diff --git a/htdocs/admin/dolistore/class/dolistore.class.php b/htdocs/admin/dolistore/class/dolistore.class.php index 9e5a1e8bce1..bfcb751f9a9 100644 --- a/htdocs/admin/dolistore/class/dolistore.class.php +++ b/htdocs/admin/dolistore/class/dolistore.class.php @@ -84,7 +84,7 @@ class Dolistore try { $this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api); - dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV); + dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV')); // $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data. // Here we set the option array for the Webservice : we want categories resources @@ -134,7 +134,7 @@ class Dolistore try { $this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api); - dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV); + dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV')); // $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data. // Here we set the option array for the Webservice : we want products resources diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 94c512675ef..d5a0c427352 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -875,7 +875,7 @@ class ActionComm extends CommonObject $sql = 'SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency'; $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm_resources'; - $sql .= ' WHERE fk_actioncomm = '.$this->id; + $sql .= ' WHERE fk_actioncomm = '.((int) $this->id); $sql .= " AND element_type IN ('user', 'socpeople')"; $resql = $this->db->query($sql); if ($resql) { @@ -996,7 +996,7 @@ class ActionComm extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; - $sql .= " WHERE fk_actioncomm = ".$this->id; + $sql .= " WHERE fk_actioncomm = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { @@ -1159,7 +1159,7 @@ class ActionComm extends CommonObject // Now insert assignedusers if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'user'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'user'"; $resql = $this->db->query($sql); $already_inserted = array(); @@ -1184,7 +1184,7 @@ class ActionComm extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'socpeople'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'socpeople'"; $resql = $this->db->query($sql); if (!empty($this->socpeopleassigned)) { @@ -1336,7 +1336,7 @@ class ActionComm extends CommonObject } if (!$user->rights->agenda->allactions->read) { $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id); - $sql .= " OR ar.fk_element = ".$user->id; // Added by PV + $sql .= " OR ar.fk_element = ".((int) $user->id); $sql .= ")"; } @@ -2226,7 +2226,7 @@ class ActionComm extends CommonObject //Select all action comm reminders for event $sql = "SELECT rowid as id, typeremind, dateremind, status, offsetvalue, offsetunit, fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_reminder"; - $sql .= " WHERE fk_actioncomm = ".$this->id; + $sql .= " WHERE fk_actioncomm = ".((int) $this->id); if ($onlypast) { $sql .= " AND dateremind <= '".$this->db->idate(dol_now())."'"; } diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 0f73746b03a..6e3f60a7cf5 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1879,8 +1879,8 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET ref = '".$this->db->escape($num)."',"; - $sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1906,7 +1906,7 @@ class Propal extends CommonObject if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'propale/".$this->db->escape($this->newref)."'"; - $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; + $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -1974,7 +1974,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET datep = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2030,7 +2030,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET fin_validite = ".($date_fin_validite != '' ? "'".$this->db->idate($date_fin_validite)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2101,7 +2101,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; $sql .= " SET date_livraison = ".($delivery_date != '' ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2156,9 +2156,9 @@ class Propal extends CommonObject $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; - $sql .= " SET fk_availability = '".$id."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; + $sql .= " SET fk_availability = ".((int) $id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__.' availability('.$id.')', LOG_DEBUG); $resql = $this->db->query($sql); @@ -2221,7 +2221,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; $sql .= " SET fk_input_reason = ".((int) $id); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2346,7 +2346,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2409,7 +2409,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET remise_absolue = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2530,7 +2530,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."', date_signature='".$this->db->idate($now)."', fk_user_signature=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2707,7 +2707,7 @@ class Propal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -2789,7 +2789,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_statut = ".self::STATUS_DRAFT; } if ($notcurrentuser > 0) { - $sql .= " AND p.fk_user_author <> ".$user->id; + $sql .= " AND p.fk_user_author <> ".((int) $user->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -2934,7 +2934,7 @@ class Propal extends CommonObject if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id); if (!$this->db->query($sqlef) || !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -2970,7 +2970,7 @@ class Propal extends CommonObject // Delete main record if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { $error++; @@ -4156,7 +4156,7 @@ class PropaleLigne extends CommonObjectLine $error = 0; $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".$this->rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".((int) $this->rowid); dol_syslog("PropaleLigne::delete", LOG_DEBUG); if ($this->db->query($sql)) { // Remove extrafields diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index f2feb3ed444..050b7251898 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -493,8 +493,8 @@ class Commande extends CommonOrder $sql .