From be6bb3a7564fdc8feeca600b9e527bb5371097da Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 19:12:07 +0200 Subject: [PATCH] FIX #yogosha5746 - next step (work in progress) --- .../class/expensereport.class.php | 16 ++++----- .../class/expensereportstats.class.php | 2 +- htdocs/expensereport/payment/payment.php | 2 +- htdocs/fichinter/class/fichinterrec.class.php | 4 +-- .../fichinter/class/fichinterstats.class.php | 2 +- .../fourn/class/fournisseur.product.class.php | 6 ++-- htdocs/fourn/recap-fourn.php | 2 +- htdocs/holiday/class/holiday.class.php | 2 +- htdocs/install/upgrade2.php | 30 ++++++++-------- htdocs/loan/card.php | 2 +- htdocs/loan/class/loanschedule.class.php | 6 ++-- htdocs/loan/payment/payment.php | 2 +- htdocs/margin/agentMargins.php | 2 +- .../template/class/myobject.class.php | 4 +-- htdocs/product/class/product.class.php | 34 +++++++++---------- .../class/productcustomerprice.class.php | 2 +- .../class/productfournisseurprice.class.php | 2 +- .../class/propalmergepdfproduct.class.php | 2 +- .../class/price_expression.class.php | 2 +- .../class/price_global_variable.class.php | 2 +- .../price_global_variable_updater.class.php | 2 +- htdocs/product/fournisseurs.php | 4 +-- htdocs/product/list.php | 4 +-- htdocs/product/price.php | 22 ++++++------ .../stock/class/mouvementstock.class.php | 16 ++++----- .../product/stock/class/productlot.class.php | 2 +- htdocs/product/stock/replenish.php | 2 +- htdocs/projet/class/project.class.php | 16 ++++----- htdocs/projet/class/task.class.php | 6 ++-- htdocs/public/members/public_list.php | 2 +- htdocs/public/stripe/ipn.php | 2 +- htdocs/reception/class/reception.class.php | 2 +- htdocs/resource/element_resource.php | 6 ++-- htdocs/salaries/card.php | 2 +- htdocs/salaries/class/salariesstats.class.php | 4 +-- htdocs/salaries/paiement_salary.php | 4 +-- .../societe/class/api_thirdparties.class.php | 12 +++---- htdocs/societe/class/client.class.php | 2 +- .../class/companybankaccount.class.php | 10 +++--- .../class/companypaymentmode.class.php | 6 ++-- htdocs/societe/class/societe.class.php | 8 ++--- htdocs/societe/class/societeaccount.class.php | 2 +- htdocs/societe/consumption.php | 20 +++++------ htdocs/societe/paymentmodes.php | 10 +++--- htdocs/societe/societecontact.php | 2 +- htdocs/takepos/receipt.php | 2 +- htdocs/ticket/class/ticket.class.php | 2 +- htdocs/ticket/class/ticketstats.class.php | 2 +- htdocs/user/class/user.class.php | 2 +- htdocs/webservices/server_contact.php | 2 +- .../webservices/server_productorservice.php | 2 +- htdocs/website/class/website.class.php | 4 +-- 52 files changed, 155 insertions(+), 155 deletions(-) diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index 993ea72e7f3..8ec99aa1007 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -880,7 +880,7 @@ class ExpenseReport extends CommonObject if ($user->rights->expensereport->lire) { $sql = "SELECT de.fk_expensereport, de.date, de.comments, de.total_ht, de.total_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as de"; - $sql .= " WHERE de.fk_projet = ".$projectid; + $sql .= " WHERE de.fk_projet = ".((int) $projectid); dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); $result = $this->db->query($sql); @@ -1117,8 +1117,8 @@ class ExpenseReport extends CommonObject // Delete extrafields of lines and lines if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; - //$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; + //$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id); if (!$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -1154,7 +1154,7 @@ class ExpenseReport extends CommonObject // Delete main record if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { $error++; @@ -2124,7 +2124,7 @@ class ExpenseReport extends CommonObject // Select des infos sur le type fees $sql = "SELECT c.code as code_type_fees, c.label as libelle_type_fees"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees as c"; - $sql .= " WHERE c.id = ".$type_fees_id; + $sql .= " WHERE c.id = ".((int) $type_fees_id); $resql = $this->db->query($sql); if ($resql) { $objp_fees = $this->db->fetch_object($resql); @@ -2136,7 +2136,7 @@ class ExpenseReport extends CommonObject // Select des informations du projet $sql = "SELECT p.ref as ref_projet, p.title as title_projet"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as p"; - $sql .= " WHERE p.rowid = ".$projet_id; + $sql .= " WHERE p.rowid = ".((int) $projet_id); $resql = $this->db->query($sql); if ($resql) { $objp_projet = $this->db->fetch_object($resql); @@ -2331,7 +2331,7 @@ class ExpenseReport extends CommonObject $ret = array(); $sql = "SELECT id, code, label"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees"; - $sql .= " WHERE active = ".$active; + $sql .= " WHERE active = ".((int) $active); dol_syslog(get_class($this)."::listOfTypes", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { @@ -2495,7 +2495,7 @@ class ExpenseReport extends CommonObject $type = 'expense_report'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/expensereport/class/expensereportstats.class.php b/htdocs/expensereport/class/expensereportstats.class.php index ec71f530f51..8f3574f2952 100644 --- a/htdocs/expensereport/class/expensereportstats.class.php +++ b/htdocs/expensereport/class/expensereportstats.class.php @@ -114,7 +114,7 @@ class ExpenseReportStats extends Stats { $sql = "SELECT MONTH(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).") as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(e.".$this->datetouse.") = ".$year; + $sql .= " WHERE YEAR(e.".$this->datetouse.") = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php index d50f6336669..b7057af86fc 100644 --- a/htdocs/expensereport/payment/payment.php +++ b/htdocs/expensereport/payment/payment.php @@ -206,7 +206,7 @@ if ($action == 'create' || empty($action)) { $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_expensereport as p, ".MAIN_DB_PREFIX."expensereport as e"; - $sql .= " WHERE p.fk_expensereport = e.rowid AND p.fk_expensereport = ".$id; + $sql .= " WHERE p.fk_expensereport = e.rowid AND p.fk_expensereport = ".((int) $id); $sql .= ' AND e.entity IN ('.getEntity('expensereport').')'; $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/fichinter/class/fichinterrec.class.php b/htdocs/fichinter/class/fichinterrec.class.php index 960a2734706..4fe35c32a2c 100644 --- a/htdocs/fichinter/class/fichinterrec.class.php +++ b/htdocs/fichinter/class/fichinterrec.class.php @@ -434,10 +434,10 @@ class FichinterRec extends Fichinter $error = 0; $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet_rec WHERE fk_fichinter = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet_rec WHERE fk_fichinter = ".((int) $rowid); dol_syslog($sql); if ($this->db->query($sql)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinter_rec WHERE rowid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinter_rec WHERE rowid = ".((int) $rowid); dol_syslog($sql); if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); diff --git a/htdocs/fichinter/class/fichinterstats.class.php b/htdocs/fichinter/class/fichinterstats.class.php index 2daede1457a..297aeca7760 100644 --- a/htdocs/fichinter/class/fichinterstats.class.php +++ b/htdocs/fichinter/class/fichinterstats.class.php @@ -73,7 +73,7 @@ class FichinterStats extends Stats //$this->where.= " AND c.fk_statut > 0"; // Not draft and not cancelled } if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $this->where .