Fix: multicompany sharings and uniformize code

htdocs/cashdesk/facturation.php

@@ -33,7 +33,8 @@ if ( $_GET['filtre'] ) {
 	if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= ", ps.reel";
 	$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
 	if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$conf_fkentrepot."'";
-	$sql.= " WHERE p.tosell = 1";
+	$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
+	$sql.= " AND p.tosell = 1";
 	if(!$conf->global->CASHDESK_SERVICES) $sql.= " AND p.fk_product_type = 0";
 	$sql.= " AND (p.ref LIKE '%".$_GET['filtre']."%' OR p.label LIKE '%".$_GET['filtre']."%' ";
 	if ($conf->barcode->enabled) $sql.= " OR p.barcode LIKE '%".$_GET['filtre']."%')";
@@ -69,7 +70,8 @@ if ( $_GET['filtre'] ) {
 	if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= ", ps.reel";
 	$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
 	if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$conf_fkentrepot."'";
-	$sql.= " WHERE p.tosell = 1";
+	$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
+	$sql.= " AND p.tosell = 1";
 	if(!$conf->global->CASHDESK_SERVICES) $sql.= " AND p.fk_product_type = 0";
 	$sql.= " ORDER BY p.label";
 

htdocs/cashdesk/facturation_dhtml.php

@@ -47,7 +47,8 @@ if (dol_strlen($_GET["code"]) >= 0)	// If search criteria is on char length at l
 	if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= ", ps.reel";
 	$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
 	if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = '".$conf_fkentrepot."'";
-	$sql.= " WHERE p.tosell = 1";
+	$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
+	$sql.= " AND p.tosell = 1";
 	$sql.= " AND p.fk_product_type = 0";
 	// Add criteria on ref/label
 	if (! empty($conf->global->PRODUCT_DONOTSEARCH_ANYWHERE))

htdocs/cashdesk/facturation_verif.php

@@ -19,11 +19,8 @@
 require('../main.inc.php');
 require_once(DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php');
 require_once(DOL_DOCUMENT_ROOT.'/cashdesk/class/Facturation.class.php');
-
-/** add Ditto */
 require_once(DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php');
 require_once(DOL_DOCUMENT_ROOT.'/product/class/product.class.php');
-/** end add Ditto */
 
 $obj_facturation = unserialize($_SESSION['serObjFacturation']);
 unset ($_SESSION['serObjFacturation']);
@@ -38,15 +35,16 @@ switch ( $_GET['action'] )
 			if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= ", ps.reel";
 			$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
 			if ($conf->stock->enabled && !empty($conf_fkentrepot)) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps ON p.rowid = ps.fk_product AND ps.fk_entrepot = ".$conf_fkentrepot;
+			$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
 			
 			// Recuperation des donnees en fonction de la source (liste deroulante ou champ texte) ...
 			if ( $_POST['hdnSource'] == 'LISTE' )
 			{
-				$sql.= " WHERE p.rowid = ".$_POST['selProduit'];
+				$sql.= " AND p.rowid = ".$_POST['selProduit'];
 			}
 			else if ( $_POST['hdnSource'] == 'REF' )
 			{
-				$sql.= " WHERE p.ref = '".$_POST['txtRef']."'";
+				$sql.= " AND p.ref = '".$_POST['txtRef']."'";
 			}
 
 			$result = $db->query($sql);

htdocs/comm/propal/class/propal.class.php

@@ -2203,7 +2203,7 @@ class Propal extends CommonObject
 		$prodids = array();
 		$sql = "SELECT rowid";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product";
-		$sql.= " WHERE entity = ".$conf->entity;
+		$sql.= " WHERE entity IN (".getEntity('product', 1).")";
 		$resql = $this->db->query($sql);
 		if ($resql)
 		{

htdocs/commande/class/commande.class.php

@@ -1595,13 +1595,13 @@ class Commande extends CommonObject
         // Tableau des id de produit de la commande
 		$array_of_product=array();
 
-
         // Recherche total en stock pour chaque produit
+        // TODO $array_of_product est défini vide juste au dessus !!
         if (count($array_of_product))
         {
             $sql = "SELECT fk_product, sum(ps.reel) as total";
             $sql.= " FROM ".MAIN_DB_PREFIX."product_stock as ps";
-            $sql.= " WHERE ps.fk_product in (".join(',',$array_of_product).")";
+            $sql.= " WHERE ps.fk_product IN (".join(',',$array_of_product).")";
             $sql.= ' GROUP BY fk_product ';
             $result = $this->db->query($sql);
             if ($result)
@@ -2635,7 +2635,7 @@ class Commande extends CommonObject
         $prodids = array();
         $sql = "SELECT rowid";
         $sql.= " FROM ".MAIN_DB_PREFIX."product";
-        $sql.= " WHERE entity = ".$conf->entity;
+        $sql.= " WHERE entity IN (".getEntity('product', 1).")";
         $resql = $this->db->query($sql);
         if ($resql)
         {