= " SET ref = '".$this->db->escape($num)."',"; $sql .= " fk_statut = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate($now)."',"; - $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -624,7 +624,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$error) { @@ -807,7 +807,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET fk_statut = ".self::STATUS_CANCELED; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = ".self::STATUS_VALIDATED; dol_syslog(get_class($this)."::cancel", LOG_DEBUG); @@ -2543,7 +2543,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET date_commande = ".($date ? "'".$this->db->idate($date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".((int) self::STATUS_DRAFT); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".((int) self::STATUS_DRAFT); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2615,7 +2615,7 @@ class Commande extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande"; $sql .= " SET date_livraison = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2697,7 +2697,7 @@ class Commande extends CommonOrder $sql .= " AND c.fk_statut = ".self::STATUS_DRAFT; } if (is_object($excluser)) { - $sql .= " AND c.fk_user_author <> ".$excluser->id; + $sql .= " AND c.fk_user_author <> ".((int) $excluser->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -3395,8 +3395,8 @@ class Commande extends CommonOrder // Delete extrafields of lines and lines if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; - $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; + $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id); if (!$this->db->query($sqlef) || !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -3432,7 +3432,7 @@ class Commande extends CommonOrder // Delete main record if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { $error++; @@ -4649,7 +4649,7 @@ class OrderLine extends CommonOrderLine $sql .= ",total_localtax1='".price2num($this->total_localtax1)."'"; $sql .= ",total_localtax2='".price2num($this->total_localtax2)."'"; $sql .= ",total_ttc='".price2num($this->total_ttc)."'"; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog("OrderLine::update_total", LOG_DEBUG); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index d0d14b02abb..ea41bd4842a 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -2996,7 +2996,7 @@ class Facture extends CommonInvoice $sql = "UPDATE ".MAIN_DB_PREFIX."facture"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); if ($result) { @@ -4051,7 +4051,7 @@ class Facture extends CommonInvoice $sql .= " AND f.fk_statut = ".self::STATUS_DRAFT; } if (is_object($excluser)) { - $sql .= " AND f.fk_user_author <> ".$excluser->id; + $sql .= " AND f.fk_user_author <> ".((int) $excluser->id); } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -5679,7 +5679,7 @@ class FactureLigne extends CommonInvoiceLine return -1; } - $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".$this->rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if ($this->db->query($sql)) { $this->db->commit(); @@ -5719,7 +5719,7 @@ class FactureLigne extends CommonInvoiceLine $sql .= ",total_localtax1=".price2num($this->total_localtax1).""; $sql .= ",total_localtax2=".price2num($this->total_localtax2).""; $sql .= ",total_ttc=".price2num($this->total_ttc).""; - $sql .= " WHERE rowid = ".$this->rowid; + $sql .= " WHERE rowid = ".((int) $this->rowid); dol_syslog(get_class($this)."::update_total", LOG_DEBUG); diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index d9f93dd0a08..10c8f304102 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -203,7 +203,7 @@ class BonPrelevement extends CommonObject */ $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); $sql .= " AND fk_soc =".((int) $client_id); $sql .= " AND code_banque = '".$this->db->escape($code_banque)."'"; $sql .= " AND code_guichet = '".$this->db->escape($code_guichet)."'"; @@ -348,8 +348,8 @@ class BonPrelevement extends CommonObject if ($this->db->begin()) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " SET statut = ".self::STATUS_TRANSFERED; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); $result = $this->db->query($sql); if (!$result) { @@ -374,7 +374,7 @@ class BonPrelevement extends CommonObject if (!$error) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes"; $sql .= " SET statut = 2"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::set_credite Erreur 1"); @@ -429,7 +429,7 @@ class BonPrelevement extends CommonObject $sql .= ", statut = ".self::STATUS_CREDITED; $sql .= ", date_credit = '".$this->db->idate($date)."'"; $sql .= " WHERE rowid=".((int) $this->id); - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " AND statut = ".self::STATUS_TRANSFERED; $resql = $this->db->query($sql); @@ -528,7 +528,7 @@ class BonPrelevement extends CommonObject if (!$error) { $sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes"; $sql .= " SET statut = 2"; - $sql .= " WHERE fk_prelevement_bons = ".$this->id; + $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::set_infocredit Update lines Error"); @@ -582,8 +582,8 @@ class BonPrelevement extends CommonObject $sql .= " , date_trans = '".$this->db->idate($date)."'"; $sql .= " , method_trans = ".((int) $method); $sql .= " , statut = ".self::STATUS_TRANSFERED; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " AND statut = 0"; if ($this->db->query($sql)) { @@ -647,7 +647,7 @@ class BonPrelevement extends CommonObject $sql .= " WHERE pf.fk_prelevement_lignes = pl.rowid"; $sql .= " AND pl.fk_prelevement_bons = p.rowid"; $sql .= " AND p.rowid = ".((int) $this->id); - $sql .= " AND p.entity = ".$conf->entity; + $sql .= " AND p.entity = ".((int) $conf->entity); if ($amounts) { if ($this->type == 'bank-transfer') { $sql .= " GROUP BY fk_facture_fourn"; @@ -989,7 +989,7 @@ class BonPrelevement extends CommonObject $sql = "SELECT substring(ref from char_length(ref) - 1)"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " WHERE ref LIKE '%".$this->db->escape($ref)."