= ($this->where ? ' AND ' : '')."c.entity IN (".getEntity('fichinter').')'; diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php index 0fa34c28d81..c910cffe8d4 100644 --- a/htdocs/fourn/class/fournisseur.product.class.php +++ b/htdocs/fourn/class/fournisseur.product.class.php @@ -164,7 +164,7 @@ class ProductFournisseur extends Product $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_product = ".$this->id." AND fk_soc = ".$id_fourn; + $sql .= " WHERE fk_product = ".$this->id." AND fk_soc = ".((int) $id_fourn); dol_syslog(get_class($this)."::remove_fournisseur", LOG_DEBUG); $resql2 = $this->db->query($sql); @@ -208,7 +208,7 @@ class ProductFournisseur extends Product if (empty($error)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::remove_product_fournisseur_price", LOG_DEBUG); $resql = $this->db->query($sql); @@ -438,7 +438,7 @@ class ProductFournisseur extends Product // Delete price for this quantity $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_soc = ".$fourn->id." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".$qty." AND entity = ".$conf->entity; + $sql .= " WHERE fk_soc = ".$fourn->id." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".((float) $qty)." AND entity = ".$conf->entity; $resql = $this->db->query($sql); if ($resql) { // Add price for this quantity to supplier diff --git a/htdocs/fourn/recap-fourn.php b/htdocs/fourn/recap-fourn.php index 06ad90ec858..97a6b53f2e2 100644 --- a/htdocs/fourn/recap-fourn.php +++ b/htdocs/fourn/recap-fourn.php @@ -73,7 +73,7 @@ if ($socid > 0) { $sql .= " f.paye as paye, f.fk_statut as statut, f.rowid as facid,"; $sql .= " u.login, u.rowid as userid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_fourn as f,".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$societe->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $societe->id); $sql .= " AND f.entity IN (".getEntity("facture_fourn").")"; // Recognition of the entity attributed to this invoice for Multicompany $sql .= " AND f.fk_user_valid = u.rowid"; $sql .= " ORDER BY f.datef DESC"; diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 4b5c742b3f1..ffd394a35b3 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -2069,7 +2069,7 @@ class Holiday extends CommonObject $sql = "SELECT rowid, code, label, affect, delay, newByMonth"; $sql .= " FROM ".MAIN_DB_PREFIX."c_holiday_types"; - $sql .= " WHERE (fk_country IS NULL OR fk_country = ".$mysoc->country_id.')'; + $sql .= " WHERE (fk_country IS NULL OR fk_country = ".((int) $mysoc->country_id).')'; if ($active >= 0) { $sql .= " AND active = ".((int) $active); } diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index fb63847c3e6..26c791c2290 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -2161,7 +2161,7 @@ function migrate_detail_livraison($db, $langs, $conf) if ($resql2) { $sql = "SELECT total_ht"; $sql .= " FROM ".MAIN_DB_PREFIX."livraison"; - $sql .= " WHERE rowid = ".$obj->fk_livraison; + $sql .= " WHERE rowid = ".((int) $obj->fk_livraison); $resql3 = $db->query($sql); if ($resql3) { @@ -2864,7 +2864,7 @@ function migrate_project_task_time($db, $langs, $conf) foreach ($totaltime as $taskid => $total_duration) { $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET"; $sql .= " duration_effective = ".$total_duration; - $sql .= " WHERE rowid = ".$taskid; + $sql .= " WHERE rowid = ".((int) $taskid); $resql = $db->query($sql); if (!$resql) { @@ -3235,7 +3235,7 @@ function migrate_mode_reglement($db, $langs, $conf) $sqlSelect = "SELECT id"; $sqlSelect .= " FROM ".MAIN_DB_PREFIX."c_paiement"; - $sqlSelect .= " WHERE id = ".$old_id; + $sqlSelect .= " WHERE id = ".((int) $old_id); $sqlSelect .= " AND code = '".$db->escape($elements['code'][$key])."'"; $resql = $db->query($sqlSelect); @@ -3246,23 +3246,23 @@ function migrate_mode_reglement($db, $langs, $conf) $db->begin(); - $sqla = "UPDATE ".MAIN_DB_PREFIX."paiement SET "; - $sqla .= "fk_paiement = ".$elements['new_id'][$key]; - $sqla .= " WHERE fk_paiement = ".$old_id; - $sqla .= " AND fk_paiement IN (SELECT id FROM ".MAIN_DB_PREFIX."c_paiement WHERE id = ".$old_id." AND code = '".$db->escape($elements['code'][$key])."')"; + $sqla = "UPDATE ".MAIN_DB_PREFIX."paiement SET"; + $sqla .= " fk_paiement = ".$elements['new_id'][$key]; + $sqla .= " WHERE fk_paiement = ".((int) $old_id); + $sqla .= " AND fk_paiement IN (SELECT id FROM ".MAIN_DB_PREFIX."c_paiement WHERE id = ".((int) $old_id)." AND code = '".$db->escape($elements['code'][$key])."')"; $resqla = $db->query($sqla); - $sql = "UPDATE ".MAIN_DB_PREFIX."c_paiement SET "; - $sql .= "id = ".$elements['new_id'][$key]; - $sql .= " WHERE id = ".$old_id; + $sql = "UPDATE ".MAIN_DB_PREFIX."c_paiement SET"; + $sql .= " id = ".((int) $elements['new_id'][$key]); + $sql .= " WHERE id = ".((int) $old_id); $sql .= " AND code = '".$db->escape($elements['code'][$key])."'"; $resql = $db->query($sql); if ($resqla && $resql) { foreach ($elements['tables'] as $table) { $sql = "UPDATE ".MAIN_DB_PREFIX.$table." SET "; - $sql .= "fk_mode_reglement = ".$elements['new_id'][$key]; - $sql .= " WHERE fk_mode_reglement = ".$old_id; + $sql .= "fk_mode_reglement = "((int) $elements['new_id'][$key]); + $sql .= " WHERE fk_mode_reglement = ".((int) $old_id); $resql = $db->query($sql); if (!$resql) { @@ -3786,16 +3786,16 @@ function migrate_remise_except_entity($db, $langs, $conf) $sqlSelect2 = "SELECT f.entity"; $sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."facture as f"; - $sqlSelect2 .= " WHERE f.rowid = ".$fk_facture; + $sqlSelect2 .= " WHERE f.rowid = ".((int) $fk_facture); } elseif (!empty($obj->fk_facture_line)) { $sqlSelect2 = "SELECT f.entity"; $sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."facturedet as fd"; - $sqlSelect2 .= " WHERE fd.rowid = ".$obj->fk_facture_line; + $sqlSelect2 .= " WHERE fd.rowid = ".((int) $obj->fk_facture_line); $sqlSelect2 .= " AND fd.fk_facture = f.rowid"; } else { $sqlSelect2 = "SELECT s.entity"; $sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sqlSelect2 .= " WHERE s.rowid = ".$obj->fk_soc; + $sqlSelect2 .= " WHERE s.rowid = ".((int) $obj->fk_soc); } $resql2 = $db->query($sqlSelect2); diff --git a/htdocs/loan/card.php b/htdocs/loan/card.php index 9e9e1a0a992..c3c08b6cf2f 100644 --- a/htdocs/loan/card.php +++ b/htdocs/loan/card.php @@ -636,7 +636,7 @@ if ($id > 0) { $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepayment = c.id"; $sql .= ", ".MAIN_DB_PREFIX."loan as l"; - $sql .= " WHERE p.fk_loan = ".$id; + $sql .= " WHERE p.fk_loan = ".((int) $id); $sql .= " AND p.fk_loan = l.rowid"; $sql .= " AND l.entity IN ( ".getEntity('loan').")"; $sql .= " ORDER BY dp DESC"; diff --git a/htdocs/loan/class/loanschedule.class.php b/htdocs/loan/class/loanschedule.class.php index bc819f747ca..54d4607ab70 100644 --- a/htdocs/loan/class/loanschedule.class.php +++ b/htdocs/loan/class/loanschedule.class.php @@ -447,7 +447,7 @@ class LoanSchedule extends CommonObject $sql .= " t.fk_user_creat,"; $sql .= " t.fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t"; - $sql .= " WHERE t.fk_loan = ".$loanid; + $sql .= " WHERE t.fk_loan = ".((int) $loanid); dol_syslog(get_class($this)."::fetchAll", LOG_DEBUG); $resql = $this->db->query($sql); @@ -535,7 +535,7 @@ class LoanSchedule extends CommonObject { $sql = "SELECT p.datep"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as p "; - $sql .= " WHERE p.fk_loan = ".$loanid; + $sql .= " WHERE p.fk_loan = ".((int) $loanid); $sql .= " ORDER BY p.datep DESC "; $sql .= " LIMIT 1 "; @@ -563,7 +563,7 @@ class LoanSchedule extends CommonObject $sql = "SELECT p.