diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php
index 993ea72e7f3..8ec99aa1007 100644
--- a/htdocs/expensereport/class/expensereport.class.php
+++ b/htdocs/expensereport/class/expensereport.class.php
@@ -880,7 +880,7 @@ class ExpenseReport extends CommonObject
if ($user->rights->expensereport->lire) {
$sql = "SELECT de.fk_expensereport, de.date, de.comments, de.total_ht, de.total_ttc";
$sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as de";
- $sql .= " WHERE de.fk_projet = ".$projectid;
+ $sql .= " WHERE de.fk_projet = ".((int) $projectid);
dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);
$result = $this->db->query($sql);
@@ -1117,8 +1117,8 @@ class ExpenseReport extends CommonObject
// Delete extrafields of lines and lines
if (!$error && !empty($this->table_element_line)) {
$tabletodelete = $this->table_element_line;
- //$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")";
- $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id;
+ //$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")";
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id);
if (!$this->db->query($sql)) {
$error++;
$this->error = $this->db->lasterror();
@@ -1154,7 +1154,7 @@ class ExpenseReport extends CommonObject
// Delete main record
if (!$error) {
- $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id);
$res = $this->db->query($sql);
if (!$res) {
$error++;
@@ -2124,7 +2124,7 @@ class ExpenseReport extends CommonObject
// Select des infos sur le type fees
$sql = "SELECT c.code as code_type_fees, c.label as libelle_type_fees";
$sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees as c";
- $sql .= " WHERE c.id = ".$type_fees_id;
+ $sql .= " WHERE c.id = ".((int) $type_fees_id);
$resql = $this->db->query($sql);
if ($resql) {
$objp_fees = $this->db->fetch_object($resql);
@@ -2136,7 +2136,7 @@ class ExpenseReport extends CommonObject
// Select des informations du projet
$sql = "SELECT p.ref as ref_projet, p.title as title_projet";
$sql .= " FROM ".MAIN_DB_PREFIX."projet as p";
- $sql .= " WHERE p.rowid = ".$projet_id;
+ $sql .= " WHERE p.rowid = ".((int) $projet_id);
$resql = $this->db->query($sql);
if ($resql) {
$objp_projet = $this->db->fetch_object($resql);
@@ -2331,7 +2331,7 @@ class ExpenseReport extends CommonObject
$ret = array();
$sql = "SELECT id, code, label";
$sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees";
- $sql .= " WHERE active = ".$active;
+ $sql .= " WHERE active = ".((int) $active);
dol_syslog(get_class($this)."::listOfTypes", LOG_DEBUG);
$result = $this->db->query($sql);
if ($result) {
@@ -2495,7 +2495,7 @@ class ExpenseReport extends CommonObject
$type = 'expense_report';
- $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id;
+ $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);
diff --git a/htdocs/expensereport/class/expensereportstats.class.php b/htdocs/expensereport/class/expensereportstats.class.php
index ec71f530f51..8f3574f2952 100644
--- a/htdocs/expensereport/class/expensereportstats.class.php
+++ b/htdocs/expensereport/class/expensereportstats.class.php
@@ -114,7 +114,7 @@ class ExpenseReportStats extends Stats
{
$sql = "SELECT MONTH(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).") as dm, count(*)";
$sql .= " FROM ".$this->from;
- $sql .= " WHERE YEAR(e.".$this->datetouse.") = ".$year;
+ $sql .= " WHERE YEAR(e.".$this->datetouse.") = ".((int) $year);
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php
index d50f6336669..b7057af86fc 100644
--- a/htdocs/expensereport/payment/payment.php
+++ b/htdocs/expensereport/payment/payment.php
@@ -206,7 +206,7 @@ if ($action == 'create' || empty($action)) {
$sql = "SELECT sum(p.amount) as total";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_expensereport as p, ".MAIN_DB_PREFIX."expensereport as e";
- $sql .= " WHERE p.fk_expensereport = e.rowid AND p.fk_expensereport = ".$id;
+ $sql .= " WHERE p.fk_expensereport = e.rowid AND p.fk_expensereport = ".((int) $id);
$sql .= ' AND e.entity IN ('.getEntity('expensereport').')';
$resql = $db->query($sql);
if ($resql) {
diff --git a/htdocs/fichinter/class/fichinterrec.class.php b/htdocs/fichinter/class/fichinterrec.class.php
index 960a2734706..4fe35c32a2c 100644
--- a/htdocs/fichinter/class/fichinterrec.class.php
+++ b/htdocs/fichinter/class/fichinterrec.class.php
@@ -434,10 +434,10 @@ class FichinterRec extends Fichinter
$error = 0;
$this->db->begin();
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet_rec WHERE fk_fichinter = ".$rowid;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet_rec WHERE fk_fichinter = ".((int) $rowid);
dol_syslog($sql);
if ($this->db->query($sql)) {
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinter_rec WHERE rowid = ".$rowid;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinter_rec WHERE rowid = ".((int) $rowid);
dol_syslog($sql);
if (!$this->db->query($sql)) {
$this->error = $this->db->lasterror();
diff --git a/htdocs/fichinter/class/fichinterstats.class.php b/htdocs/fichinter/class/fichinterstats.class.php
index 2daede1457a..297aeca7760 100644
--- a/htdocs/fichinter/class/fichinterstats.class.php
+++ b/htdocs/fichinter/class/fichinterstats.class.php
@@ -73,7 +73,7 @@ class FichinterStats extends Stats
//$this->where.= " AND c.fk_statut > 0"; // Not draft and not cancelled
}
if (!$user->rights->societe->client->voir && !$this->socid) {
- $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$this->where .= ($this->where ? ' AND ' : '')."c.entity IN (".getEntity('fichinter').')';
diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php
index 0fa34c28d81..c910cffe8d4 100644
--- a/htdocs/fourn/class/fournisseur.product.class.php
+++ b/htdocs/fourn/class/fournisseur.product.class.php
@@ -164,7 +164,7 @@ class ProductFournisseur extends Product
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price";
- $sql .= " WHERE fk_product = ".$this->id." AND fk_soc = ".$id_fourn;
+ $sql .= " WHERE fk_product = ".$this->id." AND fk_soc = ".((int) $id_fourn);
dol_syslog(get_class($this)."::remove_fournisseur", LOG_DEBUG);
$resql2 = $this->db->query($sql);
@@ -208,7 +208,7 @@ class ProductFournisseur extends Product
if (empty($error)) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price";
- $sql .= " WHERE rowid = ".$rowid;
+ $sql .= " WHERE rowid = ".((int) $rowid);
dol_syslog(get_class($this)."::remove_product_fournisseur_price", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -438,7 +438,7 @@ class ProductFournisseur extends Product
// Delete price for this quantity
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price";
- $sql .= " WHERE fk_soc = ".$fourn->id." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".$qty." AND entity = ".$conf->entity;
+ $sql .= " WHERE fk_soc = ".$fourn->id." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".((float) $qty)." AND entity = ".$conf->entity;
$resql = $this->db->query($sql);
if ($resql) {
// Add price for this quantity to supplier
diff --git a/htdocs/fourn/recap-fourn.php b/htdocs/fourn/recap-fourn.php
index 06ad90ec858..97a6b53f2e2 100644
--- a/htdocs/fourn/recap-fourn.php
+++ b/htdocs/fourn/recap-fourn.php
@@ -73,7 +73,7 @@ if ($socid > 0) {
$sql .= " f.paye as paye, f.fk_statut as statut, f.rowid as facid,";
$sql .= " u.login, u.rowid as userid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_fourn as f,".MAIN_DB_PREFIX."user as u";
- $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$societe->id;