%'"; - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " ORDER BY ref DESC LIMIT 1"; dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); @@ -1076,7 +1076,7 @@ class BonPrelevement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande"; $sql .= " SET traite = 1"; $sql .= ", date_traite = '".$this->db->idate($now)."'"; - $sql .= ", fk_prelevement_bons = ".$this->id; + $sql .= ", fk_prelevement_bons = ".((int) $this->id); $sql .= " WHERE rowid = ".((int) $fac[1]); $resql = $this->db->query($sql); @@ -1141,7 +1141,7 @@ class BonPrelevement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " SET amount = ".price2num($this->total); $sql .= " WHERE rowid = ".((int) $this->id); - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { @@ -1205,7 +1205,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id.")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id).")"; $resql1 = $this->db->query($sql); if (!$resql1) { dol_print_error($this->db); @@ -1213,7 +1213,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id); $resql2 = $this->db->query($sql); if (!$resql2) { dol_print_error($this->db); @@ -1221,7 +1221,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".((int) $this->id); $resql3 = $this->db->query($sql); if (!$resql3) { dol_print_error($this->db); @@ -1229,7 +1229,7 @@ class BonPrelevement extends CommonObject } if (!$error) { - $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".((int) $this->id); $resql4 = $this->db->query($sql); if (!$resql4) { dol_print_error($this->db); @@ -1491,7 +1491,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."societe as soc,"; $sql .= " ".MAIN_DB_PREFIX."c_country as c,"; $sql .= " ".MAIN_DB_PREFIX."societe_rib as rib"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture = f.rowid"; $sql .= " AND f.fk_soc = soc.rowid"; @@ -1607,7 +1607,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."societe as soc,"; $sql .= " ".MAIN_DB_PREFIX."c_country as c,"; $sql .= " ".MAIN_DB_PREFIX."societe_rib as rib"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture_fourn = f.rowid"; $sql .= " AND f.fk_soc = soc.rowid"; @@ -1697,7 +1697,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,"; $sql .= " ".MAIN_DB_PREFIX."facture as f,"; $sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture = f.rowid"; @@ -1723,7 +1723,7 @@ class BonPrelevement extends CommonObject $sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,"; $sql .= " ".MAIN_DB_PREFIX."facture_fourn as f,"; $sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id); $sql .= " AND pl.rowid = pf.fk_prelevement_lignes"; $sql .= " AND pf.fk_facture_fourn = f.rowid"; diff --git a/htdocs/compta/sociales/class/chargesociales.class.php b/htdocs/compta/sociales/class/chargesociales.class.php index 1977ac9791b..14b2cf67590 100644 --- a/htdocs/compta/sociales/class/chargesociales.class.php +++ b/htdocs/compta/sociales/class/chargesociales.class.php @@ -301,7 +301,7 @@ class ChargeSociales extends CommonObject // Delete payments if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index a0016f3fe47..29d84c86c57 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -792,7 +792,7 @@ class Contrat extends CommonObject $sql .= " d.fk_unit,"; $sql .= " d.product_type as type"; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as d LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid"; - $sql .= " WHERE d.fk_contrat = ".$this->id; + $sql .= " WHERE d.fk_contrat = ".((int) $this->id); $sql .= " ORDER by d.rowid ASC"; dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG); @@ -1188,7 +1188,7 @@ class Contrat extends CommonObject // Delete contratdet extrafields $main = MAIN_DB_PREFIX.'contratdet'; $ef = $main."_extrafields"; - $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".$this->id.")"; + $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".((int) $this->id).")"; dol_syslog(get_class($this)."::delete contratdet_extrafields", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3120,7 +3120,7 @@ class ContratLigne extends CommonObjectLine if ($this->date_ouverture_prevue != $this->oldcopy->date_ouverture_prevue) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET'; $sql .= " date_ouverture_prevue = ".($this->date_ouverture_prevue != '' ? "'".$this->db->idate($this->date_ouverture_prevue)."'" : "null"); - $sql .= " WHERE fk_contrat = ".$this->fk_contrat; + $sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat); $resql = $this->db->query($sql); if (!$resql) { @@ -3131,7 +3131,7 @@ class ContratLigne extends CommonObjectLine if ($this->date_fin_validite != $this->oldcopy->date_fin_validite) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET'; $sql .= " date_fin_validite = ".($this->date_fin_validite != '' ? "'".$this->db->idate($this->date_fin_validite)."'" : "null"); - $sql .= " WHERE fk_contrat = ".$this->fk_contrat; + $sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index fccbfa6ed7f..1e28afd41e0 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -5765,7 +5765,7 @@ abstract class CommonObject dol_syslog(get_class($this)."::deleteExtraFields delete", LOG_DEBUG); - $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id; + $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id); $resql = $this->db->query($sql_del); if (!$resql) { @@ -5965,7 +5965,7 @@ abstract class CommonObject dol_syslog(get_class($this)."::insertExtraFields delete then insert", LOG_DEBUG); - $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id; + $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id); $this->db->query($sql_del); $sql = "INSERT INTO ".MAIN_DB_PREFIX.$table_element."_extrafields (fk_object"; diff --git a/htdocs/core/website.inc.php b/htdocs/core/website.inc.php index 8ffa69e31ac..97199614ece 100644 --- a/htdocs/core/website.inc.php +++ b/htdocs/core/website.inc.php @@ -96,7 +96,7 @@ if ($_SERVER['PHP_SELF'] != DOL_URL_ROOT.'/website/index.php') { // If we browsi $sql .= " WHERE wp.fk_website = ".((int) $website->id); $sql .= " AND (wp.fk_page = ".((int) $pageid)." OR wp.rowid = ".((int) $pageid); if (is_object($websitepage) && $websitepage->fk_page > 0) { - $sql .= " OR wp.fk_page = ".$websitepage->fk_page." OR wp.rowid = ".$websitepage->fk_page; + $sql .= " OR wp.fk_page = ".