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as p "; - $sql .= " WHERE p.fk_loan = ".$loanid; + $sql .= " WHERE p.fk_loan = ".((int) $loanid); if (!empty($datemax)) { $sql .= " AND p.datep > '".$this->db->idate($datemax)."'"; } diff --git a/htdocs/loan/payment/payment.php b/htdocs/loan/payment/payment.php index eec24d9b3e2..58783be181e 100644 --- a/htdocs/loan/payment/payment.php +++ b/htdocs/loan/payment/payment.php @@ -239,7 +239,7 @@ if ($action == 'create') { $sql = "SELECT SUM(amount_capital) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan"; - $sql .= " WHERE fk_loan = ".$chid; + $sql .= " WHERE fk_loan = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/margin/agentMargins.php b/htdocs/margin/agentMargins.php index a27393c8bb2..1ac670c4a7f 100644 --- a/htdocs/margin/agentMargins.php +++ b/htdocs/margin/agentMargins.php @@ -290,7 +290,7 @@ if ($result) { // sql nb sellers $sql_seller = "SELECT COUNT(sc.rowid) as nb"; $sql_seller .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql_seller .= " WHERE sc.fk_soc = ".$objp->socid; + $sql_seller .= " WHERE sc.fk_soc = ".((int) $objp->socid); $sql_seller .= " LIMIT 1"; $resql_seller = $db->query($sql_seller); diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php index 6a17e500a69..df687f84e56 100644 --- a/htdocs/modulebuilder/template/class/myobject.class.php +++ b/htdocs/modulebuilder/template/class/myobject.class.php @@ -579,9 +579,9 @@ class MyObject extends CommonObject $sql .= ", date_validation = '".$this->db->idate($now)."'"; } if (!empty($this->fields['fk_user_valid'])) { - $sql .= ", fk_user_valid = ".$user->id; + $sql .= ", fk_user_valid = ".((int) $user->id); } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index ad3b694f137..d9cadd304b2 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1820,9 +1820,9 @@ class Product extends CommonObject $sql .= ", pfp.packaging"; } $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; - $sql .= " WHERE pfp.rowid = ".$prodfournprice; + $sql .= " WHERE pfp.rowid = ".((int) $prodfournprice); if ($qty > 0) { - $sql .= " AND pfp.quantity <= ".$qty; + $sql .= " AND pfp.quantity <= ".((float) $qty); } $sql .= " ORDER BY pfp.quantity DESC"; @@ -1874,15 +1874,15 @@ class Product extends CommonObject $sql .= " pfp.multicurrency_price, pfp.multicurrency_unitprice, pfp.multicurrency_tx, pfp.fk_multicurrency, pfp.multicurrency_code,"; $sql .= " pfp.packaging"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; - $sql .= " WHERE pfp.fk_product = ".$product_id; + $sql .= " WHERE pfp.fk_product = ".((int) $product_id); if ($fourn_ref != 'none') { $sql .= " AND pfp.ref_fourn = '".$this->db->escape($fourn_ref)."'"; } if ($fk_soc > 0) { - $sql .= " AND pfp.fk_soc = ".$fk_soc; + $sql .= " AND pfp.fk_soc = ".((int) $fk_soc); } if ($qty > 0) { - $sql .= " AND pfp.quantity <= ".$qty; + $sql .= " AND pfp.quantity <= ".((float) $qty); } $sql .= " ORDER BY pfp.quantity DESC"; $sql .= " LIMIT 1"; @@ -2360,7 +2360,7 @@ class Product extends CommonObject $sql = "SELECT price, price_ttc, price_min, price_min_ttc,"; $sql .= " price_base_type, tva_tx, default_vat_code, tosell, price_by_qty, rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price"; - $sql .= " WHERE fk_product = ".$this->id; + $sql .= " WHERE fk_product = ".((int) $this->id); $sql .= " ORDER BY date_price DESC, rowid DESC"; $sql .= " LIMIT 1"; $resql = $this->db->query($sql); @@ -2374,7 +2374,7 @@ class Product extends CommonObject if ($this->prices_by_qty[0] == 1) { $sql = "SELECT rowid,price, unitprice, quantity, remise_percent, remise, remise, price_base_type"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price = ".$this->prices_by_qty_id[0]; + $sql .= " WHERE fk_product_price = ".((int) $this->prices_by_qty_id[0]); $sql .= " ORDER BY quantity ASC"; $resultat = array(); $resql = $this->db->query($sql); @@ -3946,8 +3946,8 @@ class Product extends CommonObject } $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_association"; - $sql .= " WHERE fk_product_pere = ".$fk_parent; - $sql .= " AND fk_product_fils = ".$fk_child; + $sql .= " WHERE fk_product_pere = ".((int) $fk_parent); + $sql .= " AND fk_product_fils = ".((int) $fk_child); dol_syslog(get_class($this).'::del_sousproduit', LOG_DEBUG); if (!$this->db->query($sql)) { @@ -4040,14 +4040,14 @@ class Product extends CommonObject $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_soc = ".$id_fourn; + $sql .= " WHERE fk_soc = ".((int) $id_fourn); if ($ref_fourn) { $sql .= " AND ref_fourn = '".$this->db->escape($ref_fourn)."'"; } else { $sql .= " AND (ref_fourn = '' OR ref_fourn IS NULL)"; } - $sql .= " AND quantity = ".$quantity; - $sql .= " AND fk_product = ".$this->id; + $sql .= " AND quantity = ".((float) $quantity); + $sql .= " AND fk_product = ".((int) $this->id); $sql .= " AND entity IN (".getEntity('productsupplierprice').")"; $resql = $this->db->query($sql); @@ -4198,7 +4198,7 @@ class Product extends CommonObject $sql .= ", multicurrency_price"; $sql .= ", multicurrency_price_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price"; - $sql .= " WHERE fk_product = ".$fromId; + $sql .= " WHERE fk_product = ".((int) $fromId); $sql .= " ORDER BY date_price DESC"; if ($conf->global->PRODUIT_MULTIPRICES_LIMIT > 0) { $sql .= " LIMIT ".$conf->global->PRODUIT_MULTIPRICES_LIMIT; @@ -4230,7 +4230,7 @@ class Product extends CommonObject $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'product_association (fk_product_pere, fk_product_fils, qty)'; $sql .= " SELECT ".$toId.", fk_product_fils, qty FROM ".MAIN_DB_PREFIX."product_association"; - $sql .= " WHERE fk_product_pere = ".$fromId; + $sql .= " WHERE fk_product_pere = ".((int) $fromId); dol_syslog(get_class($this).'::clone_association', LOG_DEBUG); if (!$this->db->query($sql)) { @@ -4262,7 +4262,7 @@ class Product extends CommonObject . " datec, fk_product, fk_soc, ref_fourn, fk_user_author )" . " SELECT '".$this->db->idate($now)."', ".$toId.", fk_soc, ref_fourn, fk_user_author" . " FROM ".MAIN_DB_PREFIX."product_fournisseur" - . " WHERE fk_product = ".$fromId; + . " WHERE fk_product = ".((int) $fromId); if ( ! $this->db->query($sql ) ) { @@ -4273,9 +4273,9 @@ class Product extends CommonObject // les prix de fournisseurs. $sql = "INSERT ".MAIN_DB_PREFIX."product_fournisseur_price ("; $sql .= " datec, fk_product, fk_soc, price, quantity, fk_user)"; - $sql .= " SELECT '".$this->db->idate($now)."', ".$toId.", fk_soc, price, quantity, fk_user"; + $sql .= " SELECT '".$this->db->idate($now)."', ".((int) $toId).", fk_soc, price, quantity, fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_product = ".$fromId; + $sql .= " WHERE fk_product = ".((int) $fromId); dol_syslog(get_class($this).'::clone_fournisseurs', LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 046aed05a10..9b0d29b4cdd 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -814,7 +814,7 @@ class Productcustomerprice extends CommonObject // Find all susidiaries $sql = "SELECT s.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sql .= " WHERE s.parent = ".$this->fk_soc; + $sql .= " WHERE s.parent = ".((int) $this->fk_soc); $sql .= " AND s.entity IN (".getEntity('societe').")"; dol_syslog(get_class($this)."::setPriceOnAffiliateThirdparty", LOG_DEBUG); diff --git a/htdocs/product/class/productfournisseurprice.class.php b/htdocs/product/class/productfournisseurprice.class.php index 13fa8433d07..709afcb6d20 100644 --- a/htdocs/product/class/productfournisseurprice.class.php +++ b/htdocs/product/class/productfournisseurprice.class.php @@ -438,7 +438,7 @@ class ProductFournisseurPrice extends CommonObject $sql .