Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Add more robust php unit to detect not escaped sql. Fix not escaped sql

Browse Source
This commit is contained in:
Laurent Destailleur
2017-09-15 15:41:07 +02:00
parent 77056d9adb
commit 5e34b121dd
63 changed files with 420 additions and 438 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/core/class/ccountry.class.php
View File

@@ -88,11 +88,11 @@ class Ccountry // extends CommonObject
$sql.= "label,";
$sql.= "active";
$sql.= ") VALUES (";
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->rowid."'").",";
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->db->escape($this->rowid)."'").",";
$sql.= " ".(! isset($this->code)?'NULL':"'".$this->db->escape($this->code)."'").",";
$sql.= " ".(! isset($this->code_iso)?'NULL':"'".$this->db->escape($this->code_iso)."'").",";
$sql.= " ".(! isset($this->label)?'NULL':"'".$this->db->escape($this->label)."'").",";
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->active."'")."";
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->db->escape($this->active)."'")."";
$sql.= ")";
$this->db->begin();