((int) $websitepage->fk_page)." OR wp.rowid = ".((int) $websitepage->fk_page); } $sql .= ")"; $sql .= " AND wp.lang = '".$db->escape(GETPOST('l', 'aZ09'))."'"; diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index ee7324a22c4..85245b38e89 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -733,7 +733,7 @@ class Expedition extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expeditiondet_batch as edb on edb.fk_expeditiondet = ed.rowid"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -811,7 +811,7 @@ class Expedition extends CommonObject if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'expedition/sending/".$this->db->escape($this->newref)."'"; - $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/sending/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; + $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/sending/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if (!$resql) { $error++; $this->error = $this->db->lasterror(); @@ -1224,7 +1224,7 @@ class Expedition extends CommonObject $sql = "SELECT cd.fk_product, cd.subprice, ed.qty, ed.fk_entrepot, ed.rowid as expeditiondet_id"; $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::delete select details", LOG_DEBUG); @@ -1285,7 +1285,7 @@ class Expedition extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet"; - $sql .= " WHERE fk_expedition = ".$this->id; + $sql .= " WHERE fk_expedition = ".((int) $this->id); if ($this->db->query($sql)) { // Delete linked object @@ -1408,7 +1408,7 @@ class Expedition extends CommonObject $sql = "SELECT cd.fk_product, cd.subprice, ed.qty, ed.fk_entrepot, ed.rowid as expeditiondet_id"; $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::delete select details", LOG_DEBUG); @@ -1469,10 +1469,10 @@ class Expedition extends CommonObject if (!$error) { $main = MAIN_DB_PREFIX.'expeditiondet'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_expedition = ".$this->id.")"; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_expedition = ".((int) $this->id).")"; $sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet"; - $sql .= " WHERE fk_expedition = ".$this->id; + $sql .= " WHERE fk_expedition = ".((int) $this->id); if ($this->db->query($sqlef) && $this->db->query($sql)) { // Delete linked object @@ -1577,7 +1577,7 @@ class Expedition extends CommonObject $sql .= ", p.weight, p.weight_units, p.length, p.length_units, p.surface, p.surface_units, p.volume, p.volume_units, p.tosell as product_tosell, p.tobuy as product_tobuy, p.tobatch as product_tobatch"; $sql .= " FROM ".MAIN_DB_PREFIX."expeditiondet as ed, ".MAIN_DB_PREFIX."commandedet as cd"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = cd.fk_product"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND ed.fk_origin_line = cd.rowid"; $sql .= " ORDER BY cd.rang, ed.fk_origin_line"; @@ -2207,7 +2207,7 @@ class Expedition extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expeditiondet_batch as edb on edb.fk_expeditiondet = ed.rowid"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -2377,7 +2377,7 @@ class Expedition extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,"; $sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expeditiondet_batch as edb on edb.fk_expeditiondet = ed.rowid"; - $sql .= " WHERE ed.fk_expedition = ".$this->id; + $sql .= " WHERE ed.fk_expedition = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_origin_line"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index a15ebfffeb8..371853dc70c 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -383,8 +383,8 @@ class Fichinter extends CommonObject $sql .= ", fk_projet = ".((int) $this->fk_project); $sql .= ", note_private = ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : "null"); $sql .= ", note_public = ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : "null"); - $sql .= ", fk_user_modif = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= ", fk_user_modif = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); if ($this->db->query($sql)) { @@ -510,7 +510,7 @@ class Fichinter extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -570,11 +570,11 @@ class Fichinter extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter"; $sql .= " SET fk_statut = 1"; - $sql .= ", ref = '".$num."'"; + $sql .= ", ref = '".$this->db->escape($num)."'"; $sql .= ", date_valid = '".$this->db->idate($now)."'"; - $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= ", fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); $sql .= " AND fk_statut = 0"; dol_syslog(get_class($this)."::setValid", LOG_DEBUG); @@ -975,7 +975,7 @@ class Fichinter extends CommonObject if (!$error) { $main = MAIN_DB_PREFIX.'fichinterdet'; $ef = $main."_extrafields"; - $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_fichinter = ".$this->id.")"; + $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_fichinter = ".((int) $this->id).")"; $resql = $this->db->query($sql); if (!$resql) { @@ -985,7 +985,7 @@ class Fichinter extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet"; - $sql .= " WHERE fk_fichinter = ".$this->id; + $sql .= " WHERE fk_fichinter = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1322,7 +1322,7 @@ class Fichinter extends CommonObject $sql = 'SELECT rowid, fk_fichinter, description, duree, date, rang'; $sql .= ' FROM '.MAIN_DB_PREFIX.'fichinterdet'; - $sql .= ' WHERE fk_fichinter = '.$this->id.' ORDER BY rang ASC, date ASC'; + $sql .= ' WHERE fk_fichinter = '.((int) $this->id).' ORDER BY rang ASC, date ASC'; dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1568,7 +1568,7 @@ class FichinterLigne extends CommonObjectLine $sql .= ",date='".$this->db->idate($this->datei)."'"; $sql .= ",duree=".$this->duration; $sql .= ",rang='".$this->db->escape($this->rang)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("FichinterLigne::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1680,7 +1680,7 @@ class FichinterLigne extends CommonObjectLine return -1; } - $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 94015875599..3facc342f08 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -598,8 +598,8 @@ class CommandeFournisseur extends CommonOrder $sql .= " SET ref='".