= " status = ".self::STATUS_VALIDATED; if (!empty($this->fields['date_validation'])) $sql .= ", date_validation = '".$this->db->idate($now)."'"; if (!empty($this->fields['fk_user_valid'])) $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php index f7cf48df5e0..a1d92cc492a 100644 --- a/htdocs/product/class/propalmergepdfproduct.class.php +++ b/htdocs/product/class/propalmergepdfproduct.class.php @@ -239,7 +239,7 @@ class Propalmergepdfproduct extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t"; - $sql .= " WHERE t.fk_product = ".$product_id; + $sql .= " WHERE t.fk_product = ".((int) $product_id); if ($conf->global->MAIN_MULTILANGS && !empty($lang)) { $sql .= " AND t.lang = '".$this->db->escape($lang)."'"; } diff --git a/htdocs/product/dynamic_price/class/price_expression.class.php b/htdocs/product/dynamic_price/class/price_expression.class.php index 546c2050990..db0c427c334 100644 --- a/htdocs/product/dynamic_price/class/price_expression.class.php +++ b/htdocs/product/dynamic_price/class/price_expression.class.php @@ -327,7 +327,7 @@ class PriceExpression if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_global_variable.class.php b/htdocs/product/dynamic_price/class/price_global_variable.class.php index 29505ff8573..5286b932ca7 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable.class.php @@ -250,7 +250,7 @@ class PriceGlobalVariable if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php index f43d6bc731d..96e77d661ab 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php @@ -275,7 +275,7 @@ class PriceGlobalVariableUpdater if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index cde318cda81..6e3b487a429 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -793,7 +793,7 @@ END; $sql .= ", ".$key; } $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields"; - $sql .= " WHERE fk_object = ".$rowid; + $sql .= " WHERE fk_object = ".((int) $rowid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -1145,7 +1145,7 @@ END; $sql .= ", ".$key; } $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields"; - $sql .= " WHERE fk_object = ".$productfourn->product_fourn_price_id; + $sql .= " WHERE fk_object = ".((int) $productfourn->product_fourn_price_id); $resql = $db->query($sql); if ($resql) { if ($db->num_rows($resql) != 1) { diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 7df96cbd97c..b6f5956bfd3 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -473,7 +473,7 @@ if ($searchCategoryProductOperator == 1) { if (intval($searchCategoryProduct) == -2) { $searchCategoryProductSqlList[] = "cp.fk_categorie IS NULL"; } elseif (intval($searchCategoryProduct) > 0) { - $searchCategoryProductSqlList[] = "p.rowid IN (SELECT fk_product FROM ".MAIN_DB_PREFIX."categorie_product WHERE fk_categorie = ".$searchCategoryProduct.")"; + $searchCategoryProductSqlList[] = "p.rowid IN (SELECT fk_product FROM ".MAIN_DB_PREFIX."categorie_product WHERE fk_categorie = ".((int) $searchCategoryProduct).")"; } } if (!empty($searchCategoryProductSqlList)) { @@ -1530,7 +1530,7 @@ if ($resql) { // then reuse the cache array if we need prices for other price levels $sqlp = "SELECT p.rowid, p.fk_product, p.price, p.price_ttc, p.price_level, p.date_price, p.price_base_type"; $sqlp .= " FROM ".MAIN_DB_PREFIX."product_price as p"; - $sqlp .= " WHERE fk_product = ".$obj->rowid; + $sqlp .= " WHERE fk_product = ".((int) $obj->rowid); $sqlp .= " ORDER BY p.date_price DESC, p.rowid DESC, p.price_level ASC"; $resultp = $db->query($sqlp); if ($resultp) { diff --git a/htdocs/product/price.php b/htdocs/product/price.php index ee86d43c09f..6647201b719 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -429,12 +429,12 @@ if (empty($reshook)) { // Ajout / mise à jour if ($rowid > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."product_price_by_qty SET"; - $sql .= " price='".$db->escape($price)."',"; - $sql .= " unitprice=".$unitPrice.","; - $sql .= " quantity=".$quantity.","; - $sql .= " remise_percent=".$remise_percent.","; - $sql .= " remise=".$remise; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " price=".((float) $price)."',"; + $sql .= " unitprice=".((float) $unitPrice).","; + $sql .= " quantity=".((float) $quantity).","; + $sql .= " remise_percent=".((float) $remise_percent).","; + $sql .= " remise=".((float) $remise); + $sql .= " WHERE rowid = ".((int) $rowid); $result = $db->query($sql); if (!$result) { @@ -442,7 +442,7 @@ if (empty($reshook)) { } } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_price_by_qty (fk_product_price,price,unitprice,quantity,remise_percent,remise) values ("; - $sql .= $priceid.','.$price.','.$unitPrice.','.$quantity.','.$remise_percent.','.$remise.')'; + $sql .= ((int) $priceid).','.((float) $price).','.((float) $unitPrice).','.((float) $quantity).','.((float) $remise_percent).','.((float) $remise).')'; $result = $db->query($sql); if (!$result) { @@ -460,7 +460,7 @@ if (empty($reshook)) { $rowid = GETPOST('rowid', 'int'); if (!empty($rowid)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); $result = $db->query($sql); } else { @@ -472,7 +472,7 @@ if (empty($reshook)) { $priceid = GETPOST('priceid', 'int'); if (!empty($rowid)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price = ".$priceid; + $sql .= " WHERE fk_product_price = ".((int) $priceid); $result = $db->query($sql); } else { @@ -1413,11 +1413,11 @@ if ((empty($conf->global->PRODUIT_CUSTOMER_PRICES) || $action == 'showlog_defaul $sql .= " p.date_price as dp, p.fk_price_expression, u.rowid as user_id, u.login"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price as p,"; $sql .= " ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE fk_product = ".$object->id; + $sql .= " WHERE fk_product = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('productprice').")"; $sql .= " AND p.fk_user_author = u.rowid"; if (!empty($socid) && !empty($conf->global->PRODUIT_MULTIPRICES)) { - $sql .= " AND p.price_level = ".$soc->price_level; + $sql .= " AND p.price_level = ".((int) $soc->price_level); } $sql .= " ORDER BY p.date_price DESC, p.rowid DESC, p.price_level ASC"; // $sql .= $db->plimit(); diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php index 74803f63909..d8dad67bee2 100644 --- a/htdocs/product/stock/class/mouvementstock.class.php +++ b/htdocs/product/stock/class/mouvementstock.class.php @@ -488,7 +488,7 @@ class MouvementStock extends CommonObject if (!$error) { $sql = "SELECT rowid, reel FROM ".MAIN_DB_PREFIX."product_stock"; - $sql .= " WHERE fk_entrepot = ".$entrepot_id." AND fk_product = ".$fk_product; // This is a unique key + $sql .= " WHERE fk_entrepot = ".((int) $entrepot_id)." AND fk_product = ".((int) $fk_product); // This is a unique key dol_syslog(get_class($this)."::_create check if a record already exists in product_stock", LOG_DEBUG); $resql = $this->db->query($sql); @@ -544,12 +544,12 @@ class MouvementStock extends CommonObject { if ($alreadyarecord > 0) { - $sql = "UPDATE ".MAIN_DB_PREFIX."product_stock SET reel = reel + ".$qty; - $sql .= " WHERE fk_entrepot = ".$entrepot_id." AND fk_product = ".$fk_product; + $sql = "UPDATE ".MAIN_DB_PREFIX."product_stock SET reel = reel + ".((float) $qty); + $sql .= " WHERE fk_entrepot = ".((int) $entrepot_id)." AND fk_product = ".((int) $fk_product); } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_stock"; $sql .= " (reel, fk_entrepot, fk_product) VALUES "; - $sql .