+ $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $societe->id);
$sql .= " AND f.entity IN (".getEntity("facture_fourn").")"; // Recognition of the entity attributed to this invoice for Multicompany
$sql .= " AND f.fk_user_valid = u.rowid";
$sql .= " ORDER BY f.datef DESC";
diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php
index 4b5c742b3f1..ffd394a35b3 100644
--- a/htdocs/holiday/class/holiday.class.php
+++ b/htdocs/holiday/class/holiday.class.php
@@ -2069,7 +2069,7 @@ class Holiday extends CommonObject
$sql = "SELECT rowid, code, label, affect, delay, newByMonth";
$sql .= " FROM ".MAIN_DB_PREFIX."c_holiday_types";
- $sql .= " WHERE (fk_country IS NULL OR fk_country = ".$mysoc->country_id.')';
+ $sql .= " WHERE (fk_country IS NULL OR fk_country = ".((int) $mysoc->country_id).')';
if ($active >= 0) {
$sql .= " AND active = ".((int) $active);
}
diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php
index fb63847c3e6..26c791c2290 100644
--- a/htdocs/install/upgrade2.php
+++ b/htdocs/install/upgrade2.php
@@ -2161,7 +2161,7 @@ function migrate_detail_livraison($db, $langs, $conf)
if ($resql2) {
$sql = "SELECT total_ht";
$sql .= " FROM ".MAIN_DB_PREFIX."livraison";
- $sql .= " WHERE rowid = ".$obj->fk_livraison;
+ $sql .= " WHERE rowid = ".((int) $obj->fk_livraison);
$resql3 = $db->query($sql);
if ($resql3) {
@@ -2864,7 +2864,7 @@ function migrate_project_task_time($db, $langs, $conf)
foreach ($totaltime as $taskid => $total_duration) {
$sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET";
$sql .= " duration_effective = ".$total_duration;
- $sql .= " WHERE rowid = ".$taskid;
+ $sql .= " WHERE rowid = ".((int) $taskid);
$resql = $db->query($sql);
if (!$resql) {
@@ -3235,7 +3235,7 @@ function migrate_mode_reglement($db, $langs, $conf)
$sqlSelect = "SELECT id";
$sqlSelect .= " FROM ".MAIN_DB_PREFIX."c_paiement";
- $sqlSelect .= " WHERE id = ".$old_id;
+ $sqlSelect .= " WHERE id = ".((int) $old_id);
$sqlSelect .= " AND code = '".$db->escape($elements['code'][$key])."'";
$resql = $db->query($sqlSelect);
@@ -3246,23 +3246,23 @@ function migrate_mode_reglement($db, $langs, $conf)
$db->begin();
- $sqla = "UPDATE ".MAIN_DB_PREFIX."paiement SET ";
- $sqla .= "fk_paiement = ".$elements['new_id'][$key];
- $sqla .= " WHERE fk_paiement = ".$old_id;
- $sqla .= " AND fk_paiement IN (SELECT id FROM ".MAIN_DB_PREFIX."c_paiement WHERE id = ".$old_id." AND code = '".$db->escape($elements['code'][$key])."')";
+ $sqla = "UPDATE ".MAIN_DB_PREFIX."paiement SET";
+ $sqla .= " fk_paiement = ".$elements['new_id'][$key];
+ $sqla .= " WHERE fk_paiement = ".((int) $old_id);
+ $sqla .= " AND fk_paiement IN (SELECT id FROM ".MAIN_DB_PREFIX."c_paiement WHERE id = ".((int) $old_id)." AND code = '".$db->escape($elements['code'][$key])."')";
$resqla = $db->query($sqla);
- $sql = "UPDATE ".MAIN_DB_PREFIX."c_paiement SET ";
- $sql .= "id = ".$elements['new_id'][$key];
- $sql .= " WHERE id = ".$old_id;
+ $sql = "UPDATE ".MAIN_DB_PREFIX."c_paiement SET";
+ $sql .= " id = ".((int) $elements['new_id'][$key]);
+ $sql .= " WHERE id = ".((int) $old_id);
$sql .= " AND code = '".$db->escape($elements['code'][$key])."'";
$resql = $db->query($sql);
if ($resqla && $resql) {
foreach ($elements['tables'] as $table) {
$sql = "UPDATE ".MAIN_DB_PREFIX.$table." SET ";
- $sql .= "fk_mode_reglement = ".$elements['new_id'][$key];
- $sql .= " WHERE fk_mode_reglement = ".$old_id;
+ $sql .= "fk_mode_reglement = "((int) $elements['new_id'][$key]);
+ $sql .= " WHERE fk_mode_reglement = ".((int) $old_id);
$resql = $db->query($sql);
if (!$resql) {
@@ -3786,16 +3786,16 @@ function migrate_remise_except_entity($db, $langs, $conf)
$sqlSelect2 = "SELECT f.entity";
$sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."facture as f";
- $sqlSelect2 .= " WHERE f.rowid = ".$fk_facture;
+ $sqlSelect2 .= " WHERE f.rowid = ".((int) $fk_facture);
} elseif (!empty($obj->fk_facture_line)) {
$sqlSelect2 = "SELECT f.entity";
$sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."facturedet as fd";
- $sqlSelect2 .= " WHERE fd.rowid = ".$obj->fk_facture_line;
+ $sqlSelect2 .= " WHERE fd.rowid = ".((int) $obj->fk_facture_line);
$sqlSelect2 .= " AND fd.fk_facture = f.rowid";
} else {
$sqlSelect2 = "SELECT s.entity";
$sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."societe as s";
- $sqlSelect2 .= " WHERE s.rowid = ".$obj->fk_soc;
+ $sqlSelect2 .= " WHERE s.rowid = ".((int) $obj->fk_soc);
}
$resql2 = $db->query($sqlSelect2);
diff --git a/htdocs/loan/card.php b/htdocs/loan/card.php
index 9e9e1a0a992..c3c08b6cf2f 100644
--- a/htdocs/loan/card.php
+++ b/htdocs/loan/card.php
@@ -636,7 +636,7 @@ if ($id > 0) {
$sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepayment = c.id";
$sql .= ", ".MAIN_DB_PREFIX."loan as l";
- $sql .= " WHERE p.fk_loan = ".$id;
+ $sql .= " WHERE p.fk_loan = ".((int) $id);
$sql .= " AND p.fk_loan = l.rowid";
$sql .= " AND l.entity IN ( ".getEntity('loan').")";
$sql .= " ORDER BY dp DESC";
diff --git a/htdocs/loan/class/loanschedule.class.php b/htdocs/loan/class/loanschedule.class.php
index bc819f747ca..54d4607ab70 100644
--- a/htdocs/loan/class/loanschedule.class.php
+++ b/htdocs/loan/class/loanschedule.class.php
@@ -447,7 +447,7 @@ class LoanSchedule extends CommonObject
$sql .= " t.fk_user_creat,";
$sql .= " t.fk_user_modif";
$sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t";
- $sql .= " WHERE t.fk_loan = ".$loanid;
+ $sql .= " WHERE t.fk_loan = ".((int) $loanid);
dol_syslog(get_class($this)."::fetchAll", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -535,7 +535,7 @@ class LoanSchedule extends CommonObject
{
$sql = "SELECT p.datep";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as p ";
- $sql .= " WHERE p.fk_loan = ".$loanid;
+ $sql .= " WHERE p.fk_loan = ".((int) $loanid);
$sql .= " ORDER BY p.datep DESC ";
$sql .= " LIMIT 1 ";
@@ -563,7 +563,7 @@ class LoanSchedule extends CommonObject
$sql = "SELECT p.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as p ";
- $sql .= " WHERE p.fk_loan = ".$loanid;
+ $sql .= " WHERE p.fk_loan = ".((int) $loanid);
if (!empty($datemax)) {
$sql .= " AND p.datep > '".$this->db->idate($datemax)."'";
}
diff --git a/htdocs/loan/payment/payment.php b/htdocs/loan/payment/payment.php
index eec24d9b3e2..58783be181e 100644
--- a/htdocs/loan/payment/payment.php
+++ b/htdocs/loan/payment/payment.php
@@ -239,7 +239,7 @@ if ($action == 'create') {
$sql = "SELECT SUM(amount_capital) as total";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_loan";
- $sql .= " WHERE fk_loan = ".$chid;
+ $sql .= " WHERE fk_loan = ".((int) $chid);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
diff --git a/htdocs/margin/agentMargins.php b/htdocs/margin/agentMargins.php
index a27393c8bb2..1ac670c4a7f 100644
--- a/htdocs/margin/agentMargins.php
+++ b/htdocs/margin/agentMargins.php
@@ -290,7 +290,7 @@ if ($result) {
// sql nb sellers
$sql_seller = "SELECT COUNT(sc.rowid) as nb";
$sql_seller .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
- $sql_seller .= " WHERE sc.fk_soc = ".$objp->socid;
+ $sql_seller .= " WHERE sc.fk_soc = ".((int) $objp->socid);
$sql_seller .= " LIMIT 1";
$resql_seller = $db->query($sql_seller);
diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php
index 6a17e500a69..df687f84e56 100644
--- a/htdocs/modulebuilder/template/class/myobject.class.php
+++ b/htdocs/modulebuilder/template/class/myobject.class.php
@@ -579,9 +579,9 @@ class MyObject extends CommonObject
$sql .= ", date_validation = '".$this->db->idate($now)."'";