$this->db->escape($num)."',"; $sql .= " fk_statut = ".self::STATUS_VALIDATED.","; $sql .= " date_valid='".$this->db->idate(dol_now())."',"; - $sql .= " fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " fk_user_valid = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = ".self::STATUS_DRAFT; $resql = $this->db->query($sql); @@ -1008,7 +1008,7 @@ class CommandeFournisseur extends CommonOrder } else // request a second level approval { $sql .= " date_approve2='".$this->db->idate($now)."',"; - $sql .= " fk_user_approve2 = ".$user->id; + $sql .= " fk_user_approve2 = ".((int) $user->id); if (empty($this->user_approve_id)) { $movetoapprovestatus = false; // first level approval not done } @@ -1020,7 +1020,7 @@ class CommandeFournisseur extends CommonOrder } else { $sql .= ", fk_statut = ".self::STATUS_VALIDATED; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut = ".self::STATUS_VALIDATED; if ($this->db->query($sql)) { @@ -1118,7 +1118,7 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur SET fk_statut = ".self::STATUS_REFUSED; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $result = 0; @@ -1170,7 +1170,7 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur SET fk_statut = ".((int) $statut); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::cancel", LOG_DEBUG); if ($this->db->query($sql)) { $result = 0; @@ -2096,7 +2096,7 @@ class CommandeFournisseur extends CommonOrder $main = MAIN_DB_PREFIX.'commande_fournisseurdet'; $ef = $main."_extrafields"; - $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_commande = ".$this->id.")"; + $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_commande = ".((int) $this->id).")"; dol_syslog(get_class($this)."::delete extrafields lines", LOG_DEBUG); if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -2104,7 +2104,7 @@ class CommandeFournisseur extends CommonOrder $error++; } - $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseurdet WHERE fk_commande =".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseurdet WHERE fk_commande =".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -2112,7 +2112,7 @@ class CommandeFournisseur extends CommonOrder $error++; } - $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseur WHERE rowid =".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseur WHERE rowid =".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if ($resql = $this->db->query($sql)) { if ($this->db->affected_rows($resql) < 1) { @@ -2332,7 +2332,7 @@ class CommandeFournisseur extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " SET fk_statut = ".((int) $statut); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND fk_statut IN (".self::STATUS_ORDERSENT.",".self::STATUS_RECEIVED_PARTIALLY.")"; // Process running or Partially received dol_syslog(get_class($this)."::Livraison", LOG_DEBUG); @@ -2406,7 +2406,7 @@ class CommandeFournisseur extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " SET date_livraison = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2465,7 +2465,7 @@ class CommandeFournisseur extends CommonOrder $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; $sql .= " SET fk_projet = ".($id_projet > 0 ? (int) $id_projet : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -3787,7 +3787,7 @@ class CommandeFournisseurLigne extends CommonOrderLine $sql .= ", multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= ", multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::updateline", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php index b5c0ffc0add..91f384703a9 100644 --- a/htdocs/loan/class/loan.class.php +++ b/htdocs/loan/class/loan.class.php @@ -307,7 +307,7 @@ class Loan extends CommonObject // Delete payments if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_loan where fk_loan=".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_loan where fk_loan=".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/loan/class/paymentloan.class.php b/htdocs/loan/class/paymentloan.class.php index 8139e25c87c..841ffa7b373 100644 --- a/htdocs/loan/class/paymentloan.class.php +++ b/htdocs/loan/class/paymentloan.class.php @@ -332,7 +332,6 @@ class PaymentLoan extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."payment_loan SET"; - $sql .= " fk_loan=".(isset($this->fk_loan) ? $this->fk_loan : "null").","; $sql .= " datec=".(dol_strlen($this->datec) != 0 ? "'".$this->db->idate($this->datec)."'" : 'null').","; $sql .= " tms=".(dol_strlen($this->tms) != 0 ? "'".$this->db->idate($this->tms)."'" : 'null').","; @@ -347,7 +346,6 @@ class PaymentLoan extends CommonObject $sql .= " fk_bank=".(isset($this->fk_bank) ? $this->fk_bank : "null").","; $sql .= " fk_user_creat=".(isset($this->fk_user_creat) ? $this->fk_user_creat : "null").","; $sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null").""; - $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/htdocs/reception/class/reception.class.php b/htdocs/reception/class/reception.class.php index 33034f290d1..e1e2c857bc0 100644 --- a/htdocs/reception/class/reception.class.php +++ b/htdocs/reception/class/reception.class.php @@ -564,7 +564,7 @@ class Reception extends CommonObject $sql .= " ed.eatby, ed.sellby, ed.batch"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -915,7 +915,7 @@ class Reception extends CommonObject $sql = "SELECT cd.fk_product, cd.subprice, ed.qty, ed.fk_entrepot, ed.eatby, ed.sellby, ed.batch, ed.rowid as commande_fournisseur_dispatch_id"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::delete select details", LOG_DEBUG); @@ -940,10 +940,10 @@ class Reception extends CommonObject if (!$error) { $main = MAIN_DB_PREFIX.'commande_fournisseur_dispatch'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_reception = ".$this->id.")"; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_reception = ".((int) $this->id).")"; $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseur_dispatch"; - $sql .= " WHERE fk_reception = ".$this->id; + $sql .= " WHERE fk_reception = ".((int) $this->id); if ($this->db->query($sqlef) && $this->db->query($sql)) { // Delete linked object @@ -1489,7 +1489,7 @@ class Reception extends CommonObject $sql .