htdocs/compta/facture/class/facture.class.php

@@ -3084,7 +3084,7 @@ class Facture extends CommonObject
         $prodids = array();
         $sql = "SELECT rowid";
         $sql.= " FROM ".MAIN_DB_PREFIX."product";
-        $sql.= " WHERE entity = ".$conf->entity;
+        $sql.= " WHERE entity IN (".getEntity('product', 1).")";
         $resql = $this->db->query($sql);
         if ($resql)
         {

htdocs/compta/journal/purchasesjournal.php

@@ -92,7 +92,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_tva ct ON fd.tva_tx = ct.taux AND ct.fk_
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product p ON p.rowid = fd.fk_product";
 $sql.= " JOIN ".MAIN_DB_PREFIX."facture_fourn f ON f.rowid = fd.fk_facture_fourn";
 $sql.= " JOIN ".MAIN_DB_PREFIX."societe s ON s.rowid = f.fk_soc" ;
-$sql .= " WHERE f.fk_statut > 0 AND f.entity IN (0,".$conf->entity.")";
+$sql.= " WHERE f.fk_statut > 0 AND f.entity = ".$conf->entity;
 if ($date_start && $date_end) $sql .= " AND f.datef >= '".$db->idate($date_start)."' AND f.datef <= '".$db->idate($date_end)."'";
 
 $result = $db->query($sql);
@@ -205,6 +205,6 @@ print "</table>";
 
 
 // End of page
-$db->close();
 llxFooter();
+$db->close();
 ?>

htdocs/compta/journal/sellsjournal.php

@@ -93,7 +93,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product p ON p.rowid = fd.fk_product ";
 $sql.= " JOIN ".MAIN_DB_PREFIX."facture f ON f.rowid = fd.fk_facture";
 $sql.= " JOIN ".MAIN_DB_PREFIX."societe s ON s.rowid = f.fk_soc";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_tva ct ON fd.tva_tx = ct.taux AND ct.fk_pays = '".$idpays."'";
-$sql .= " WHERE f.fk_statut > 0 AND f.entity IN (0,".$conf->entity.")";
+$sql.= " WHERE f.fk_statut > 0 AND f.entity = ".$conf->entity;
 if ($date_start && $date_end) $sql .= " AND f.datef >= '".$db->idate($date_start)."' AND f.datef <= '".$db->idate($date_end)."'";
 $sql .= " order by f.rowid";
 

htdocs/compta/ventilation/lignes.php

@@ -55,10 +55,11 @@ $sql.= " , ".MAIN_DB_PREFIX."compta_compte_generaux as c";
 $sql.= " , ".MAIN_DB_PREFIX."facturedet as l";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
 $sql.= " WHERE f.rowid = l.fk_facture AND f.fk_statut = 1 AND l.fk_code_ventilation <> 0 ";
+$sql.= " AND f.entity = ".$conf->entity;
 $sql.= " AND c.rowid = l.fk_code_ventilation";
 if (dol_strlen(trim($_GET["search_facture"])))
 {
-	$sql .= " AND f.facnumber like '%".$_GET["search_facture"]."%'";
+	$sql .= " AND f.facnumber LIKE '%".$_GET["search_facture"]."%'";
 }
 
 $sql .= " ORDER BY l.rowid DESC";

htdocs/compta/ventilation/liste.php

@@ -60,6 +60,7 @@ $sql.= " FROM ".MAIN_DB_PREFIX."facture as f";
 $sql.= " , ".MAIN_DB_PREFIX."facturedet as l";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = l.fk_product";
 $sql.= " WHERE f.rowid = l.fk_facture AND f.fk_statut = 1 AND fk_code_ventilation = 0";
+$sql.= " AND f.entity = ".$conf->entity;
 $sql.= " ORDER BY l.rowid DESC ".$db->plimit($limit+1,$offset);
 
 $result = $db->query($sql);

htdocs/contrat/class/contrat.class.php

@@ -1450,8 +1450,8 @@ class Contrat extends CommonObject
 		$prodids = array();
 		$sql = "SELECT rowid";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product";
-		$sql.= " WHERE tosell = 1";
-		$sql.= " AND entity = ".$conf->entity;
+		$sql.= " WHERE entity IN (".getEntity('product', 1).")";
+		$sql.= " AND tosell = 1";
 		$resql = $this->db->query($sql);
 		if ($resql)
 		{