}
if (!empty($this->fields['fk_user_valid'])) {
- $sql .= ", fk_user_valid = ".$user->id;
+ $sql .= ", fk_user_valid = ".((int) $user->id);
}
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::validate()", LOG_DEBUG);
$resql = $this->db->query($sql);
diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index ad3b694f137..d9cadd304b2 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -1820,9 +1820,9 @@ class Product extends CommonObject
$sql .= ", pfp.packaging";
}
$sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
- $sql .= " WHERE pfp.rowid = ".$prodfournprice;
+ $sql .= " WHERE pfp.rowid = ".((int) $prodfournprice);
if ($qty > 0) {
- $sql .= " AND pfp.quantity <= ".$qty;
+ $sql .= " AND pfp.quantity <= ".((float) $qty);
}
$sql .= " ORDER BY pfp.quantity DESC";
@@ -1874,15 +1874,15 @@ class Product extends CommonObject
$sql .= " pfp.multicurrency_price, pfp.multicurrency_unitprice, pfp.multicurrency_tx, pfp.fk_multicurrency, pfp.multicurrency_code,";
$sql .= " pfp.packaging";
$sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
- $sql .= " WHERE pfp.fk_product = ".$product_id;
+ $sql .= " WHERE pfp.fk_product = ".((int) $product_id);
if ($fourn_ref != 'none') {
$sql .= " AND pfp.ref_fourn = '".$this->db->escape($fourn_ref)."'";
}
if ($fk_soc > 0) {
- $sql .= " AND pfp.fk_soc = ".$fk_soc;
+ $sql .= " AND pfp.fk_soc = ".((int) $fk_soc);
}
if ($qty > 0) {
- $sql .= " AND pfp.quantity <= ".$qty;
+ $sql .= " AND pfp.quantity <= ".((float) $qty);
}
$sql .= " ORDER BY pfp.quantity DESC";
$sql .= " LIMIT 1";
@@ -2360,7 +2360,7 @@ class Product extends CommonObject
$sql = "SELECT price, price_ttc, price_min, price_min_ttc,";
$sql .= " price_base_type, tva_tx, default_vat_code, tosell, price_by_qty, rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."product_price";
- $sql .= " WHERE fk_product = ".$this->id;
+ $sql .= " WHERE fk_product = ".((int) $this->id);
$sql .= " ORDER BY date_price DESC, rowid DESC";
$sql .= " LIMIT 1";
$resql = $this->db->query($sql);
@@ -2374,7 +2374,7 @@ class Product extends CommonObject
if ($this->prices_by_qty[0] == 1) {
$sql = "SELECT rowid,price, unitprice, quantity, remise_percent, remise, remise, price_base_type";
$sql .= " FROM ".MAIN_DB_PREFIX."product_price_by_qty";
- $sql .= " WHERE fk_product_price = ".$this->prices_by_qty_id[0];
+ $sql .= " WHERE fk_product_price = ".((int) $this->prices_by_qty_id[0]);
$sql .= " ORDER BY quantity ASC";
$resultat = array();
$resql = $this->db->query($sql);
@@ -3946,8 +3946,8 @@ class Product extends CommonObject
}
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_association";
- $sql .= " WHERE fk_product_pere = ".$fk_parent;
- $sql .= " AND fk_product_fils = ".$fk_child;
+ $sql .= " WHERE fk_product_pere = ".((int) $fk_parent);
+ $sql .= " AND fk_product_fils = ".((int) $fk_child);
dol_syslog(get_class($this).'::del_sousproduit', LOG_DEBUG);
if (!$this->db->query($sql)) {
@@ -4040,14 +4040,14 @@ class Product extends CommonObject
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price";
- $sql .= " WHERE fk_soc = ".$id_fourn;
+ $sql .= " WHERE fk_soc = ".((int) $id_fourn);
if ($ref_fourn) {
$sql .= " AND ref_fourn = '".$this->db->escape($ref_fourn)."'";
} else {
$sql .= " AND (ref_fourn = '' OR ref_fourn IS NULL)";
}
- $sql .= " AND quantity = ".$quantity;
- $sql .= " AND fk_product = ".$this->id;
+ $sql .= " AND quantity = ".((float) $quantity);
+ $sql .= " AND fk_product = ".((int) $this->id);
$sql .= " AND entity IN (".getEntity('productsupplierprice').")";
$resql = $this->db->query($sql);
@@ -4198,7 +4198,7 @@ class Product extends CommonObject
$sql .= ", multicurrency_price";
$sql .= ", multicurrency_price_ttc";
$sql .= " FROM ".MAIN_DB_PREFIX."product_price";
- $sql .= " WHERE fk_product = ".$fromId;
+ $sql .= " WHERE fk_product = ".((int) $fromId);
$sql .= " ORDER BY date_price DESC";
if ($conf->global->PRODUIT_MULTIPRICES_LIMIT > 0) {
$sql .= " LIMIT ".$conf->global->PRODUIT_MULTIPRICES_LIMIT;
@@ -4230,7 +4230,7 @@ class Product extends CommonObject
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'product_association (fk_product_pere, fk_product_fils, qty)';
$sql .= " SELECT ".$toId.", fk_product_fils, qty FROM ".MAIN_DB_PREFIX."product_association";
- $sql .= " WHERE fk_product_pere = ".$fromId;
+ $sql .= " WHERE fk_product_pere = ".((int) $fromId);
dol_syslog(get_class($this).'::clone_association', LOG_DEBUG);
if (!$this->db->query($sql)) {
@@ -4262,7 +4262,7 @@ class Product extends CommonObject
. " datec, fk_product, fk_soc, ref_fourn, fk_user_author )"
. " SELECT '".$this->db->idate($now)."', ".$toId.", fk_soc, ref_fourn, fk_user_author"
. " FROM ".MAIN_DB_PREFIX."product_fournisseur"
- . " WHERE fk_product = ".$fromId;
+ . " WHERE fk_product = ".((int) $fromId);
if ( ! $this->db->query($sql ) )
{
@@ -4273,9 +4273,9 @@ class Product extends CommonObject
// les prix de fournisseurs.
$sql = "INSERT ".MAIN_DB_PREFIX."product_fournisseur_price (";
$sql .= " datec, fk_product, fk_soc, price, quantity, fk_user)";
- $sql .= " SELECT '".$this->db->idate($now)."', ".$toId.", fk_soc, price, quantity, fk_user";
+ $sql .= " SELECT '".$this->db->idate($now)."', ".((int) $toId).", fk_soc, price, quantity, fk_user";
$sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price";
- $sql .= " WHERE fk_product = ".$fromId;
+ $sql .= " WHERE fk_product = ".((int) $fromId);
dol_syslog(get_class($this).'::clone_fournisseurs', LOG_DEBUG);
$resql = $this->db->query($sql);
diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php
index 046aed05a10..9b0d29b4cdd 100644
--- a/htdocs/product/class/productcustomerprice.class.php
+++ b/htdocs/product/class/productcustomerprice.class.php
@@ -814,7 +814,7 @@ class Productcustomerprice extends CommonObject
// Find all susidiaries
$sql = "SELECT s.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
- $sql .= " WHERE s.parent = ".$this->fk_soc;
+ $sql .= " WHERE s.parent = ".((int) $this->fk_soc);
$sql .= " AND s.entity IN (".getEntity('societe').")";
dol_syslog(get_class($this)."::setPriceOnAffiliateThirdparty", LOG_DEBUG);
diff --git a/htdocs/product/class/productfournisseurprice.class.php b/htdocs/product/class/productfournisseurprice.class.php
index 13fa8433d07..709afcb6d20 100644
--- a/htdocs/product/class/productfournisseurprice.class.php
+++ b/htdocs/product/class/productfournisseurprice.class.php
@@ -438,7 +438,7 @@ class ProductFournisseurPrice extends CommonObject
$sql .= " status = ".self::STATUS_VALIDATED;
if (!empty($this->fields['date_validation'])) $sql .= ", date_validation = '".$this->db->idate($now)."'";
if (!empty($this->fields['fk_user_valid'])) $sql .= ", fk_user_valid = ".$user->id;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::validate()", LOG_DEBUG);
$resql = $this->db->query($sql);
diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php
index f7cf48df5e0..a1d92cc492a 100644
--- a/htdocs/product/class/propalmergepdfproduct.class.php
+++ b/htdocs/product/class/propalmergepdfproduct.class.php
@@ -239,7 +239,7 @@ class Propalmergepdfproduct extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t";
- $sql .= " WHERE t.fk_product = ".$product_id;
+ $sql .= " WHERE t.fk_product = ".((int) $product_id);
if ($conf->global->MAIN_MULTILANGS && !empty($lang)) {
$sql .= " AND t.lang = '".$this->db->escape($lang)."'";
}
diff --git a/htdocs/product/dynamic_price/class/price_expression.class.php b/htdocs/product/dynamic_price/class/price_expression.class.php