= " ed.eatby, ed.sellby, ed.batch"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -1650,7 +1650,7 @@ class Reception extends CommonObject $sql .= " ed.eatby, ed.sellby, ed.batch"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); @@ -1772,7 +1772,7 @@ class Reception extends CommonObject $sql .= " ed.eatby, ed.sellby, ed.batch"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as cd,"; $sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as ed"; - $sql .= " WHERE ed.fk_reception = ".$this->id; + $sql .= " WHERE ed.fk_reception = ".((int) $this->id); $sql .= " AND cd.rowid = ed.fk_commandefourndet"; dol_syslog(get_class($this)."::valid select details", LOG_DEBUG); diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index bc44ad200d5..6b76cf23af6 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1294,7 +1294,7 @@ class SupplierProposal extends CommonObject $sql .= ' d.fk_multicurrency, d.multicurrency_code, d.multicurrency_subprice, d.multicurrency_total_ht, d.multicurrency_total_tva, d.multicurrency_total_ttc, d.fk_unit'; $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposaldet as d"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid"; - $sql .= " WHERE d.fk_supplier_proposal = ".$this->id; + $sql .= " WHERE d.fk_supplier_proposal = ".((int) $this->id); $sql .= " ORDER by d.rang"; $result = $this->db->query($sql); @@ -1417,8 +1417,8 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET ref = '".$this->db->escape($num)."',"; - $sql .= " fk_statut = 1, date_valid='".$this->db->idate($now)."', fk_user_valid=".$user->id; - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " fk_statut = 1, date_valid='".$this->db->idate($now)."', fk_user_valid=".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; dol_syslog(get_class($this)."::valid", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1517,7 +1517,7 @@ class SupplierProposal extends CommonObject if (!empty($user->rights->supplier_proposal->creer)) { $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal "; $sql .= " SET date_livraison = ".($delivery_date != '' ? "'".$this->db->idate($delivery_date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { $this->date_livraison = $delivery_date; @@ -1549,7 +1549,7 @@ class SupplierProposal extends CommonObject $remise = price2num($remise, 2); $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal SET remise_percent = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; if ($this->db->query($sql)) { $this->remise_percent = ((float) $remise); @@ -1584,7 +1584,7 @@ class SupplierProposal extends CommonObject if (!empty($user->rights->supplier_proposal->creer)) { $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal "; $sql .= " SET remise_absolue = ".((float) $remise); - $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; + $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = 0"; if ($this->db->query($sql)) { $this->remise_absolue = $remise; @@ -1622,7 +1622,7 @@ class SupplierProposal extends CommonObject $sql .= " note_private = '".$this->db->escape($note)."',"; } $sql .= " date_cloture=NULL, fk_user_cloture=NULL"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $this->db->begin(); @@ -1681,7 +1681,7 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($note)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1881,7 +1881,7 @@ class SupplierProposal extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; $sql .= " SET fk_statut = ".self::STATUS_DRAFT; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); if ($this->db->query($sql)) { if (!$error) { @@ -2016,10 +2016,10 @@ class SupplierProposal extends CommonObject if (!$error) { $main = MAIN_DB_PREFIX.'supplier_proposaldet'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_supplier_proposal = ".$this->id.")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE fk_supplier_proposal = ".$this->id; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_supplier_proposal = ".((int) $this->id).")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE fk_supplier_proposal = ".((int) $this->id); if ($this->db->query($sql)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposal WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposal WHERE rowid = ".((int) $this->id); if ($this->db->query($sqlef) && $this->db->query($sql)) { // Delete linked object $res = $this->deleteObjectLinked(); @@ -3100,7 +3100,7 @@ class SupplierProposalLine extends CommonObjectLine $error = 0; $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."supplier_proposaldet WHERE rowid = ".((int) $this->id); dol_syslog("SupplierProposalLine::delete", LOG_DEBUG); if ($this->db->query($sql)) { // Remove extrafields @@ -3248,7 +3248,7 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " , multicurrency_total_tva=".price2num($this->multicurrency_total_tva).""; $sql .= " , multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc).""; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -3296,7 +3296,7 @@ class SupplierProposalLine extends CommonObjectLine $sql .= " total_ht=".price2num($this->total_ht, 'MT'); $sql .= ",total_tva=".price2num($this->total_tva, 'MT'); $sql .= ",total_ttc=".price2num($this->total_ttc, 'MT'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("SupplierProposalLine::update_total", LOG_DEBUG); diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 721a7b92ae8..0c00fcdd938 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -1466,7 +1466,7 @@ if ($placeid > 0) { $sql .= " WHERE ps.reel != 0"; $sql .= " AND ps.fk_entrepot = ".((int) $conf->global->$constantforkey); $sql .= " AND e.entity IN (".getEntity('stock').")"; - $sql .= " AND ps.fk_product = ".$line->fk_product; + $sql .= " AND ps.fk_product = ".((int) $line->fk_product); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/ticket/index.php b/htdocs/ticket/index.php index 1c565b79b45..4b9202f4245 100644 --- a/htdocs/ticket/index.php +++ b/htdocs/ticket/index.php @@ -332,7 +332,7 @@ if ($user->socid > 0) { } else { // Restricted to assigned user only if (!empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY) && !$user->rights->ticket->manage) { - $sql .= " AND t.fk_user_assign=".$user->id; + $sql .= " AND t.fk_user_assign = ".