htdocs/contrat/index.php

@@ -372,9 +372,9 @@ $sql.= ", ".MAIN_DB_PREFIX."contrat as c";
 $sql.= ", ".MAIN_DB_PREFIX."societe as s";
 if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= " ) LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
-$sql.= " WHERE cd.fk_contrat = c.rowid";
+$sql.= " WHERE c.entity = ".$conf->entity;
+$sql.= " AND cd.fk_contrat = c.rowid";
 $sql.= " AND c.fk_soc = s.rowid";
-$sql.= " AND c.entity = ".$conf->entity;
 if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($socid) $sql.= " AND s.rowid = ".$socid;
 $sql.= " ORDER BY cd.tms DESC";
@@ -450,11 +450,11 @@ $sql.= ", ".MAIN_DB_PREFIX."contrat as c";
 $sql.= ", ".MAIN_DB_PREFIX."societe as s";
 if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= " ) LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
-$sql.= " WHERE c.statut=1";
+$sql.= " WHERE c.entity = ".$conf->entity;
+$sql.= " AND c.statut = 1";
 $sql.= " AND cd.statut = 0";
 $sql.= " AND cd.fk_contrat = c.rowid";
 $sql.= " AND c.fk_soc = s.rowid";
-$sql.= " AND c.entity = ".$conf->entity;
 if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($socid) $sql.= " AND s.rowid = ".$socid;
 $sql.= " ORDER BY cd.tms DESC";
@@ -529,12 +529,12 @@ $sql.= ", ".MAIN_DB_PREFIX."contrat as c";
 $sql.= ", ".MAIN_DB_PREFIX."societe as s";
 if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= " ) LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
-$sql.= " WHERE c.statut=1";
+$sql.= " WHERE c.entity = ".$conf->entity;
+$sql.= " AND c.statut = 1";
 $sql.= " AND cd.statut = 4";
 $sql.= " AND cd.date_fin_validite < '".$db->idate($now)."'";
 $sql.= " AND cd.fk_contrat = c.rowid";
 $sql.= " AND c.fk_soc = s.rowid";
-$sql.= " AND c.entity = ".$conf->entity;
 if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($socid) $sql.= " AND s.rowid = ".$socid;
 $sql.= " ORDER BY cd.tms DESC";

htdocs/contrat/services.php

@@ -84,10 +84,9 @@ $sql.= " ".MAIN_DB_PREFIX."societe as s,";
 if (!$user->rights->societe->client->voir && !$socid) $sql .= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,";
 $sql.= " ".MAIN_DB_PREFIX."contratdet as cd";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
-$sql.= " WHERE";
-$sql.= " c.rowid = cd.fk_contrat";
+$sql.= " WHERE c.entity = ".$conf->entity;
+$sql.= " AND c.rowid = cd.fk_contrat";
 $sql.= " AND c.fk_soc = s.rowid";
-$sql.= " AND c.entity = ".$conf->entity;
 if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 if ($mode == "0") $sql.= " AND cd.statut = 0";
 if ($mode == "4") $sql.= " AND cd.statut = 4";

htdocs/core/boxes/box_produits.php

@@ -77,7 +77,7 @@ include_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php");
 		{
 			$sql = "SELECT p.rowid, p.label, p.price, p.price_base_type, p.price_ttc, p.fk_product_type, p.tms, p.tosell, p.tobuy";
 			$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
-			$sql.= ' WHERE p.entity IN (0,'.getEntity($productstatic->element, 1).')';
+			$sql.= ' WHERE p.entity IN ('.getEntity($productstatic->element, 1).')';
 			if (empty($user->rights->produit->lire)) $sql.=' AND p.fk_product_type != 0';
 			if (empty($user->rights->service->lire)) $sql.=' AND p.fk_product_type != 1';
 			$sql.= $db->order('p.datec', 'DESC');

htdocs/core/boxes/box_services_vendus.php

@@ -83,8 +83,8 @@ include_once(DOL_DOCUMENT_ROOT."/core/boxes/modules_boxes.php");
 			$sql.= ", ".MAIN_DB_PREFIX."product as p";
 			if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 			$sql.= ")";
-			$sql.= " WHERE s.rowid = c.fk_soc";
-			$sql.= " AND c.entity = ".$conf->entity;
+			$sql.= " WHERE c.entity = ".$conf->entity;
+			$sql.= " AND s.rowid = c.fk_soc";
 			$sql.= " AND c.rowid = cd.fk_contrat";
 			$sql.= " AND cd.fk_product = p.rowid";
 			if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;

htdocs/core/class/html.form.class.php

@@ -1263,7 +1263,7 @@ class Form
                     $sql.= "WHERE fk_product='".$objp->rowid."'";
                     $sql.= " AND price_level=".$price_level;
                     $sql.= " ORDER BY date_price";
-                    $sql.= " DESC limit 1";
+                    $sql.= " DESC LIMIT 1";
 
                     dol_syslog("Form::select_produits_do search price for level '.$price_level.' sql=".$sql);
                     $result2 = $this->db->query($sql);
@@ -1405,7 +1405,7 @@ class Form
         $sql.= " FROM ".MAIN_DB_PREFIX."product as p";
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON p.rowid = pfp.fk_product";
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON pfp.fk_soc = s.rowid";
-        $sql.= " WHERE p.entity = ".$conf->entity;
+        $sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
         $sql.= " AND p.tobuy = 1";
         if ($socid) $sql.= " AND pfp.fk_soc = ".$socid;
         if (strval($filtertype) != '') $sql.=" AND p.fk_product_type=".$filtertype;
@@ -1547,7 +1547,7 @@ class Form
         $sql.= " FROM ".MAIN_DB_PREFIX."product as p";
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON p.rowid = pfp.fk_product";
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON pfp.fk_soc = s.rowid";
-        $sql.= " WHERE p.entity = ".$conf->entity;
+        $sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
         $sql.= " AND p.tobuy = 1";
         $sql.= " AND s.fournisseur = 1";
         $sql.= " AND p.rowid = ".$productid;