index 546c2050990..db0c427c334 100644
--- a/htdocs/product/dynamic_price/class/price_expression.class.php
+++ b/htdocs/product/dynamic_price/class/price_expression.class.php
@@ -327,7 +327,7 @@ class PriceExpression
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element;
- $sql .= " WHERE rowid = ".$rowid;
+ $sql .= " WHERE rowid = ".((int) $rowid);
dol_syslog(__METHOD__);
$resql = $this->db->query($sql);
diff --git a/htdocs/product/dynamic_price/class/price_global_variable.class.php b/htdocs/product/dynamic_price/class/price_global_variable.class.php
index 29505ff8573..5286b932ca7 100644
--- a/htdocs/product/dynamic_price/class/price_global_variable.class.php
+++ b/htdocs/product/dynamic_price/class/price_global_variable.class.php
@@ -250,7 +250,7 @@ class PriceGlobalVariable
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element;
- $sql .= " WHERE rowid = ".$rowid;
+ $sql .= " WHERE rowid = ".((int) $rowid);
dol_syslog(__METHOD__);
$resql = $this->db->query($sql);
diff --git a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php
index f43d6bc731d..96e77d661ab 100644
--- a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php
+++ b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php
@@ -275,7 +275,7 @@ class PriceGlobalVariableUpdater
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element;
- $sql .= " WHERE rowid = ".$rowid;
+ $sql .= " WHERE rowid = ".((int) $rowid);
dol_syslog(__METHOD__);
$resql = $this->db->query($sql);
diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php
index cde318cda81..6e3b487a429 100644
--- a/htdocs/product/fournisseurs.php
+++ b/htdocs/product/fournisseurs.php
@@ -793,7 +793,7 @@ END;
$sql .= ", ".$key;
}
$sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields";
- $sql .= " WHERE fk_object = ".$rowid;
+ $sql .= " WHERE fk_object = ".((int) $rowid);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
@@ -1145,7 +1145,7 @@ END;
$sql .= ", ".$key;
}
$sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields";
- $sql .= " WHERE fk_object = ".$productfourn->product_fourn_price_id;
+ $sql .= " WHERE fk_object = ".((int) $productfourn->product_fourn_price_id);
$resql = $db->query($sql);
if ($resql) {
if ($db->num_rows($resql) != 1) {
diff --git a/htdocs/product/list.php b/htdocs/product/list.php
index 7df96cbd97c..b6f5956bfd3 100644
--- a/htdocs/product/list.php
+++ b/htdocs/product/list.php
@@ -473,7 +473,7 @@ if ($searchCategoryProductOperator == 1) {
if (intval($searchCategoryProduct) == -2) {
$searchCategoryProductSqlList[] = "cp.fk_categorie IS NULL";
} elseif (intval($searchCategoryProduct) > 0) {
- $searchCategoryProductSqlList[] = "p.rowid IN (SELECT fk_product FROM ".MAIN_DB_PREFIX."categorie_product WHERE fk_categorie = ".$searchCategoryProduct.")";
+ $searchCategoryProductSqlList[] = "p.rowid IN (SELECT fk_product FROM ".MAIN_DB_PREFIX."categorie_product WHERE fk_categorie = ".((int) $searchCategoryProduct).")";
}
}
if (!empty($searchCategoryProductSqlList)) {
@@ -1530,7 +1530,7 @@ if ($resql) {
// then reuse the cache array if we need prices for other price levels
$sqlp = "SELECT p.rowid, p.fk_product, p.price, p.price_ttc, p.price_level, p.date_price, p.price_base_type";
$sqlp .= " FROM ".MAIN_DB_PREFIX."product_price as p";
- $sqlp .= " WHERE fk_product = ".$obj->rowid;
+ $sqlp .= " WHERE fk_product = ".((int) $obj->rowid);
$sqlp .= " ORDER BY p.date_price DESC, p.rowid DESC, p.price_level ASC";
$resultp = $db->query($sqlp);
if ($resultp) {
diff --git a/htdocs/product/price.php b/htdocs/product/price.php
index ee86d43c09f..6647201b719 100644
--- a/htdocs/product/price.php
+++ b/htdocs/product/price.php
@@ -429,12 +429,12 @@ if (empty($reshook)) {
// Ajout / mise à jour
if ($rowid > 0) {
$sql = "UPDATE ".MAIN_DB_PREFIX."product_price_by_qty SET";
- $sql .= " price='".$db->escape($price)."',";
- $sql .= " unitprice=".$unitPrice.",";
- $sql .= " quantity=".$quantity.",";
- $sql .= " remise_percent=".$remise_percent.",";
- $sql .= " remise=".$remise;
- $sql .= " WHERE rowid = ".$rowid;
+ $sql .= " price=".((float) $price)."',";
+ $sql .= " unitprice=".((float) $unitPrice).",";
+ $sql .= " quantity=".((float) $quantity).",";
+ $sql .= " remise_percent=".((float) $remise_percent).",";
+ $sql .= " remise=".((float) $remise);
+ $sql .= " WHERE rowid = ".((int) $rowid);
$result = $db->query($sql);
if (!$result) {
@@ -442,7 +442,7 @@ if (empty($reshook)) {
}
} else {
$sql = "INSERT INTO ".MAIN_DB_PREFIX."product_price_by_qty (fk_product_price,price,unitprice,quantity,remise_percent,remise) values (";
- $sql .= $priceid.','.$price.','.$unitPrice.','.$quantity.','.$remise_percent.','.$remise.')';
+ $sql .= ((int) $priceid).','.((float) $price).','.((float) $unitPrice).','.((float) $quantity).','.((float) $remise_percent).','.((float) $remise).')';
$result = $db->query($sql);
if (!$result) {
@@ -460,7 +460,7 @@ if (empty($reshook)) {
$rowid = GETPOST('rowid', 'int');
if (!empty($rowid)) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty";
- $sql .= " WHERE rowid = ".$rowid;
+ $sql .= " WHERE rowid = ".((int) $rowid);
$result = $db->query($sql);
} else {
@@ -472,7 +472,7 @@ if (empty($reshook)) {
$priceid = GETPOST('priceid', 'int');
if (!empty($rowid)) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty";
- $sql .= " WHERE fk_product_price = ".$priceid;
+ $sql .= " WHERE fk_product_price = ".((int) $priceid);
$result = $db->query($sql);
} else {
@@ -1413,11 +1413,11 @@ if ((empty($conf->global->PRODUIT_CUSTOMER_PRICES) || $action == 'showlog_defaul
$sql .= " p.date_price as dp, p.fk_price_expression, u.rowid as user_id, u.login";
$sql .= " FROM ".MAIN_DB_PREFIX."product_price as p,";
$sql .= " ".MAIN_DB_PREFIX."user as u";
- $sql .= " WHERE fk_product = ".$object->id;
+ $sql .= " WHERE fk_product = ".((int) $object->id);
$sql .= " AND p.entity IN (".getEntity('productprice').")";
$sql .= " AND p.fk_user_author = u.rowid";
if (!empty($socid) && !empty($conf->global->PRODUIT_MULTIPRICES)) {
- $sql .= " AND p.price_level = ".$soc->price_level;
+ $sql .= " AND p.price_level = ".((int) $soc->price_level);
}
$sql .= " ORDER BY p.date_price DESC, p.rowid DESC, p.price_level ASC";
// $sql .= $db->plimit();
diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php
index 74803f63909..d8dad67bee2 100644
--- a/htdocs/product/stock/class/mouvementstock.class.php
+++ b/htdocs/product/stock/class/mouvementstock.class.php
@@ -488,7 +488,7 @@ class MouvementStock extends CommonObject
if (!$error)
{
$sql = "SELECT rowid, reel FROM ".MAIN_DB_PREFIX."product_stock";
- $sql .= " WHERE fk_entrepot = ".$entrepot_id." AND fk_product = ".$fk_product; // This is a unique key
+ $sql .= " WHERE fk_entrepot = ".((int) $entrepot_id)." AND fk_product = ".((int) $fk_product); // This is a unique key
dol_syslog(get_class($this)."::_create check if a record already exists in product_stock", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -544,12 +544,12 @@ class MouvementStock extends CommonObject
{
if ($alreadyarecord > 0)
{
- $sql = "UPDATE ".MAIN_DB_PREFIX."product_stock SET reel = reel + ".$qty;
- $sql .= " WHERE fk_entrepot = ".$entrepot_id." AND fk_product = ".$fk_product;
+ $sql = "UPDATE ".MAIN_DB_PREFIX."product_stock SET reel = reel + ".((float) $qty);
+ $sql .= " WHERE fk_entrepot = ".((int) $entrepot_id)." AND fk_product = ".((int) $fk_product);
} else {
$sql = "INSERT INTO ".MAIN_DB_PREFIX."product_stock";
$sql .= " (reel, fk_entrepot, fk_product) VALUES ";