= " (".$qty.", ".$entrepot_id.", ".$fk_product.")"; + $sql .= " (".((float) $qty).", ".((int) $entrepot_id).", ".((int) $fk_product).")"; } dol_syslog(get_class($this)."::_create update stock value", LOG_DEBUG); @@ -602,7 +602,7 @@ class MouvementStock extends CommonObject $newpmp = price2num($newpmp, 'MU'); // $sql = "UPDATE ".MAIN_DB_PREFIX."product SET pmp = ".$newpmp.", stock = ".$this->db->ifsql("stock IS NULL", 0, "stock") . " + ".$qty; - // $sql.= " WHERE rowid = ".$fk_product; + // $sql.= " WHERE rowid = ".((int) $fk_product); // Update pmp + denormalized fields because we change content of produt_stock. Warning: Do not use "SET p.stock", does not works with pgsql $sql = "UPDATE ".MAIN_DB_PREFIX."product as p SET pmp = ".((float) $newpmp).","; $sql .= " stock=(SELECT SUM(ps.reel) FROM ".MAIN_DB_PREFIX."product_stock as ps WHERE ps.fk_product = p.rowid)"; @@ -763,7 +763,7 @@ class MouvementStock extends CommonObject $sql = "SELECT fk_product_pere, fk_product_fils, qty"; $sql .= " FROM ".MAIN_DB_PREFIX."product_association"; - $sql .= " WHERE fk_product_pere = ".$idProduct; + $sql .= " WHERE fk_product_pere = ".((int) $idProduct); $sql .= " AND incdec = 1"; dol_syslog(get_class($this)."::_createSubProduct for parent product ".$idProduct, LOG_DEBUG); @@ -875,7 +875,7 @@ class MouvementStock extends CommonObject $nbSP=0; $resql = "SELECT count(*) as nb FROM ".MAIN_DB_PREFIX."product_association"; - $resql.= " WHERE fk_product_pere = ".$id; + $resql.= " WHERE fk_product_pere = ".((int) $id); if ($this->db->query($resql)) { $obj=$this->db->fetch_object($resql); @@ -1284,7 +1284,7 @@ class MouvementStock extends CommonObject $sql = "SELECT sum(pb.qty) as cpt"; $sql .= " FROM ".MAIN_DB_PREFIX."product_batch as pb"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."product_stock as ps ON ps.rowid = pb.fk_product_stock"; - $sql .= " WHERE ps.fk_product = " . $fk_product; + $sql .= " WHERE ps.fk_product = " . ((int) $fk_product); $sql .= " AND pb.batch = '" . $this->db->escape($batch) . "'"; $result = $this->db->query($sql); diff --git a/htdocs/product/stock/class/productlot.class.php b/htdocs/product/stock/class/productlot.class.php index 9b6c0a38a1c..f05d6ebc168 100644 --- a/htdocs/product/stock/class/productlot.class.php +++ b/htdocs/product/stock/class/productlot.class.php @@ -275,7 +275,7 @@ class Productlot extends CommonObject $sql .= " t.import_key"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; if ($product_id > 0 && $batch != '') { - $sql .= " WHERE t.batch = '".$this->db->escape($batch)."' AND t.fk_product = ".$product_id; + $sql .= " WHERE t.batch = '".$this->db->escape($batch)."' AND t.fk_product = ".((int) $product_id); } else { $sql .= ' WHERE t.rowid = '.((int) $id); } diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index b282984cef5..393fbc73ae2 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -205,7 +205,7 @@ if ($action == 'order' && GETPOST('valid')) { $order = new CommandeFournisseur($db); // Check if an order for the supplier exists $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."commande_fournisseur"; - $sql .= " WHERE fk_soc = ".$suppliersid[$i]; + $sql .= " WHERE fk_soc = ".((int) $suppliersid[$i]); $sql .= " AND source = 42 AND fk_statut = 0"; $sql .= " AND entity IN (".getEntity('commande_fournisseur').")"; $sql .= " ORDER BY date_creation DESC"; diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 792d2fd00de..8253980c034 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -463,7 +463,7 @@ class Project extends CommonObject $sql .= ", accept_booth_suggestions = ".($this->accept_booth_suggestions ? 1 : 0); $sql .= ", price_registration = ".(strcmp($this->price_registration, '') ? price2num($this->price_registration) : "null"); $sql .= ", price_booth = ".(strcmp($this->price_booth, '') ? price2num($this->price_booth) : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -783,7 +783,7 @@ class Project extends CommonObject // Remove linked categories. if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_project"; - $sql .= " WHERE fk_project = ".$this->id; + $sql .= " WHERE fk_project = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { @@ -808,7 +808,7 @@ class Project extends CommonObject foreach ($elements as $table) { if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table; - $sql .= " WHERE fk_project = ".$this->id; + $sql .= " WHERE fk_project = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { @@ -900,17 +900,17 @@ class Project extends CommonObject if ($type == 'agenda') { $sql = "SELECT COUNT(id) as nb FROM ".MAIN_DB_PREFIX."actioncomm WHERE fk_project = ".$this->id." AND entity IN (".getEntity('agenda').")"; } elseif ($type == 'expensereport') { - $sql = "SELECT COUNT(ed.rowid) as nb FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet = ".$this->id; + $sql = "SELECT COUNT(ed.rowid) as nb FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet = ".((int) $this->id); } elseif ($type == 'project_task') { $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt WHERE pt.fk_projet = ".$this->id; } elseif ($type == 'project_task_time') { // Case we want to duplicate line foreach user - $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."projet_task_time as ptt WHERE pt.rowid = ptt.fk_task AND pt.fk_projet = ".$this->id; + $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."projet_task_time as ptt WHERE pt.rowid = ptt.fk_task AND pt.fk_projet = ".((int) $this->id); } elseif ($type == 'stock_mouvement') { - $sql = 'SELECT COUNT(ms.rowid) as nb FROM '.MAIN_DB_PREFIX."stock_mouvement as ms, ".MAIN_DB_PREFIX."entrepot as e WHERE e.rowid = ms.fk_entrepot AND e.entity IN (".getEntity('stock').") AND ms.origintype = 'project' AND ms.fk_origin = ".$this->id." AND ms.type_mouvement = 1"; + $sql = 'SELECT COUNT(ms.rowid) as nb FROM '.MAIN_DB_PREFIX."stock_mouvement as ms, ".MAIN_DB_PREFIX."entrepot as e WHERE e.rowid = ms.fk_entrepot AND e.entity IN (".getEntity('stock').") AND ms.origintype = 'project' AND ms.fk_origin = ".((int) $this->id)." AND ms.type_mouvement = 1"; } elseif ($type == 'loan') { - $sql = 'SELECT COUNT(l.rowid) as nb FROM '.MAIN_DB_PREFIX."loan as l WHERE l.entity IN (".getEntity('loan').") AND l.fk_projet = ".$this->id; + $sql = 'SELECT COUNT(l.rowid) as nb FROM '.MAIN_DB_PREFIX."loan as l WHERE l.entity IN (".getEntity('loan').") AND l.fk_projet = ".((int) $this->id); } else { - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$tablename." WHERE ".$projectkey." = ".$this->id." AND entity IN (".getEntity($type).")"; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$tablename." WHERE ".$projectkey." = ".((int) $this->id)." AND entity IN (".getEntity($type).")"; } $result = $this->db->query($sql); diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 7916f79fdeb..fe8b2eeb8e3 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -1317,9 +1317,9 @@ class Task extends CommonObject $sql .= " SUM(t.task_duration) as nbseconds,"; $sql .= " SUM(t.task_duration / 3600 * ".$this->db->ifsql("t.thm IS NULL", 0, "t.thm").") as amount, SUM(".$this->db->ifsql("t.thm IS NULL", 1, 0).") as nblinesnull"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t"; - $sql .= " WHERE t.fk_task = ".$id; + $sql .= " WHERE t.fk_task = ".((int) $id); if (is_object($fuser) && $fuser->id > 0) { - $sql .= " AND fk_user = ".$fuser->id; + $sql .= " AND fk_user = ".