htdocs/core/lib/sendings.lib.php

@@ -128,10 +128,12 @@ function show_list_sending_receive($origin,$origin_id,$filter='')
 	$sql.= ", ".MAIN_DB_PREFIX.$origin."det as obj";
 	//if ($conf->livraison_bon->enabled) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."livraison as l ON l.fk_expedition = e.rowid LEFT JOIN ".MAIN_DB_PREFIX."livraisondet as ld ON ld.fk_livraison = l.rowid  AND obj.rowid = ld.fk_origin_line";
 	$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON obj.fk_product = p.rowid";
-	$sql.= " WHERE obj.fk_".$origin." = ".$origin_id;
-	if ($filter) $sql.=$filter;
+	$sql.= " WHERE e.entity = ".$conf->entity;
+	$sql.= " AND obj.fk_".$origin." = ".$origin_id;
 	$sql.= " AND obj.rowid = ed.fk_origin_line";
 	$sql.= " AND ed.fk_expedition = e.rowid";
+	if ($filter) $sql.= $filter;
+	
 	$sql.= " ORDER BY obj.fk_product";
 
 	dol_syslog("show_list_sending_receive sql=".$sql, LOG_DEBUG);

htdocs/core/modules/mailings/thirdparties_services_expired.modules.php

@@ -46,7 +46,8 @@ class mailing_thirdparties_services_expired extends MailingTargets
 
         // List of services
         $sql = "SELECT ref FROM ".MAIN_DB_PREFIX."product";
-        $sql.= " WHERE fk_product_type = 1";
+        $sql.= " WHERE entity IN (".getEntity('product', 1).")";
+        $sql.= " AND fk_product_type = 1";
         $sql.= " ORDER BY ref";
         $result=$this->db->query($sql);
         if ($result)
@@ -96,10 +97,11 @@ class mailing_thirdparties_services_expired extends MailingTargets
         $now=dol_now();
 
         // La requete doit retourner: id, email, name
-        $sql = " select s.rowid as id, s.email, s.nom as name, cd.rowid as cdid, cd.date_ouverture, cd.date_fin_validite, cd.fk_contrat";
-        $sql.= " from ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c,";
-        $sql.= " ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."product as p";
-        $sql.= " where s.rowid = c.fk_soc AND cd.fk_contrat = c.rowid AND s.email != ''";
+        $sql = "SELECT s.rowid as id, s.email, s.nom as name, cd.rowid as cdid, cd.date_ouverture, cd.date_fin_validite, cd.fk_contrat";
+        $sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c";
+        $sql.= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."product as p";
+        $sql.= " WHERE s.entity IN (".getEntity('societe', 1).")";
+        $sql.= " AND s.rowid = c.fk_soc AND cd.fk_contrat = c.rowid AND s.email != ''";
         $sql.= " AND cd.statut= 4 AND cd.fk_product=p.rowid AND p.ref = '".$product."'";
         $sql.= " AND cd.date_fin_validite < '".$this->db->idate($now)."'";
         $sql.= " ORDER BY s.email";
@@ -184,12 +186,13 @@ class mailing_thirdparties_services_expired extends MailingTargets
 
         // Example: return parent::getNbOfRecipients("SELECT count(*) as nb from dolibarr_table");
         // Example: return 500;
-        $sql = " select count(*) as nb";
-        $sql.= " from ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c,";
-        $sql.= " ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."product as p";
-        $sql.= " where s.rowid = c.fk_soc AND cd.fk_contrat = c.rowid AND s.email != ''";
+        $sql = "SELECT count(*) as nb";
+        $sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c";
+        $sql.= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."product as p";
+        $sql.= " WHERE s.entity IN (".getEntity('societe', 1).")";
+        $sql.= " AND s.rowid = c.fk_soc AND cd.fk_contrat = c.rowid AND s.email != ''";
         $sql.= " AND cd.statut= 4 AND cd.fk_product=p.rowid";
-        $sql.= " AND p.ref in ('".join("','",$this->arrayofproducts)."')";
+        $sql.= " AND p.ref IN ('".join("','",$this->arrayofproducts)."')";
         $sql.= " AND cd.date_fin_validite < '".$this->db->idate($now)."'";
         //print $sql;
         $a=parent::getNbOfRecipients($sql);