- $sql .= " (".$qty.", ".$entrepot_id.", ".$fk_product.")";
+ $sql .= " (".((float) $qty).", ".((int) $entrepot_id).", ".((int) $fk_product).")";
}
dol_syslog(get_class($this)."::_create update stock value", LOG_DEBUG);
@@ -602,7 +602,7 @@ class MouvementStock extends CommonObject
$newpmp = price2num($newpmp, 'MU');
// $sql = "UPDATE ".MAIN_DB_PREFIX."product SET pmp = ".$newpmp.", stock = ".$this->db->ifsql("stock IS NULL", 0, "stock") . " + ".$qty;
- // $sql.= " WHERE rowid = ".$fk_product;
+ // $sql.= " WHERE rowid = ".((int) $fk_product);
// Update pmp + denormalized fields because we change content of produt_stock. Warning: Do not use "SET p.stock", does not works with pgsql
$sql = "UPDATE ".MAIN_DB_PREFIX."product as p SET pmp = ".((float) $newpmp).",";
$sql .= " stock=(SELECT SUM(ps.reel) FROM ".MAIN_DB_PREFIX."product_stock as ps WHERE ps.fk_product = p.rowid)";
@@ -763,7 +763,7 @@ class MouvementStock extends CommonObject
$sql = "SELECT fk_product_pere, fk_product_fils, qty";
$sql .= " FROM ".MAIN_DB_PREFIX."product_association";
- $sql .= " WHERE fk_product_pere = ".$idProduct;
+ $sql .= " WHERE fk_product_pere = ".((int) $idProduct);
$sql .= " AND incdec = 1";
dol_syslog(get_class($this)."::_createSubProduct for parent product ".$idProduct, LOG_DEBUG);
@@ -875,7 +875,7 @@ class MouvementStock extends CommonObject
$nbSP=0;
$resql = "SELECT count(*) as nb FROM ".MAIN_DB_PREFIX."product_association";
- $resql.= " WHERE fk_product_pere = ".$id;
+ $resql.= " WHERE fk_product_pere = ".((int) $id);
if ($this->db->query($resql))
{
$obj=$this->db->fetch_object($resql);
@@ -1284,7 +1284,7 @@ class MouvementStock extends CommonObject
$sql = "SELECT sum(pb.qty) as cpt";
$sql .= " FROM ".MAIN_DB_PREFIX."product_batch as pb";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."product_stock as ps ON ps.rowid = pb.fk_product_stock";
- $sql .= " WHERE ps.fk_product = " . $fk_product;
+ $sql .= " WHERE ps.fk_product = " . ((int) $fk_product);
$sql .= " AND pb.batch = '" . $this->db->escape($batch) . "'";
$result = $this->db->query($sql);
diff --git a/htdocs/product/stock/class/productlot.class.php b/htdocs/product/stock/class/productlot.class.php
index 9b6c0a38a1c..f05d6ebc168 100644
--- a/htdocs/product/stock/class/productlot.class.php
+++ b/htdocs/product/stock/class/productlot.class.php
@@ -275,7 +275,7 @@ class Productlot extends CommonObject
$sql .= " t.import_key";
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t';
if ($product_id > 0 && $batch != '') {
- $sql .= " WHERE t.batch = '".$this->db->escape($batch)."' AND t.fk_product = ".$product_id;
+ $sql .= " WHERE t.batch = '".$this->db->escape($batch)."' AND t.fk_product = ".((int) $product_id);
} else {
$sql .= ' WHERE t.rowid = '.((int) $id);
}
diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php
index b282984cef5..393fbc73ae2 100644
--- a/htdocs/product/stock/replenish.php
+++ b/htdocs/product/stock/replenish.php
@@ -205,7 +205,7 @@ if ($action == 'order' && GETPOST('valid')) {
$order = new CommandeFournisseur($db);
// Check if an order for the supplier exists
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."commande_fournisseur";
- $sql .= " WHERE fk_soc = ".$suppliersid[$i];
+ $sql .= " WHERE fk_soc = ".((int) $suppliersid[$i]);
$sql .= " AND source = 42 AND fk_statut = 0";
$sql .= " AND entity IN (".getEntity('commande_fournisseur').")";
$sql .= " ORDER BY date_creation DESC";
diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php
index 792d2fd00de..8253980c034 100644
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@@ -463,7 +463,7 @@ class Project extends CommonObject
$sql .= ", accept_booth_suggestions = ".($this->accept_booth_suggestions ? 1 : 0);
$sql .= ", price_registration = ".(strcmp($this->price_registration, '') ? price2num($this->price_registration) : "null");
$sql .= ", price_booth = ".(strcmp($this->price_booth, '') ? price2num($this->price_booth) : "null");
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -783,7 +783,7 @@ class Project extends CommonObject
// Remove linked categories.
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_project";
- $sql .= " WHERE fk_project = ".$this->id;
+ $sql .= " WHERE fk_project = ".((int) $this->id);
$result = $this->db->query($sql);
if (!$result) {
@@ -808,7 +808,7 @@ class Project extends CommonObject
foreach ($elements as $table) {
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$table;
- $sql .= " WHERE fk_project = ".$this->id;
+ $sql .= " WHERE fk_project = ".((int) $this->id);
$result = $this->db->query($sql);
if (!$result) {
@@ -900,17 +900,17 @@ class Project extends CommonObject
if ($type == 'agenda') {
$sql = "SELECT COUNT(id) as nb FROM ".MAIN_DB_PREFIX."actioncomm WHERE fk_project = ".$this->id." AND entity IN (".getEntity('agenda').")";
} elseif ($type == 'expensereport') {
- $sql = "SELECT COUNT(ed.rowid) as nb FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet = ".$this->id;
+ $sql = "SELECT COUNT(ed.rowid) as nb FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet = ".((int) $this->id);
} elseif ($type == 'project_task') {
$sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt WHERE pt.fk_projet = ".$this->id;
} elseif ($type == 'project_task_time') { // Case we want to duplicate line foreach user
- $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."projet_task_time as ptt WHERE pt.rowid = ptt.fk_task AND pt.fk_projet = ".$this->id;
+ $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."projet_task_time as ptt WHERE pt.rowid = ptt.fk_task AND pt.fk_projet = ".((int) $this->id);
} elseif ($type == 'stock_mouvement') {
- $sql = 'SELECT COUNT(ms.rowid) as nb FROM '.MAIN_DB_PREFIX."stock_mouvement as ms, ".MAIN_DB_PREFIX."entrepot as e WHERE e.rowid = ms.fk_entrepot AND e.entity IN (".getEntity('stock').") AND ms.origintype = 'project' AND ms.fk_origin = ".$this->id." AND ms.type_mouvement = 1";
+ $sql = 'SELECT COUNT(ms.rowid) as nb FROM '.MAIN_DB_PREFIX."stock_mouvement as ms, ".MAIN_DB_PREFIX."entrepot as e WHERE e.rowid = ms.fk_entrepot AND e.entity IN (".getEntity('stock').") AND ms.origintype = 'project' AND ms.fk_origin = ".((int) $this->id)." AND ms.type_mouvement = 1";
} elseif ($type == 'loan') {
- $sql = 'SELECT COUNT(l.rowid) as nb FROM '.MAIN_DB_PREFIX."loan as l WHERE l.entity IN (".getEntity('loan').") AND l.fk_projet = ".$this->id;
+ $sql = 'SELECT COUNT(l.rowid) as nb FROM '.MAIN_DB_PREFIX."loan as l WHERE l.entity IN (".getEntity('loan').") AND l.fk_projet = ".((int) $this->id);
} else {
- $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$tablename." WHERE ".$projectkey." = ".$this->id." AND entity IN (".getEntity($type).")";
+ $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$tablename." WHERE ".$projectkey." = ".((int) $this->id)." AND entity IN (".getEntity($type).")";
}
$result = $this->db->query($sql);
diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php
index 7916f79fdeb..fe8b2eeb8e3 100644
--- a/htdocs/projet/class/task.class.php
+++ b/htdocs/projet/class/task.class.php
@@ -1317,9 +1317,9 @@ class Task extends CommonObject
$sql .= " SUM(t.task_duration) as nbseconds,";
$sql .= " SUM(t.task_duration / 3600 * ".$this->db->ifsql("t.thm IS NULL", 0, "t.thm").") as amount, SUM(".$this->db->ifsql("t.thm IS NULL", 1, 0).") as nblinesnull";
$sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t";
- $sql .= " WHERE t.fk_task = ".$id;
+ $sql .= " WHERE t.fk_task = ".((int) $id);