((int) $fuser->id); } if ($dates > 0) { $datefieldname = "task_datehour"; @@ -1553,7 +1553,7 @@ class Task extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task"; $sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".((int) $this->id).")"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::updateTimeSpent", LOG_DEBUG); if (!$this->db->query($sql)) { diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php index a19c1212761..80e092f2951 100644 --- a/htdocs/public/members/public_list.php +++ b/htdocs/public/members/public_list.php @@ -131,7 +131,7 @@ llxHeaderVierge($langs->trans("ListOfValidatedPublicMembers"), $morehead); $sql = "SELECT rowid, firstname, lastname, societe, zip, town, email, birth, photo"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent"; -$sql .= " WHERE entity = ".$entity; +$sql .= " WHERE entity = ".((int) $entity); $sql .= " AND statut = 1"; $sql .= " AND public = 1"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/public/stripe/ipn.php b/htdocs/public/stripe/ipn.php index d39f48f2dfe..f44bc0b1c99 100644 --- a/htdocs/public/stripe/ipn.php +++ b/htdocs/public/stripe/ipn.php @@ -373,7 +373,7 @@ if ($event->type == 'payout.created') { } } elseif ($event->type == 'payment_method.detached') { $db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_rib WHERE number = '".$db->escape($event->data->object->id)."' and status = ".$servicestatus; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_rib WHERE number = '".$db->escape($event->data->object->id)."' and status = ".((int) $servicestatus); $db->query($sql); $db->commit(); } elseif ($event->type == 'charge.succeeded') { diff --git a/htdocs/reception/class/reception.class.php b/htdocs/reception/class/reception.class.php index a8a55c7faf2..b2f31505c44 100644 --- a/htdocs/reception/class/reception.class.php +++ b/htdocs/reception/class/reception.class.php @@ -1410,7 +1410,7 @@ class Reception extends CommonObject if (!empty($this->shipping_method_id)) { $sql = "SELECT em.code, em.tracking"; $sql .= " FROM ".MAIN_DB_PREFIX."c_shipment_mode as em"; - $sql .= " WHERE em.rowid = ".$this->shipping_method_id; + $sql .= " WHERE em.rowid = ".((int) $this->shipping_method_id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/resource/element_resource.php b/htdocs/resource/element_resource.php index c16018a30c1..24be7dfbb5a 100644 --- a/htdocs/resource/element_resource.php +++ b/htdocs/resource/element_resource.php @@ -118,7 +118,7 @@ if (empty($reshook)) { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = '".$db->escape($resource_type)."'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($objstat->element)."'"; - $sql .= " WHERE er.resource_id = ".$resource_id; + $sql .= " WHERE er.resource_id = ".((int) $resource_id); $sql .= " AND er.busy = 1"; $sql .= " AND ("; @@ -193,8 +193,8 @@ if (empty($reshook)) { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = '".$db->escape($object->resource_type)."'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($object->element_type)."'"; - $sql .= " WHERE er.resource_id = ".$object->resource_id; - $sql .= " AND ac.id != ".$object->element_id; + $sql .= " WHERE er.resource_id = ".((int) $object->resource_id); + $sql .= " AND ac.id <> ".((int) $object->element_id); $sql .= " AND er.busy = 1"; $sql .= " AND ("; diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index e1225f15258..afd152fb785 100755 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -780,7 +780,7 @@ if ($id) { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepayment = c.id"; $sql .= ", ".MAIN_DB_PREFIX."salary as salaire"; - $sql .= " WHERE p.fk_salary = ".$id; + $sql .= " WHERE p.fk_salary = ".((int) $id); $sql .= " AND p.fk_salary = salaire.rowid"; $sql .= " AND salaire.entity IN (".getEntity('tax').")"; $sql .= " ORDER BY dp DESC"; diff --git a/htdocs/salaries/class/salariesstats.class.php b/htdocs/salaries/class/salariesstats.class.php index f8a7d618fb0..b3e6c20a0ca 100644 --- a/htdocs/salaries/class/salariesstats.class.php +++ b/htdocs/salaries/class/salariesstats.class.php @@ -64,7 +64,7 @@ class SalariesStats extends Stats $this->where = " entity = ".$conf->entity; if ($this->socid > 0) { - $this->where .= " AND fk_soc = ".$this->socid; + $this->where .= " AND fk_soc = ".((int) $this->socid); } if (is_array($this->userid) && count($this->userid) > 0) { $this->where .= ' AND fk_user IN ('.$this->db->sanitize(join(',', $this->userid)).')'; @@ -101,7 +101,7 @@ class SalariesStats extends Stats { $sql = "SELECT MONTH(datep) as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(datep) = ".$year; + $sql .= " WHERE YEAR(datep) = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/salaries/paiement_salary.php b/htdocs/salaries/paiement_salary.php index eb9fe8bfd17..6c282eac94d 100644 --- a/htdocs/salaries/paiement_salary.php +++ b/htdocs/salaries/paiement_salary.php @@ -188,12 +188,12 @@ if ($action == 'create') { $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p"; - $sql .= " WHERE p.fk_salary = ".$chid; + $sql .= " WHERE p.fk_salary = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); $sumpaid = $obj->total; - $db->free(); + $db->free($resql); } /*print ''.$langs->trans("AlreadyPaid").''.price($sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).''; print ''.$langs->trans("RemainderToPay").''.price($total-$sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).'';*/ diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php index ddc9fa41fdb..6fd5160d8a6 100644 --- a/htdocs/societe/class/api_thirdparties.class.php +++ b/htdocs/societe/class/api_thirdparties.class.php @@ -1017,7 +1017,7 @@ class Thirdparties extends DolibarrApi $sql = "SELECT f.ref, f.type as factype, re.fk_facture_source, re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc, re.description, re.fk_facture, re.fk_facture_line"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re, ".MAIN_DB_PREFIX."facture as f"; - $sql .= " WHERE f.rowid = re.fk_facture_source AND re.fk_soc = ".$id; + $sql .= " WHERE f.rowid = re.fk_facture_source AND re.fk_soc = ".((int) $id); if ($filter == "available") { $sql .= " AND re.fk_facture IS NULL AND re.fk_facture_line IS NULL"; } @@ -1155,7 +1155,7 @@ class Thirdparties extends DolibarrApi $sql .= " owner_address, default_rib, label, datec, tms as datem, rum, frstrecur"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib"; if ($id) { - $sql .= " WHERE fk_soc = ".$id." "; + $sql .= " WHERE fk_soc = ".((int) $id); } @@ -1505,7 +1505,7 @@ class Thirdparties extends DolibarrApi throw new RestException(422, 'Unprocessable Entity: You must pass the site attribute in your request data !'); } - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."'"; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."'"; $result = $this->db->query($sql); if ($result && $this->db->num_rows($result) == 0) { @@ -1585,7 +1585,7 @@ class Thirdparties extends DolibarrApi // We found an existing SocieteAccount entity, we are replacing it } else { if (isset($request_data['site']) && $request_data['site'] !== $site) { - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."' "; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."' "; $result = $this->db->query($sql); if ($result && $this->db->num_rows($result) !== 0) { @@ -1649,7 +1649,7 @@ class Thirdparties extends DolibarrApi } else { // If the user tries to edit the site member, we check first if if (isset($request_data['site']) && $request_data['site'] !== $site) { - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."' "; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."' "; $result = $this->db->query($sql); if ($result && $this->db->num_rows($result) !