email)."'";
- }
+ $sql .= "email LIKE '".$this->db->escape($email)."'";
}
if (is_array($filters) && !empty($filters)) {
foreach ($filters as $field => $value) {
- $sql .= " ".$clause." ".$field." LIKE BINARY '".$this->db->escape($value)."'";
+ $sql .= " ".$clause." ".$field." LIKE '".$this->db->escape($value)."'";
}
if (!empty($email)) {
$sql .= ")";