if (is_object($fuser) && $fuser->id > 0) {
- $sql .= " AND fk_user = ".$fuser->id;
+ $sql .= " AND fk_user = ".((int) $fuser->id);
}
if ($dates > 0) {
$datefieldname = "task_datehour";
@@ -1553,7 +1553,7 @@ class Task extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."projet_task";
$sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".((int) $this->id).")";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::updateTimeSpent", LOG_DEBUG);
if (!$this->db->query($sql)) {
diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php
index a19c1212761..80e092f2951 100644
--- a/htdocs/public/members/public_list.php
+++ b/htdocs/public/members/public_list.php
@@ -131,7 +131,7 @@ llxHeaderVierge($langs->trans("ListOfValidatedPublicMembers"), $morehead);
$sql = "SELECT rowid, firstname, lastname, societe, zip, town, email, birth, photo";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent";
-$sql .= " WHERE entity = ".$entity;
+$sql .= " WHERE entity = ".((int) $entity);
$sql .= " AND statut = 1";
$sql .= " AND public = 1";
$sql .= $db->order($sortfield, $sortorder);
diff --git a/htdocs/public/stripe/ipn.php b/htdocs/public/stripe/ipn.php
index d39f48f2dfe..f44bc0b1c99 100644
--- a/htdocs/public/stripe/ipn.php
+++ b/htdocs/public/stripe/ipn.php
@@ -373,7 +373,7 @@ if ($event->type == 'payout.created') {
}
} elseif ($event->type == 'payment_method.detached') {
$db->begin();
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_rib WHERE number = '".$db->escape($event->data->object->id)."' and status = ".$servicestatus;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_rib WHERE number = '".$db->escape($event->data->object->id)."' and status = ".((int) $servicestatus);
$db->query($sql);
$db->commit();
} elseif ($event->type == 'charge.succeeded') {
diff --git a/htdocs/reception/class/reception.class.php b/htdocs/reception/class/reception.class.php
index a8a55c7faf2..b2f31505c44 100644
--- a/htdocs/reception/class/reception.class.php
+++ b/htdocs/reception/class/reception.class.php
@@ -1410,7 +1410,7 @@ class Reception extends CommonObject
if (!empty($this->shipping_method_id)) {
$sql = "SELECT em.code, em.tracking";
$sql .= " FROM ".MAIN_DB_PREFIX."c_shipment_mode as em";
- $sql .= " WHERE em.rowid = ".$this->shipping_method_id;
+ $sql .= " WHERE em.rowid = ".((int) $this->shipping_method_id);
$resql = $this->db->query($sql);
if ($resql) {
diff --git a/htdocs/resource/element_resource.php b/htdocs/resource/element_resource.php
index c16018a30c1..24be7dfbb5a 100644
--- a/htdocs/resource/element_resource.php
+++ b/htdocs/resource/element_resource.php
@@ -118,7 +118,7 @@ if (empty($reshook)) {
$sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = '".$db->escape($resource_type)."'";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($objstat->element)."'";
- $sql .= " WHERE er.resource_id = ".$resource_id;
+ $sql .= " WHERE er.resource_id = ".((int) $resource_id);
$sql .= " AND er.busy = 1";
$sql .= " AND (";
@@ -193,8 +193,8 @@ if (empty($reshook)) {
$sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = '".$db->escape($object->resource_type)."'";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($object->element_type)."'";
- $sql .= " WHERE er.resource_id = ".$object->resource_id;
- $sql .= " AND ac.id != ".$object->element_id;
+ $sql .= " WHERE er.resource_id = ".((int) $object->resource_id);
+ $sql .= " AND ac.id <> ".((int) $object->element_id);
$sql .= " AND er.busy = 1";
$sql .= " AND (";
diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php
index e1225f15258..afd152fb785 100755
--- a/htdocs/salaries/card.php
+++ b/htdocs/salaries/card.php
@@ -780,7 +780,7 @@ if ($id) {
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid';
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepayment = c.id";
$sql .= ", ".MAIN_DB_PREFIX."salary as salaire";
- $sql .= " WHERE p.fk_salary = ".$id;
+ $sql .= " WHERE p.fk_salary = ".((int) $id);
$sql .= " AND p.fk_salary = salaire.rowid";
$sql .= " AND salaire.entity IN (".getEntity('tax').")";
$sql .= " ORDER BY dp DESC";
diff --git a/htdocs/salaries/class/salariesstats.class.php b/htdocs/salaries/class/salariesstats.class.php
index f8a7d618fb0..b3e6c20a0ca 100644
--- a/htdocs/salaries/class/salariesstats.class.php
+++ b/htdocs/salaries/class/salariesstats.class.php
@@ -64,7 +64,7 @@ class SalariesStats extends Stats
$this->where = " entity = ".$conf->entity;
if ($this->socid > 0) {
- $this->where .= " AND fk_soc = ".$this->socid;
+ $this->where .= " AND fk_soc = ".((int) $this->socid);
}
if (is_array($this->userid) && count($this->userid) > 0) {
$this->where .= ' AND fk_user IN ('.$this->db->sanitize(join(',', $this->userid)).')';
@@ -101,7 +101,7 @@ class SalariesStats extends Stats
{
$sql = "SELECT MONTH(datep) as dm, count(*)";
$sql .= " FROM ".$this->from;
- $sql .= " WHERE YEAR(datep) = ".$year;
+ $sql .= " WHERE YEAR(datep) = ".((int) $year);
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
diff --git a/htdocs/salaries/paiement_salary.php b/htdocs/salaries/paiement_salary.php
index eb9fe8bfd17..6c282eac94d 100644
--- a/htdocs/salaries/paiement_salary.php
+++ b/htdocs/salaries/paiement_salary.php
@@ -188,12 +188,12 @@ if ($action == 'create') {
$sql = "SELECT sum(p.amount) as total";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p";
- $sql .= " WHERE p.fk_salary = ".$chid;
+ $sql .= " WHERE p.fk_salary = ".((int) $chid);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
$sumpaid = $obj->total;
- $db->free();
+ $db->free($resql);
}
/*print '| '.$langs->trans("AlreadyPaid").' | '.price($sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).' |
';
print '| '.$langs->trans("RemainderToPay").' | '.price($total-$sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).' |
';*/
diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php
index ddc9fa41fdb..6fd5160d8a6 100644
--- a/htdocs/societe/class/api_thirdparties.class.php
+++ b/htdocs/societe/class/api_thirdparties.class.php
@@ -1017,7 +1017,7 @@ class Thirdparties extends DolibarrApi
$sql = "SELECT f.ref, f.type as factype, re.fk_facture_source, re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc, re.description, re.fk_facture, re.fk_facture_line";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re, ".MAIN_DB_PREFIX."facture as f";
- $sql .= " WHERE f.rowid = re.fk_facture_source AND re.fk_soc = ".$id;
+ $sql .= " WHERE f.rowid = re.fk_facture_source AND re.fk_soc = ".((int) $id);
if ($filter == "available") {
$sql .= " AND re.fk_facture IS NULL AND re.fk_facture_line IS NULL";
}
@@ -1155,7 +1155,7 @@ class Thirdparties extends DolibarrApi
$sql .= " owner_address, default_rib, label, datec, tms as datem, rum, frstrecur";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_rib";
if ($id) {
- $sql .= " WHERE fk_soc = ".$id." ";
+ $sql .= " WHERE fk_soc = ".((int) $id);
}
@@ -1505,7 +1505,7 @@ class Thirdparties extends DolibarrApi
throw new RestException(422, 'Unprocessable Entity: You must pass the site attribute in your request data !');
}
- $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."'";
+ $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."'";
$result = $this->db->query($sql);
if ($result && $this->db->num_rows($result) == 0) {
@@ -1585,7 +1585,7 @@ class Thirdparties extends DolibarrApi
// We found an existing SocieteAccount entity, we are replacing it
} else {
if (isset($request_data['site']) && $request_data['site'] !== $site) {