== 0) { @@ -1733,7 +1733,7 @@ class Thirdparties extends DolibarrApi */ $sql = "SELECT rowid, fk_soc, key_account, site, date_creation, tms"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id; + $sql .= " FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id); $result = $this->db->query($sql); diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php index 6b09d88ac71..eefb71b6772 100644 --- a/htdocs/societe/class/client.class.php +++ b/htdocs/societe/class/client.class.php @@ -104,7 +104,7 @@ class Client extends Societe $sql = "SELECT id, code, libelle as label, picto FROM ".MAIN_DB_PREFIX."c_stcomm"; if ($active >= 0) { - $sql .= " WHERE active = ".$active; + $sql .= " WHERE active = ".((int) $active); } $resql = $this->db->query($sql); $num = $this->db->num_rows($resql); diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index c611ccab462..3e410019b22 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -217,12 +217,12 @@ class CompanyBankAccount extends Account $sql .= " WHERE rowid = ".((int) $id); } if ($socid) { - $sql .= " WHERE fk_soc = ".$socid; + $sql .= " WHERE fk_soc = ".((int) $socid); if ($default > -1) { - $sql .= " AND default_rib = ".$this->db->escape($default); + $sql .= " AND default_rib = ".((int) $default); } if ($type) { - $sql .= " AND type ='".$this->db->escape($type)."'"; + $sql .= " AND type = '".$this->db->escape($type)."'"; } } @@ -351,12 +351,12 @@ class CompanyBankAccount extends Account $this->db->begin(); $sql2 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 0"; - $sql2 .= " WHERE type = 'ban' AND fk_soc = ".$obj->fk_soc; + $sql2 .= " WHERE type = 'ban' AND fk_soc = ".((int) $obj->fk_soc); dol_syslog(get_class($this).'::setAsDefault', LOG_DEBUG); $result2 = $this->db->query($sql2); $sql3 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 1"; - $sql3 .= " WHERE rowid = ".$obj->id; + $sql3 .= " WHERE rowid = ".((int) $obj->id); dol_syslog(get_class($this).'::setAsDefault', LOG_DEBUG); $result3 = $this->db->query($sql3); diff --git a/htdocs/societe/class/companypaymentmode.class.php b/htdocs/societe/class/companypaymentmode.class.php index db19840fd8e..1f11e6a29c3 100644 --- a/htdocs/societe/class/companypaymentmode.class.php +++ b/htdocs/societe/class/companypaymentmode.class.php @@ -318,7 +318,7 @@ class CompanyPaymentMode extends CommonObject public function fetch($id, $ref = null, $socid = 0, $type = '', $morewhere = '') { if ($socid) { - $morewhere .= " AND fk_soc = ".$this->db->escape($socid)." AND default_rib = 1"; + $morewhere .= " AND fk_soc = ".((int) $socid)." AND default_rib = 1"; } if ($type) { $morewhere .= " AND type = '".$this->db->escape($type)."'"; @@ -464,7 +464,7 @@ class CompanyPaymentMode extends CommonObject $this->db->begin(); $sql2 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 0, tms = tms"; - $sql2 .= " WHERE default_rib <> 0 AND fk_soc = ".$obj->fk_soc; + $sql2 .= " WHERE default_rib <> 0 AND fk_soc = ".((int) $obj->fk_soc); if ($type) { $sql2 .= " AND type = '".$this->db->escape($type)."'"; } @@ -472,7 +472,7 @@ class CompanyPaymentMode extends CommonObject $result2 = $this->db->query($sql2); $sql3 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 1"; - $sql3 .= " WHERE rowid = ".$obj->id; + $sql3 .= " WHERE rowid = ".((int) $obj->id); if ($type) { $sql3 .= " AND type = '".$this->db->escape($type)."'"; } diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 99453db7ac4..6874c4b3b2d 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1907,7 +1907,7 @@ class Societe extends CommonObject } } else { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete; - $sql .= " WHERE fk_soc = ".$id; + $sql .= " WHERE fk_soc = ".((int) $id); if (!$this->db->query($sql)) { $error++; $this->errors[] = $this->db->lasterror(); @@ -1930,7 +1930,7 @@ class Societe extends CommonObject if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; $sql .= " SET parent = NULL"; - $sql .= " WHERE parent = ".$id; + $sql .= " WHERE parent = ".((int) $id); if (!$this->db->query($sql)) { $error++; $this->errors[] = $this->db->lasterror(); @@ -2326,7 +2326,7 @@ class Societe extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux"; - $sql .= " WHERE fk_soc = ".$this->id." AND fk_user =".$commid; + $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid); $resql = $this->db->query($sql); if (!$resql) { @@ -2389,7 +2389,7 @@ class Societe extends CommonObject if ($this->id > 0 && $commid > 0) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux "; - $sql .= " WHERE fk_soc = ".$this->id." AND fk_user =".$commid; + $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::del_commercial Erreur"); diff --git a/htdocs/societe/class/societeaccount.class.php b/htdocs/societe/class/societeaccount.class.php index 5be05d99a56..8fbbbbcee6e 100644 --- a/htdocs/societe/class/societeaccount.class.php +++ b/htdocs/societe/class/societeaccount.class.php @@ -284,7 +284,7 @@ class SocieteAccount extends CommonObject { $sql = "SELECT sa.key_account as key_account, sa.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_account as sa"; - $sql .= " WHERE sa.fk_soc = ".$id; + $sql .= " WHERE sa.fk_soc = ".((int) $id); $sql .= " AND sa.entity IN (".getEntity('societe').")"; $sql .= " AND sa.site = '".$this->db->escape($site)."' AND sa.status = ".((int) $status); $sql .= " AND sa.key_account IS NOT NULL AND sa.key_account <> ''"; diff --git a/htdocs/societe/consumption.php b/htdocs/societe/consumption.php index a7ef895041e..3190ad5e64e 100644 --- a/htdocs/societe/consumption.php +++ b/htdocs/societe/consumption.php @@ -146,7 +146,7 @@ if ($object->client) { print ' ('.$langs->trans("WrongCustomerCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -183,7 +183,7 @@ if ($object->fournisseur) { print ' ('.$langs->trans("WrongSupplierCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."commande_fournisseur where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."commande_fournisseur where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -229,7 +229,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices $documentstatic = new Fichinter($db); $sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, \'1\' as doc_type, f.datec as dateprint, f.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."fichinter as f LEFT JOIN ".MAIN_DB_PREFIX."fichinterdet as d ON d.fk_fichinter = f.rowid"; // Must use left join to work also with option that disable usage of lines. - $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND f.entity = ".$conf->entity; $dateprint = 'f.datec'; $doc_number = 'f.ref'; @@ -239,7 +239,7 @@ if ($type_element == 'invoice') { // Customer : show products from invoices $documentstatic = new Facture($db); $sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, f.type as doc_type, f.datef as dateprint, f.fk_statut as status, f.paye as paid, '; $tables_from = MAIN_DB_PREFIX."facture as f,".MAIN_DB_PREFIX."facturedet as d"; - $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_facture = f.rowid"; $where .