htdocs/core/modules/modCategorie.class.php

@@ -112,6 +112,7 @@ class modCategorie extends DolibarrModules
 		$this->export_sql_start[$r]='SELECT DISTINCT ';
 		$this->export_sql_end[$r]  =' FROM '.MAIN_DB_PREFIX.'categorie as u, '.MAIN_DB_PREFIX.'categorie_fournisseur as cf, '.MAIN_DB_PREFIX.'societe as s LEFT JOIN '.MAIN_DB_PREFIX.'c_typent as t ON s.fk_typent = t.id LEFT JOIN '.MAIN_DB_PREFIX.'c_pays as p ON s.fk_pays = p.rowid LEFT JOIN '.MAIN_DB_PREFIX.'c_effectif as ce ON s.fk_effectif = ce.id LEFT JOIN '.MAIN_DB_PREFIX.'c_forme_juridique as cfj ON s.fk_forme_juridique = cfj.code';
 		$this->export_sql_end[$r] .=' WHERE u.rowid = cf.fk_categorie AND cf.fk_societe = s.rowid';
+		$this->export_sql_end[$r] .=' AND u.entity = '.$conf->entity;
 		$this->export_sql_end[$r] .=' AND u.type = 1';	// Supplier categories
 
 		$r++;
@@ -125,6 +126,7 @@ class modCategorie extends DolibarrModules
 		$this->export_sql_start[$r]='SELECT DISTINCT ';
 		$this->export_sql_end[$r]  =' FROM '.MAIN_DB_PREFIX.'categorie as u, '.MAIN_DB_PREFIX.'categorie_societe as cf, '.MAIN_DB_PREFIX.'societe as s LEFT JOIN '.MAIN_DB_PREFIX.'c_typent as t ON s.fk_typent = t.id LEFT JOIN '.MAIN_DB_PREFIX.'c_pays as p ON s.fk_pays = p.rowid LEFT JOIN '.MAIN_DB_PREFIX.'c_effectif as ce ON s.fk_effectif = ce.id LEFT JOIN '.MAIN_DB_PREFIX.'c_forme_juridique as cfj ON s.fk_forme_juridique = cfj.code';
 		$this->export_sql_end[$r] .=' WHERE u.rowid = cf.fk_categorie AND cf.fk_societe = s.rowid';
+		$this->export_sql_end[$r] .=' AND u.entity = '.$conf->entity;
 		$this->export_sql_end[$r] .=' AND u.type = 2';	// Customer/Prospect categories
 
 		$r++;
@@ -138,6 +140,7 @@ class modCategorie extends DolibarrModules
 		$this->export_sql_start[$r]='SELECT DISTINCT ';
 		$this->export_sql_end[$r]  =' FROM '.MAIN_DB_PREFIX.'categorie as u, '.MAIN_DB_PREFIX.'categorie_product as cp, '.MAIN_DB_PREFIX.'product as p';
 		$this->export_sql_end[$r] .=' WHERE u.rowid = cp.fk_categorie AND cp.fk_product = p.rowid';
+		$this->export_sql_end[$r] .=' AND u.entity = '.$conf->entity;
 		$this->export_sql_end[$r] .=' AND u.type = 0';	// Supplier categories
 
 		$r++;
@@ -151,6 +154,7 @@ class modCategorie extends DolibarrModules
 		$this->export_sql_start[$r]='SELECT DISTINCT ';
 		$this->export_sql_end[$r]  =' FROM '.MAIN_DB_PREFIX.'categorie as u, '.MAIN_DB_PREFIX.'categorie_member as cp, '.MAIN_DB_PREFIX.'adherent as p';
 		$this->export_sql_end[$r] .=' WHERE u.rowid = cp.fk_categorie AND cp.fk_member = p.rowid';
+		$this->export_sql_end[$r] .=' AND u.entity = '.$conf->entity;
 		$this->export_sql_end[$r] .=' AND u.type = 3';	// Supplier categories
 	}
 

htdocs/core/modules/modProduct.class.php

@@ -142,7 +142,7 @@ class modProduct extends DolibarrModules
 
 		$this->export_sql_start[$r]='SELECT DISTINCT ';
 		$this->export_sql_end[$r]  =' FROM '.MAIN_DB_PREFIX.'product as p';
-		$this->export_sql_end[$r] .=' WHERE p.fk_product_type = 0 AND p.entity = '.$conf->entity;
+		$this->export_sql_end[$r] .=' WHERE p.fk_product_type = 0 AND p.entity IN ('.getEntity("product", 1).')';
 
 
 		// Imports

htdocs/core/modules/modService.class.php

@@ -128,7 +128,7 @@ class modService extends DolibarrModules
 
 		$this->export_sql_start[$r]='SELECT DISTINCT ';
 		$this->export_sql_end[$r]  =' FROM '.MAIN_DB_PREFIX.'product as p';
-		$this->export_sql_end[$r] .=' WHERE p.fk_product_type = 1 AND p.entity = '.$conf->entity;
+		$this->export_sql_end[$r] .=' WHERE p.fk_product_type = 1 AND p.entity IN ('.getEntity("product", 1).')';
 