((int) $user->id); } } $sql .= $db->order("t.datec", "DESC"); diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 5a55a1ab324..c79a75e851c 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -425,9 +425,9 @@ if ($search_dateclose_end) { if (!$user->socid && ($mode == "mine" || (!$user->admin && $conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY))) { - $sql .= " AND (t.fk_user_assign = ".$user->id; + $sql .= " AND (t.fk_user_assign = ".((int) $user->id); if (empty($conf->global->TICKET_LIMIT_VIEW_ASSIGNED_ONLY)) { - $sql .= " OR t.fk_user_create = ".$user->id; + $sql .= " OR t.fk_user_create = ".((int) $user->id); } $sql .= ")"; } diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 4c253e4a4a8..6df01a907f4 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -576,8 +576,8 @@ class User extends CommonObject if ($loadpersonalconf) { // Load user->conf for user $sql = "SELECT param, value FROM ".MAIN_DB_PREFIX."user_param"; - $sql .= " WHERE fk_user = ".$this->id; - $sql .= " AND entity = ".$conf->entity; + $sql .= " WHERE fk_user = ".((int) $this->id); + $sql .= " AND entity = ".((int) $conf->entity); //dol_syslog(get_class($this).'::fetch load personalized conf', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -727,7 +727,7 @@ class User extends CommonObject //print "$module-$perms-$subperms"; $sql = "SELECT id"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE entity = ".$entity; + $sql .= " WHERE entity = ".((int) $entity); if (!empty($whereforadd) && $whereforadd != 'allmodules') { $sql .= " AND ".$whereforadd; } @@ -740,11 +740,11 @@ class User extends CommonObject $obj = $this->db->fetch_object($result); $nid = $obj->id; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".$this->id." AND fk_id=".$nid." AND entity = ".$entity; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".((int) $this->id)." AND fk_id = ".((int) $nid)." AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (entity, fk_user, fk_id) VALUES (".$entity.", ".$this->id.", ".$nid.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (entity, fk_user, fk_id) VALUES (".((int) $entity).", ".((int) $this->id).", ".((int) $nid).")"; if (!$this->db->query($sql)) { $error++; } @@ -808,7 +808,7 @@ class User extends CommonObject $sql = "SELECT module, perms, subperms"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; $sql .= " WHERE id = '".$this->db->escape($rid)."'"; - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); if ($result) { @@ -853,7 +853,7 @@ class User extends CommonObject //print "$module-$perms-$subperms"; $sql = "SELECT id"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE entity = ".$entity; + $sql .= " WHERE entity = ".((int) $entity); if (!empty($wherefordel) && $wherefordel != 'allmodules') { $sql .= " AND ".$wherefordel; } @@ -875,8 +875,8 @@ class User extends CommonObject $nid = $obj->id; $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights"; - $sql .= " WHERE fk_user = ".$this->id." AND fk_id = ".((int) $nid); - $sql .= " AND entity = ".$entity; + $sql .= " WHERE fk_user = ".((int) $this->id)." AND fk_id = ".((int) $nid); + $sql .= " AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } @@ -1022,12 +1022,12 @@ class User extends CommonObject if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $sql .= " AND gu.entity IN (0,".$conf->entity.")"; } else { - $sql .= " AND r.entity = ".$conf->entity; + $sql .= " AND r.entity = ".((int) $conf->entity); } } else { - $sql .= " AND gr.entity = ".$conf->entity; - $sql .= " AND gu.entity = ".$conf->entity; - $sql .= " AND r.entity = ".$conf->entity; + $sql .= " AND gr.entity = ".((int) $conf->entity); + $sql .= " AND gu.entity = ".((int) $conf->entity); + $sql .= " AND r.entity = ".((int) $conf->entity); } $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; $sql .= " AND gu.fk_user = ".((int) $this->id); @@ -1180,7 +1180,7 @@ class User extends CommonObject dol_syslog(get_class($this)."::delete", LOG_DEBUG); // Remove rights - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".((int) $this->id); if (!$error && !$this->db->query($sql)) { $error++; @@ -1188,14 +1188,14 @@ class User extends CommonObject } // Remove group - $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user WHERE fk_user = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user WHERE fk_user = ".((int) $this->id); if (!$error && !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); } // Remove params - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_param WHERE fk_user = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_param WHERE fk_user = ".((int) $this->id); if (!$error && !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -1221,7 +1221,7 @@ class User extends CommonObject // Remove user if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."user WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."user WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if (!$this->db->query($sql)) { $error++; @@ -1574,7 +1574,7 @@ class User extends CommonObject $num = 0; $sql = "SELECT id FROM ".MAIN_DB_PREFIX."rights_def"; $sql .= " WHERE bydefault = 1"; - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); $resql = $this->db->query($sql); if ($resql) { @@ -1769,7 +1769,7 @@ class User extends CommonObject $sql .= ", default_c_exp_tax_cat = ".($this->default_c_exp_tax_cat > 0 ? $this->default_c_exp_tax_cat : 'null'); $sql .= ", fk_warehouse = ".($this->fk_warehouse > 0 ? $this->fk_warehouse : "null"); $sql .= ", lang = ".($this->lang ? "'".$this->db->escape($this->lang)."'" : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1960,7 +1960,7 @@ class User extends CommonObject $sql .= " datepreviouslogin = datelastlogin,"; $sql .= " datelastlogin = '".$this->db->idate($now)."',"; $sql .= " tms = tms"; // La date de derniere modif doit changer sauf pour la mise a jour de date de derniere connexion - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_last_login_date user->id=".$this->id." ".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2021,7 +2021,7 @@ class User extends CommonObject } else { $sql .= ", pass = '".