- $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."' ";
+ $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."' ";
$result = $this->db->query($sql);
if ($result && $this->db->num_rows($result) !== 0) {
@@ -1649,7 +1649,7 @@ class Thirdparties extends DolibarrApi
} else {
// If the user tries to edit the site member, we check first if
if (isset($request_data['site']) && $request_data['site'] !== $site) {
- $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."' ";
+ $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."' ";
$result = $this->db->query($sql);
if ($result && $this->db->num_rows($result) !== 0) {
@@ -1733,7 +1733,7 @@ class Thirdparties extends DolibarrApi
*/
$sql = "SELECT rowid, fk_soc, key_account, site, date_creation, tms";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id;
+ $sql .= " FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id);
$result = $this->db->query($sql);
diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php
index 6b09d88ac71..eefb71b6772 100644
--- a/htdocs/societe/class/client.class.php
+++ b/htdocs/societe/class/client.class.php
@@ -104,7 +104,7 @@ class Client extends Societe
$sql = "SELECT id, code, libelle as label, picto FROM ".MAIN_DB_PREFIX."c_stcomm";
if ($active >= 0) {
- $sql .= " WHERE active = ".$active;
+ $sql .= " WHERE active = ".((int) $active);
}
$resql = $this->db->query($sql);
$num = $this->db->num_rows($resql);
diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php
index c611ccab462..3e410019b22 100644
--- a/htdocs/societe/class/companybankaccount.class.php
+++ b/htdocs/societe/class/companybankaccount.class.php
@@ -217,12 +217,12 @@ class CompanyBankAccount extends Account
$sql .= " WHERE rowid = ".((int) $id);
}
if ($socid) {
- $sql .= " WHERE fk_soc = ".$socid;
+ $sql .= " WHERE fk_soc = ".((int) $socid);
if ($default > -1) {
- $sql .= " AND default_rib = ".$this->db->escape($default);
+ $sql .= " AND default_rib = ".((int) $default);
}
if ($type) {
- $sql .= " AND type ='".$this->db->escape($type)."'";
+ $sql .= " AND type = '".$this->db->escape($type)."'";
}
}
@@ -351,12 +351,12 @@ class CompanyBankAccount extends Account
$this->db->begin();
$sql2 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 0";
- $sql2 .= " WHERE type = 'ban' AND fk_soc = ".$obj->fk_soc;
+ $sql2 .= " WHERE type = 'ban' AND fk_soc = ".((int) $obj->fk_soc);
dol_syslog(get_class($this).'::setAsDefault', LOG_DEBUG);
$result2 = $this->db->query($sql2);
$sql3 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 1";
- $sql3 .= " WHERE rowid = ".$obj->id;
+ $sql3 .= " WHERE rowid = ".((int) $obj->id);
dol_syslog(get_class($this).'::setAsDefault', LOG_DEBUG);
$result3 = $this->db->query($sql3);
diff --git a/htdocs/societe/class/companypaymentmode.class.php b/htdocs/societe/class/companypaymentmode.class.php
index db19840fd8e..1f11e6a29c3 100644
--- a/htdocs/societe/class/companypaymentmode.class.php
+++ b/htdocs/societe/class/companypaymentmode.class.php
@@ -318,7 +318,7 @@ class CompanyPaymentMode extends CommonObject
public function fetch($id, $ref = null, $socid = 0, $type = '', $morewhere = '')
{
if ($socid) {
- $morewhere .= " AND fk_soc = ".$this->db->escape($socid)." AND default_rib = 1";
+ $morewhere .= " AND fk_soc = ".((int) $socid)." AND default_rib = 1";
}
if ($type) {
$morewhere .= " AND type = '".$this->db->escape($type)."'";
@@ -464,7 +464,7 @@ class CompanyPaymentMode extends CommonObject
$this->db->begin();
$sql2 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 0, tms = tms";
- $sql2 .= " WHERE default_rib <> 0 AND fk_soc = ".$obj->fk_soc;
+ $sql2 .= " WHERE default_rib <> 0 AND fk_soc = ".((int) $obj->fk_soc);
if ($type) {
$sql2 .= " AND type = '".$this->db->escape($type)."'";
}
@@ -472,7 +472,7 @@ class CompanyPaymentMode extends CommonObject
$result2 = $this->db->query($sql2);
$sql3 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 1";
- $sql3 .= " WHERE rowid = ".$obj->id;
+ $sql3 .= " WHERE rowid = ".((int) $obj->id);
if ($type) {
$sql3 .= " AND type = '".$this->db->escape($type)."'";
}
diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php
index 99453db7ac4..6874c4b3b2d 100644
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@@ -1907,7 +1907,7 @@ class Societe extends CommonObject
}
} else {
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete;
- $sql .= " WHERE fk_soc = ".$id;
+ $sql .= " WHERE fk_soc = ".((int) $id);
if (!$this->db->query($sql)) {
$error++;
$this->errors[] = $this->db->lasterror();
@@ -1930,7 +1930,7 @@ class Societe extends CommonObject
if (!$error) {
$sql = "UPDATE ".MAIN_DB_PREFIX."societe";
$sql .= " SET parent = NULL";
- $sql .= " WHERE parent = ".$id;
+ $sql .= " WHERE parent = ".((int) $id);
if (!$this->db->query($sql)) {
$error++;
$this->errors[] = $this->db->lasterror();
@@ -2326,7 +2326,7 @@ class Societe extends CommonObject
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux";
- $sql .= " WHERE fk_soc = ".$this->id." AND fk_user =".$commid;
+ $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid);
$resql = $this->db->query($sql);
if (!$resql) {
@@ -2389,7 +2389,7 @@ class Societe extends CommonObject
if ($this->id > 0 && $commid > 0) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux ";
- $sql .= " WHERE fk_soc = ".$this->id." AND fk_user =".$commid;
+ $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid);
if (!$this->db->query($sql)) {
dol_syslog(get_class($this)."::del_commercial Erreur");
diff --git a/htdocs/societe/class/societeaccount.class.php b/htdocs/societe/class/societeaccount.class.php
index 5be05d99a56..8fbbbbcee6e 100644
--- a/htdocs/societe/class/societeaccount.class.php
+++ b/htdocs/societe/class/societeaccount.class.php
@@ -284,7 +284,7 @@ class SocieteAccount extends CommonObject
{
$sql = "SELECT sa.key_account as key_account, sa.entity";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_account as sa";
- $sql .= " WHERE sa.fk_soc = ".$id;
+ $sql .= " WHERE sa.fk_soc = ".((int) $id);
$sql .= " AND sa.entity IN (".getEntity('societe').")";
$sql .= " AND sa.site = '".$this->db->escape($site)."' AND sa.status = ".((int) $status);
$sql .= " AND sa.key_account IS NOT NULL AND sa.key_account <> ''";
diff --git a/htdocs/societe/consumption.php b/htdocs/societe/consumption.php
index a7ef895041e..3190ad5e64e 100644
--- a/htdocs/societe/consumption.php
+++ b/htdocs/societe/consumption.php
@@ -146,7 +146,7 @@ if ($object->client) {
print ' ('.$langs->trans("WrongCustomerCode").')';
}
print '';
- $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid;
+ $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid);
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
@@ -183,7 +183,7 @@ if ($object->fournisseur) {
print ' ('.$langs->trans("WrongSupplierCode").')';
}
print '';
- $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."commande_fournisseur where fk_soc = ".$socid;
+ $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."commande_fournisseur where fk_soc = ".((int) $socid);
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
@@ -229,7 +229,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices
$documentstatic = new Fichinter($db);
$sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, \'1\' as doc_type, f.datec as dateprint, f.fk_statut as status, ';
$tables_from = MAIN_DB_PREFIX."fichinter as f LEFT JOIN ".MAIN_DB_PREFIX."fichinterdet as d ON d.fk_fichinter = f.rowid"; // Must use left join to work also with option that disable usage of lines.