 	}
 

htdocs/expedition/class/expedition.class.php

@@ -990,7 +990,7 @@ class Expedition extends CommonObject
 		$prodids = array();
 		$sql = "SELECT rowid";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product";
-		$sql.= " WHERE entity = ".$conf->entity;
+		$sql.= " WHERE entity IN (".getEntity('product', 1).")";
 		$resql = $this->db->query($sql);
 		if ($resql)
 		{

htdocs/expedition/shipment.php

@@ -394,12 +394,10 @@ if ($id > 0 || ! empty($ref))
 		$sql.= " FROM ".MAIN_DB_PREFIX."commandedet as cd";
 		$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
 		$sql.= " WHERE cd.fk_commande = ".$commande->id;
-		// $sql.= " AND p.fk_product_type <> 1";		Why this line ?
-		//$sql.= " GROUP by cd.rowid, cd.fk_product";
 		$sql.= " ORDER BY cd.rang, cd.rowid";
 
 		//print $sql;
-		dol_syslog("commande.php sql=".$sql, LOG_DEBUG);
+		dol_syslog("shipment.php sql=".$sql, LOG_DEBUG);
 		$resql = $db->query($sql);
 		if ($resql)
 		{

htdocs/fourn/class/fournisseur.class.php

@@ -88,9 +88,12 @@ class Fournisseur extends Societe
 	 */
 	function nbOfProductRefs()
 	{
+		global $conf;
+		
 		$sql = "SELECT count(pfp.rowid) as nb";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
-		$sql .= " WHERE pfp.fk_soc = ".$this->id;
+		$sql.= " WHERE pfp.entity = ".$conf->entity;
+		$sql.= " AND pfp.fk_soc = ".$this->id;
 
 		$resql = $this->db->query($sql);
 		if ( $resql )

htdocs/fourn/class/fournisseur.commande.class.php

@@ -1688,7 +1688,7 @@ class CommandeFournisseur extends Commande
 
         $sql = "SELECT rowid";
         $sql.= " FROM ".MAIN_DB_PREFIX."product";
-        $sql.= " WHERE entity = ".$conf->entity;
+        $sql.= " WHERE entity IN (".getEntity('product', 1).")";
 
         $resql = $this->db->query($sql);
         if ($resql)

htdocs/fourn/class/fournisseur.facture.class.php

@@ -1242,7 +1242,7 @@ class FactureFournisseur extends Facture
 
         $sql = "SELECT rowid";
         $sql.= " FROM ".MAIN_DB_PREFIX."product";
-        $sql.= " WHERE entity = ".$conf->entity;
+        $sql.= " WHERE entity IN (".getEntity('product', 1).")";
 
         $resql = $this->db->query($sql);
         if ($resql)

htdocs/fourn/class/fournisseur.product.class.php

@@ -153,15 +153,16 @@ class ProductFournisseur extends Product
         $error=0;
         $this->db->begin();
         
-        // Supprime prix courant du fournisseur pour cette quantite
-        $sql = "DELETE FROM  ".MAIN_DB_PREFIX."product_fournisseur_price";
         if ($this->product_fourn_price_id)
         {
+        	// Supprime prix courant du fournisseur pour cette quantite
+        	$sql = "DELETE FROM  ".MAIN_DB_PREFIX."product_fournisseur_price";
         	$sql.= " WHERE rowid = ".$this->product_fourn_price_id;
+        	$resql=$this->db->query($sql);
+        	if ($resql < 0) $error++;
         }
 
-        $resql=$this->db->query($sql);
-        if ($resql)
+        if (! $error)
         {
             if ($price_base_type == 'TTC')
             {

htdocs/fourn/commande/dispatch.php

@@ -217,8 +217,7 @@ if ($id > 0 || ! empty($ref))
 				$db->free($resql);
 			}
 
-			$sql = "SELECT l.ref,l.fk_product,l.description, l.subprice, sum(l.qty) as qty";
-			$sql.= ", l.rowid";
+			$sql = "SELECT l.rowid, l.ref, l.fk_product, l.description, l.subprice, sum(l.qty) as qty";
 			$sql.= ", p.label";
 			$sql.= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as l";
 			$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON l.fk_product=p.rowid";

htdocs/fourn/product/index.php

@@ -58,7 +58,10 @@ print "</table></form><br>\n";
  * Nombre de produits et/ou services
  */
 $prodser = array();
-$sql = "SELECT count(*), fk_product_type  FROM ".MAIN_DB_PREFIX."product as p GROUP BY fk_product_type";
+$sql = "SELECT count(*), p.fk_product_type";
+$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
+$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
+$sql.= " GROUP BY p.fk_product_type";
 $resql=$db->query($sql);
 if ($resql)
 {
@@ -97,7 +100,8 @@ print '</td><td valign="top" width="70%">';
  */
 $sql = "SELECT p.rowid, p.label, p.price, p.ref, p.type";
 $sql.= " FROM ".MAIN_DB_PREFIX."product as p ";
-$sql .= " WHERE p.fk_product_type <> 1";
+$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
+$sql.= " AND p.fk_product_type <> 1";
 $sql.= " ORDER BY p.datec DESC ";
 $sql.= $db->plimit(15, 0);
 