= " AND f.entity IN (".getEntity('invoice').")"; $dateprint = 'f.datef'; @@ -251,7 +251,7 @@ if ($type_element == 'propal') { $documentstatic = new Propal($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.datep as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."propal as c,".MAIN_DB_PREFIX."propaldet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_propal = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $datePrint = 'c.datep'; @@ -263,7 +263,7 @@ if ($type_element == 'order') { $documentstatic = new Commande($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_commande as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."commande as c,".MAIN_DB_PREFIX."commandedet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_commande = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_commande'; @@ -275,7 +275,7 @@ if ($type_element == 'supplier_invoice') { // Supplier : Show products from inv $documentstatic = new FactureFournisseur($db); $sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, \'1\' as doc_type, f.datef as dateprint, f.fk_statut as status, f.paye as paid, '; $tables_from = MAIN_DB_PREFIX."facture_fourn as f,".MAIN_DB_PREFIX."facture_fourn_det as d"; - $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_facture_fourn = f.rowid"; $where .= " AND f.entity = ".$conf->entity; $dateprint = 'f.datef'; @@ -287,7 +287,7 @@ if ($type_element == 'supplier_proposal') { $documentstatic = new SupplierProposal($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."supplier_proposal as c,".MAIN_DB_PREFIX."supplier_proposaldet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_supplier_proposal = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_valid'; @@ -299,7 +299,7 @@ if ($type_element == 'supplier_order') { // Supplier : Show products from order $documentstatic = new CommandeFournisseur($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."commande_fournisseur as c,".MAIN_DB_PREFIX."commande_fournisseurdet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_commande = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_valid'; @@ -312,7 +312,7 @@ if ($type_element == 'contract') { // Order $documentstaticline = new ContratLigne($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_contrat as dateprint, d.statut as status, '; $tables_from = MAIN_DB_PREFIX."contrat as c,".MAIN_DB_PREFIX."contratdet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_contrat = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_valid'; diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php index 8c321b1386d..dc8d95ef42f 100644 --- a/htdocs/societe/paymentmodes.php +++ b/htdocs/societe/paymentmodes.php @@ -517,10 +517,10 @@ if (empty($reshook)) { $db->begin(); if (empty($newcu)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; } else { $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX."societe_account"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! } $resql = $db->query($sql); @@ -542,7 +542,7 @@ if (empty($reshook)) { } else { $sql = 'UPDATE '.MAIN_DB_PREFIX."societe_account"; $sql .= " SET key_account = '".$db->escape(GETPOST('key_account', 'alpha'))."', site_account = '".$db->escape($site_account)."'"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! $resql = $db->query($sql); } } @@ -761,7 +761,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print ' ('.$langs->trans("WrongCustomerCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -823,7 +823,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print ' ('.$langs->trans("WrongSupplierCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); diff --git a/htdocs/societe/societecontact.php b/htdocs/societe/societecontact.php index c37f61e4fe2..2a6dd2176df 100644 --- a/htdocs/societe/societecontact.php +++ b/htdocs/societe/societecontact.php @@ -227,7 +227,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " t.libelle as type, t.subscription"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent as d"; $sql .= ", ".MAIN_DB_PREFIX."adherent_type as t"; - $sql .= " WHERE d.fk_soc = ".$id; + $sql .= " WHERE d.fk_soc = ".((int) $id); $sql .= " AND d.fk_adherent_type = t.rowid"; dol_syslog("get list sql=".$sql); diff --git a/htdocs/takepos/receipt.php b/htdocs/takepos/receipt.php index dd895eb4265..e9d721a44e3 100644 --- a/htdocs/takepos/receipt.php +++ b/htdocs/takepos/receipt.php @@ -260,7 +260,7 @@ if ($conf->global->TAKEPOS_PRINT_PAYMENT_METHOD) { $sql .= " cp.code"; $sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id"; - $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$facid; + $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $facid); $sql .= " ORDER BY p.datep"; $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 57d0066323d..1d77e323c10 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -568,7 +568,7 @@ class Ticket extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; if ($id) { - $sql .= " WHERE t.rowid = ".$this->db->escape($id); + $sql .= " WHERE t.rowid = ".((int) $id); } else { $sql .= " WHERE t.entity IN (".getEntity($this->element, 1).")"; if (!empty($ref)) { diff --git a/htdocs/ticket/class/ticketstats.class.php b/htdocs/ticket/class/ticketstats.class.php index 51449c6b233..2bcd0fe89fc 100644 --- a/htdocs/ticket/class/ticketstats.class.php +++ b/htdocs/ticket/class/ticketstats.class.php @@ -98,7 +98,7 @@ class TicketStats extends Stats { $sql = "SELECT MONTH(datec) as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(datec) = ".$year; + $sql .= " WHERE YEAR(datec) = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index f01198f1ca8..b3303492417 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -871,7 +871,7 @@ class User extends CommonObject $nid = $obj->id; $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights"; - $sql .= " WHERE fk_user = ".$this->id." AND fk_id=".$nid; + $sql .= " WHERE fk_user = ".$this->id." AND fk_id = ".((int) $nid); $sql .= " AND entity = ".$entity; if (!$this->db->query($sql)) { $error++; diff --git a/htdocs/webservices/server_contact.php b/htdocs/webservices/server_contact.php index 9f57a445cc3..a28371443d5 100644 --- a/htdocs/webservices/server_contact.php +++ b/htdocs/webservices/server_contact.php @@ -503,7 +503,7 @@ function getContactsForThirdParty($authentication, $idthirdparty) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as d ON c.fk_departement = d.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON c.rowid = u.fk_socpeople"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid"; - $sql .= " WHERE c.fk_soc = ".$idthirdparty; + $sql .= " WHERE c.fk_soc = ".((int) $idthirdparty); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/webservices/server_productorservice.php b/htdocs/webservices/server_productorservice.php index 259f3ec67fe..95b7246d021 100644 --- a/htdocs/webservices/server_productorservice.php +++ b/htdocs/webservices/server_productorservice.php @@ -1006,7 +1006,7 @@ function getProductsForCategory($authentication, $id, $lang = '') $table = "product"; $field = "product"; $sql = "SELECT fk_".$field." FROM ".MAIN_DB_PREFIX."categorie_".$table; - $sql .= " WHERE fk_categorie = ".$id; + $sql .= " WHERE fk_categorie = ".((int) $id); $sql .= " ORDER BY fk_".$field." ASC"; diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 171918238b8..80d31f0024d 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -1414,10 +1414,10 @@ class Website extends CommonObject $sql = "SELECT wp.rowid, wp.lang, wp.pageurl, wp.fk_page"; $sql .= " FROM ".MAIN_DB_PREFIX."website_page as wp"; - $sql .= " WHERE wp.fk_website = ".$website->id; + $sql .= " WHERE wp.fk_website = ".((int) $website->id); $sql .= " AND (wp.fk_page = ".((int) $pageid)." OR wp.rowid = ".((int) $pageid); if ($tmppage->fk_page > 0) { - $sql .= " OR wp.fk_page = ".$tmppage->fk_page." OR wp.rowid = ".$tmppage->fk_page; + $sql .= " OR wp.fk_page = ".((int) $tmppage->fk_page)." OR wp.rowid = ".((int) $tmppage->fk_page); } $sql .= ")";