- $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND f.entity = ".$conf->entity;
$dateprint = 'f.datec';
$doc_number = 'f.ref';
@@ -239,7 +239,7 @@ if ($type_element == 'invoice') { // Customer : show products from invoices
$documentstatic = new Facture($db);
$sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, f.type as doc_type, f.datef as dateprint, f.fk_statut as status, f.paye as paid, ';
$tables_from = MAIN_DB_PREFIX."facture as f,".MAIN_DB_PREFIX."facturedet as d";
- $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND d.fk_facture = f.rowid";
$where .= " AND f.entity IN (".getEntity('invoice').")";
$dateprint = 'f.datef';
@@ -251,7 +251,7 @@ if ($type_element == 'propal') {
$documentstatic = new Propal($db);
$sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.datep as dateprint, c.fk_statut as status, ';
$tables_from = MAIN_DB_PREFIX."propal as c,".MAIN_DB_PREFIX."propaldet as d";
- $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND d.fk_propal = c.rowid";
$where .= " AND c.entity = ".$conf->entity;
$datePrint = 'c.datep';
@@ -263,7 +263,7 @@ if ($type_element == 'order') {
$documentstatic = new Commande($db);
$sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_commande as dateprint, c.fk_statut as status, ';
$tables_from = MAIN_DB_PREFIX."commande as c,".MAIN_DB_PREFIX."commandedet as d";
- $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND d.fk_commande = c.rowid";
$where .= " AND c.entity = ".$conf->entity;
$dateprint = 'c.date_commande';
@@ -275,7 +275,7 @@ if ($type_element == 'supplier_invoice') { // Supplier : Show products from inv
$documentstatic = new FactureFournisseur($db);
$sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, \'1\' as doc_type, f.datef as dateprint, f.fk_statut as status, f.paye as paid, ';
$tables_from = MAIN_DB_PREFIX."facture_fourn as f,".MAIN_DB_PREFIX."facture_fourn_det as d";
- $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND d.fk_facture_fourn = f.rowid";
$where .= " AND f.entity = ".$conf->entity;
$dateprint = 'f.datef';
@@ -287,7 +287,7 @@ if ($type_element == 'supplier_proposal') {
$documentstatic = new SupplierProposal($db);
$sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, ';
$tables_from = MAIN_DB_PREFIX."supplier_proposal as c,".MAIN_DB_PREFIX."supplier_proposaldet as d";
- $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND d.fk_supplier_proposal = c.rowid";
$where .= " AND c.entity = ".$conf->entity;
$dateprint = 'c.date_valid';
@@ -299,7 +299,7 @@ if ($type_element == 'supplier_order') { // Supplier : Show products from order
$documentstatic = new CommandeFournisseur($db);
$sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, ';
$tables_from = MAIN_DB_PREFIX."commande_fournisseur as c,".MAIN_DB_PREFIX."commande_fournisseurdet as d";
- $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND d.fk_commande = c.rowid";
$where .= " AND c.entity = ".$conf->entity;
$dateprint = 'c.date_valid';
@@ -312,7 +312,7 @@ if ($type_element == 'contract') { // Order
$documentstaticline = new ContratLigne($db);
$sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_contrat as dateprint, d.statut as status, ';
$tables_from = MAIN_DB_PREFIX."contrat as c,".MAIN_DB_PREFIX."contratdet as d";
- $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid;
+ $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
$where .= " AND d.fk_contrat = c.rowid";
$where .= " AND c.entity = ".$conf->entity;
$dateprint = 'c.date_valid';
diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php
index 8c321b1386d..dc8d95ef42f 100644
--- a/htdocs/societe/paymentmodes.php
+++ b/htdocs/societe/paymentmodes.php
@@ -517,10 +517,10 @@ if (empty($reshook)) {
$db->begin();
if (empty($newcu)) {
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity;
} else {
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX."societe_account";
- $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified !
+ $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified !
}
$resql = $db->query($sql);
@@ -542,7 +542,7 @@ if (empty($reshook)) {
} else {
$sql = 'UPDATE '.MAIN_DB_PREFIX."societe_account";
$sql .= " SET key_account = '".$db->escape(GETPOST('key_account', 'alpha'))."', site_account = '".$db->escape($site_account)."'";
- $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified !
+ $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified !
$resql = $db->query($sql);
}
}
@@ -761,7 +761,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
print ' ('.$langs->trans("WrongCustomerCode").')';
}
print '';
- $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid;
+ $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid);
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
@@ -823,7 +823,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
print ' ('.$langs->trans("WrongSupplierCode").')';
}
print '';
- $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid;
+ $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid);
$resql = $db->query($sql);
if (!$resql) {
dol_print_error($db);
diff --git a/htdocs/societe/societecontact.php b/htdocs/societe/societecontact.php
index c37f61e4fe2..2a6dd2176df 100644
--- a/htdocs/societe/societecontact.php
+++ b/htdocs/societe/societecontact.php
@@ -227,7 +227,7 @@ if ($id > 0 || !empty($ref)) {
$sql .= " t.libelle as type, t.subscription";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d";
$sql .= ", ".MAIN_DB_PREFIX."adherent_type as t";
- $sql .= " WHERE d.fk_soc = ".$id;
+ $sql .= " WHERE d.fk_soc = ".((int) $id);
$sql .= " AND d.fk_adherent_type = t.rowid";
dol_syslog("get list sql=".$sql);
diff --git a/htdocs/takepos/receipt.php b/htdocs/takepos/receipt.php
index dd895eb4265..e9d721a44e3 100644
--- a/htdocs/takepos/receipt.php
+++ b/htdocs/takepos/receipt.php
@@ -260,7 +260,7 @@ if ($conf->global->TAKEPOS_PRINT_PAYMENT_METHOD) {
$sql .= " cp.code";
$sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id";
- $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$facid;
+ $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $facid);
$sql .= " ORDER BY p.datep";
$resql = $db->query($sql);
if ($resql) {
diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php
index 57d0066323d..1d77e323c10 100644
--- a/htdocs/ticket/class/ticket.class.php
+++ b/htdocs/ticket/class/ticket.class.php
@@ -568,7 +568,7 @@ class Ticket extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code";
if ($id) {
- $sql .= " WHERE t.rowid = ".$this->db->escape($id);
+ $sql .= " WHERE t.rowid = ".((int) $id);
} else {
$sql .= " WHERE t.entity IN (".getEntity($this->element, 1).")";
if (!empty($ref)) {
diff --git a/htdocs/ticket/class/ticketstats.class.php b/htdocs/ticket/class/ticketstats.class.php
index 51449c6b233..2bcd0fe89fc 100644
--- a/htdocs/ticket/class/ticketstats.class.php
+++ b/htdocs/ticket/class/ticketstats.class.php
@@ -98,7 +98,7 @@ class TicketStats extends Stats
{
$sql = "SELECT MONTH(datec) as dm, count(*)";
$sql .= " FROM ".$this->from;
- $sql .= " WHERE YEAR(datec) = ".$year;
+ $sql .= " WHERE YEAR(datec) = ".((int) $year);
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index f01198f1ca8..b3303492417 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -871,7 +871,7 @@ class User extends CommonObject
$nid = $obj->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights";
- $sql .= " WHERE fk_user = ".$this->id." AND fk_id=".$nid;
+ $sql .= " WHERE fk_user = ".$this->id." AND fk_id = ".((int) $nid);
$sql .= " AND entity = ".$entity;
if (!$this->db->query($sql)) {
$error++;
diff --git a/htdocs/webservices/server_contact.php b/htdocs/webservices/server_contact.php
index 9f57a445cc3..a28371443d5 100644
--- a/htdocs/webservices/server_contact.php
+++ b/htdocs/webservices/server_contact.php
@@ -503,7 +503,7 @@ function getContactsForThirdParty($authentication, $idthirdparty)
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as d ON c.fk_departement = d.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON c.rowid = u.fk_socpeople";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid";
- $sql .= " WHERE c.fk_soc = ".$idthirdparty;
+ $sql .= " WHERE c.fk_soc = ".((int) $idthirdparty);
$resql = $db->query($sql);
if ($resql) {
diff --git a/htdocs/webservices/server_productorservice.php b/htdocs/webservices/server_productorservice.php
index 259f3ec67fe..95b7246d021 100644
--- a/htdocs/webservices/server_productorservice.php
+++ b/htdocs/webservices/server_productorservice.php
@@ -1006,7 +1006,7 @@ function getProductsForCategory($authentication, $id, $lang = '')
$table = "product";
$field = "product";
$sql = "SELECT fk_".$field." FROM ".MAIN_DB_PREFIX."categorie_".$table;
- $sql .= " WHERE fk_categorie = ".$id;
+ $sql .= " WHERE fk_categorie = ".((int) $id);
$sql .= " ORDER BY fk_".$field." ASC";
diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php
index 171918238b8..80d31f0024d 100644
--- a/htdocs/website/class/website.class.php
+++ b/htdocs/website/class/website.class.php
@@ -1414,10 +1414,10 @@ class Website extends CommonObject
$sql = "SELECT wp.rowid, wp.lang, wp.pageurl, wp.fk_page";
$sql .= " FROM ".MAIN_DB_PREFIX."website_page as wp";
- $sql .= " WHERE wp.fk_website = ".$website->id;
+ $sql .= " WHERE wp.fk_website = ".((int) $website->id);
$sql .= " AND (wp.fk_page = ".((int) $pageid)." OR wp.rowid = ".((int) $pageid);
if ($tmppage->fk_page > 0) {
- $sql .= " OR wp.fk_page = ".$tmppage->fk_page." OR wp.rowid = ".$tmppage->fk_page;
+ $sql .= " OR wp.fk_page = ".((int) $tmppage->fk_page)." OR wp.rowid = ".((int) $tmppage->fk_page);
}
$sql .= ")";