$this->db->escape($password)."'"; } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setPassword", LOG_DEBUG); $result = $this->db->query($sql); @@ -2079,7 +2079,7 @@ class User extends CommonObject // After receiving confirmation link, we will erase and store it in pass_crypted $sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql .= " SET pass_temp = '".$this->db->escape($password)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::setPassword", LOG_DEBUG); // No log $result = $this->db->query($sql); @@ -2225,7 +2225,7 @@ class User extends CommonObject // phpcs:enable $sql = "SELECT url, login, pass, poste "; $sql .= " FROM ".MAIN_DB_PREFIX."user_clicktodial as u"; - $sql .= " WHERE u.fk_user = ".$this->id; + $sql .= " WHERE u.fk_user = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -2260,7 +2260,7 @@ class User extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_clicktodial"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); dol_syslog(get_class($this).'::update_clicktodial', LOG_DEBUG); $result = $this->db->query($sql); @@ -2305,14 +2305,14 @@ class User extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); $sql .= " AND fk_usergroup = ".((int) $group); - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); $sql = "INSERT INTO ".MAIN_DB_PREFIX."usergroup_user (entity, fk_user, fk_usergroup)"; - $sql .= " VALUES (".$entity.",".$this->id.",".$group.")"; + $sql .= " VALUES (".((int) $entity).",".((int) $this->id).",".((int) $group).")"; $result = $this->db->query($sql); if ($result) { @@ -2362,9 +2362,9 @@ class User extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); $sql .= " AND fk_usergroup = ".((int) $group); - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); $result = $this->db->query($sql); if ($result) { @@ -3093,7 +3093,7 @@ class User extends CommonObject { // phpcs:enable $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."user"; - $sql .= " WHERE fk_user = ".$this->id; + $sql .= " WHERE fk_user = ".((int) $this->id); dol_syslog(get_class($this)."::get_children sql=".$sql, LOG_DEBUG); $res = $this->db->query($sql); diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php index 1f0bb2891c6..b1b3175aaa9 100644 --- a/htdocs/user/class/usergroup.class.php +++ b/htdocs/user/class/usergroup.class.php @@ -227,7 +227,7 @@ class UserGroup extends CommonObject /** * Return array of User objects for group this->id (or all if this->id not defined) * - * @param string $excludefilter Filter to exclude + * @param string $excludefilter Filter to exclude. Do not use here a string coming from user input. * @param int $mode 0=Return array of user instance, 1=Return array of users id only * @return mixed Array of users or -1 on error */ @@ -250,7 +250,7 @@ class UserGroup extends CommonObject $sql .= " AND ug.fk_user = u.rowid"; } if (!empty($this->id)) { - $sql .= " AND ug.fk_usergroup = ".$this->id; + $sql .= " AND ug.fk_usergroup = ".((int) $this->id); } if (!empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && !$user->entity) { $sql .= " AND u.entity IS NOT NULL"; @@ -372,11 +372,11 @@ class UserGroup extends CommonObject $obj = $this->db->fetch_object($result); $nid = $obj->id; - $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights WHERE fk_usergroup = $this->id AND fk_id=".$nid." AND entity = ".$entity; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights WHERE fk_usergroup = ".((int) $this->id)." AND fk_id=".((int) $nid)." AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."usergroup_rights (entity, fk_usergroup, fk_id) VALUES (".$entity.", ".$this->id.", ".$nid.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."usergroup_rights (entity, fk_usergroup, fk_id) VALUES (".((int) $entity).", ".((int) $this->id).", ".((int) $nid).")"; if (!$this->db->query($sql)) { $error++; } @@ -486,7 +486,7 @@ class UserGroup extends CommonObject //print "$module-$perms-$subperms"; $sql = "SELECT id"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE entity = ".$entity; + $sql .= " WHERE entity = ".((int) $entity); if (!empty($wherefordel) && $wherefordel != 'allmodules') { $sql .= " AND ".$wherefordel; } @@ -505,7 +505,7 @@ class UserGroup extends CommonObject $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights"; $sql .= " WHERE fk_usergroup = $this->id AND fk_id=".((int) $nid); - $sql .= " AND entity = ".$entity; + $sql .= " AND entity = ".((int) $entity); if (!$this->db->query($sql)) { $error++; } @@ -566,9 +566,9 @@ class UserGroup extends CommonObject $sql = "SELECT r.module, r.perms, r.subperms "; $sql .= " FROM ".MAIN_DB_PREFIX."usergroup_rights as u, ".MAIN_DB_PREFIX."rights_def as r"; $sql .= " WHERE r.id = u.fk_id"; - $sql .= " AND r.entity = ".$conf->entity; - $sql .= " AND u.entity = ".$conf->entity; - $sql .= " AND u.fk_usergroup = ".$this->id; + $sql .= " AND r.entity = ".((int) $conf->entity); + $sql .= " AND u.entity = ".((int) $conf->entity); + $sql .= " AND u.fk_usergroup = ".((int) $this->id); $sql .= " AND r.perms IS NOT NULL"; if ($moduletag) { $sql .= " AND r.module = '".$this->db->escape($moduletag)."'"; diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php index 9bb8ab66c38..05b45ebf829 100644 --- a/htdocs/user/notify/card.php +++ b/htdocs/user/notify/card.php @@ -232,7 +232,7 @@ if ($result > 0) { $sql .= " ".MAIN_DB_PREFIX."user c"; $sql .= " WHERE a.rowid = n.fk_action"; $sql .= " AND c.rowid = n.fk_user"; - $sql .= " AND c.rowid = ".$object->id; + $sql .= " AND c.rowid = ".((int) $object->id); $sql .= " AND c.entity IN (".getEntity('user').')'; $resql = $db->query($sql); diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index c5eab1c4e1c..9c00cb300c7 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -288,9 +288,9 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Check sql string AND ... yyy = ".$xxx // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string or an (int) if int when forging sql request. - preg_match_all('/AND.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('/(DELETE|OR|AND)\s.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { - if ($val[1] == 'ity' && $val[2] == 'con') { + if ($val[2] == 'ity' && $val[3] == 'con') { continue; } var_dump($matches);