htdocs/fourn/product/liste.php

@@ -91,36 +91,32 @@ $sql = "SELECT p.rowid, p.label, p.ref, p.fk_product_type,";
 $sql.= " ppf.fk_soc, ppf.ref_fourn, ppf.price as price, ppf.quantity as qty, ppf.unitprice,";
 $sql.= " s.rowid as socid, s.nom";
 $sql.= " FROM ".MAIN_DB_PREFIX."product as p";
-if ($catid)
-{
-	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid";
-}
+if ($catid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as ppf ON p.rowid = ppf.fk_product";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON ppf.fk_soc = s.rowid";
-
+$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
 if ($_POST["mode"] == 'search')
 {
-	$sql .= " WHERE p.ref like '%".$_POST["sall"]."%'";
-	$sql .= " OR p.label like '%".$_POST["sall"]."%'";
+	$sql .= " AND (p.ref LIKE '%".$_POST["sall"]."%'";
+	$sql .= " OR p.label LIKE '%".$_POST["sall"]."%')";
 }
 else
 {
-	$sql .= " WHERE 1=1";
 	if ($_GET["type"] || $_POST["type"])
 	{
 		$sql .= " AND p.fk_product_type = ".(isset($_GET["type"])?$_GET["type"]:$_POST["type"]);
 	}
 	if ($sref)
 	{
-		$sql .= " AND p.ref like '%".$sref."%'";
+		$sql .= " AND p.ref LIKE '%".$sref."%'";
 	}
 	if ($sRefSupplier)
 	{
-		$sql .= " AND ppf.ref_fourn like '%".$sRefSupplier."%'";
+		$sql .= " AND ppf.ref_fourn LIKE '%".$sRefSupplier."%'";
 	}
 	if ($snom)
 	{
-		$sql .= " AND p.label like '%".$snom."%'";
+		$sql .= " AND p.label LIKE '%".$snom."%'";
 	}
 	if($catid)
 	{

htdocs/livraison/class/livraison.class.php

@@ -756,8 +756,8 @@ class Livraison extends CommonObject
 		$prodids = array();
 		$sql = "SELECT rowid";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product";
-		$sql.= " WHERE tosell = 1";
-		$sql.= " AND entity = ".$conf->entity;
+		$sql.= " WHERE entity IN (".getEntity('product', 1).")";
+		$sql.= " AND tosell = 1";
 		$resql = $this->db->query($sql);
 		if ($resql)
 		{
@@ -866,7 +866,7 @@ class Livraison extends CommonObject
 		else
 		{
 			$this->error=$this->db->error()." - sql=$sqlSourceLine";
-			dol_syslog("livraison.class.php::getRemainingDelivered ".$this->error, LOG_ERR);
+			dol_syslog(get_class($this)."::getRemainingDelivered ".$this->error, LOG_ERR);
 			return -1;
 		}
 	}

htdocs/product/canvas/product/actions_card_product.class.php

@@ -353,7 +353,7 @@ class ActionsCardProduct extends Product
 		}
 
 		$sql.= ' FROM '.MAIN_DB_PREFIX.'product as p';
-		$sql.= " WHERE p.entity = ".$conf->entity;
+		$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
 
 		if ($sall)
 		{

htdocs/product/canvas/service/actions_card_service.class.php

@@ -313,15 +313,15 @@ class ActionsCardService extends Product
 			$fourn_id = $_GET["fourn_id"];
 			$sql.= ", ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
 		}
-		$sql.= " WHERE p.entity = ".$conf->entity;
+		$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
 		if ($search_categ) $sql.= " AND p.rowid = cp.fk_product";	// Join for the needed table to filter by categ
 		if ($sall)
 		{
-			$sql.= " AND (p.ref like '%".$this->db->escape($sall)."%' OR p.label like '%".$this->db->escape($sall)."%' OR p.description like '%".$this->db->escape($sall)."%' OR p.note like '%".$this->db->escape($sall)."%')";
+			$sql.= " AND (p.ref LIKE '%".$this->db->escape($sall)."%' OR p.label LIKE '%".$this->db->escape($sall)."%' OR p.description LIKE '%".$this->db->escape($sall)."%' OR p.note LIKE '%".$this->db->escape($sall)."%')";
 		}
-		if ($sref)     $sql.= " AND p.ref like '%".$sref."%'";
-		if ($sbarcode) $sql.= " AND p.barcode like '%".$sbarcode."%'";
-		if ($snom)     $sql.= " AND p.label like '%".$this->db->escape($snom)."%'";
+		if ($sref)     $sql.= " AND p.ref LIKE '%".$sref."%'";
+		if ($sbarcode) $sql.= " AND p.barcode LIKE '%".$sbarcode."%'";
+		if ($snom)     $sql.= " AND p.label LIKE '%".$this->db->escape($snom)."%'";
 		if (isset($_GET["tosell"]) && dol_strlen($_GET["tosell"]) > 0)
 		{
 			$sql.= " AND p.tosell = ".$this->db->escape($_GET["tosell"]);

htdocs/product/class/html.formproduct.class.php

@@ -60,7 +60,7 @@ class FormProduct
 	 */
 	function loadWarehouses($fk_product=0)
 	{
-		global $langs;
+		global $conf, $langs;
 
 		if (empty($fk_product) && count($this->cache_warehouses)) return 0;    // Cache already loaded and we do not want a list with information specific to a product
 
@@ -72,7 +72,8 @@ class FormProduct
 			$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps on ps.fk_entrepot = e.rowid";
 			$sql.= " AND ps.fk_product = '".$fk_product."'";
 		}
-		$sql.= " WHERE statut = 1";
+		$sql.= " WHERE e.entity = ".$conf->entity;
+		$sql.= " AND e.statut = 1";
 		$sql.= " ORDER BY e.label";
 
 		dol_syslog(get_class($this).'::loadWarehouses sql='.$sql,LOG_DEBUG);

htdocs/product/class/product.class.php

@@ -262,8 +262,8 @@ class Product extends CommonObject
 
 		$sql = "SELECT count(*) as nb";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product";
-		$sql.= " WHERE ref = '" .$this->ref."'";
-		$sql.= " AND entity = ".$conf->entity;
+		$sql.= " WHERE entity IN (".getEntity('product', 1).")";
+		$sql.= " AND ref = '" .$this->ref."'";
 
 		$result = $this->db->query($sql);
 		if ($result)
@@ -1020,8 +1020,12 @@ class Product extends CommonObject
 		$sql.= " datec, tms, import_key";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product";
 		if ($id) $sql.= " WHERE rowid = '".$id."'";
-		else if ($ref) $sql.= " WHERE ref = '".$this->db->escape($ref)."'";
-		else if ($ref_ext) $sql.= " WHERE ref_ext = '".$this->db->escape($ref_ext)."'";
+		else
+		{
+			$sql.= " WHERE p.entity IN (".getEntity($this->element, 1).")";
+			if ($ref) $sql.= " AND ref = '".$this->db->escape($ref)."'";
+			else if ($ref_ext) $sql.= " AND ref_ext = '".$this->db->escape($ref_ext)."'";
+		}
 
 		dol_syslog(get_class($this)."::fetch sql=".$sql);
 		$resql = $this->db->query($sql);
@@ -1097,8 +1101,8 @@ class Product extends CommonObject
 						$sql = "SELECT price, price_ttc, price_min, price_min_ttc,";
 						$sql.= " price_base_type, tva_tx, tosell";
 						$sql.= " FROM ".MAIN_DB_PREFIX."product_price";
-						$sql.= " where price_level=".$i." and";
-						$sql.= " fk_product = '".$this->id."'";
+						$sql.= " WHERE price_level=".$i;
+						$sql.= " AND fk_product = '".$this->id."'";
 						$sql.= " ORDER BY date_price DESC";
 						$sql.= " LIMIT 1";
 						$resql = $this->db->query($sql);
@@ -1614,8 +1618,8 @@ class Product extends CommonObject
 	 */
 	function add_sousproduit($id_pere, $id_fils,$qty)
 	{
-		$sql = 'delete from '.MAIN_DB_PREFIX.'product_association';
-		$sql .= ' WHERE fk_product_pere  = "'.$id_pere.'" and fk_product_fils = "'.$id_fils.'"';
+		$sql = 'DELETE from '.MAIN_DB_PREFIX.'product_association';
+		$sql .= ' WHERE fk_product_pere  = "'.$id_pere.'" AND fk_product_fils = "'.$id_fils.'"';
 		if (! $this->db->query($sql))
 		{
 			dol_print_error($this->db);
@@ -1623,8 +1627,8 @@ class Product extends CommonObject
 		}
 		else
 		{
-			$sql = 'select fk_product_pere from '.MAIN_DB_PREFIX.'product_association';
-			$sql .= ' WHERE fk_product_pere  = "'.$id_fils.'" and fk_product_fils = "'.$id_pere.'"';
+			$sql = 'SELECT fk_product_pere from '.MAIN_DB_PREFIX.'product_association';
+			$sql .= ' WHERE fk_product_pere  = "'.$id_fils.'" AND fk_product_fils = "'.$id_pere.'"';
 			if (! $this->db->query($sql))
 			{
 				dol_print_error($this->db);
@@ -1643,7 +1647,7 @@ class Product extends CommonObject
 					}
 					else
 					{
-						$sql = 'insert into '.MAIN_DB_PREFIX.'product_association(fk_product_pere,fk_product_fils,qty)';
+						$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'product_association(fk_product_pere,fk_product_fils,qty)';
 						$sql .= ' VALUES ("'.$id_pere.'","'.$id_fils.'","'.$qty.'")';
 						if (! $this->db->query($sql))
 						{
@@ -2791,8 +2795,8 @@ class Product extends CommonObject
 
 		$sql = "SELECT count(p.rowid) as nb";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
-		$sql.= " WHERE p.fk_product_type <> 1";
-		$sql.= ' AND p.entity IN ('.getEntity($this->element, 1).')';
+		$sql.= ' WHERE p.entity IN ('.getEntity($this->element, 1).')';
+		$sql.= " AND p.fk_product_type <> 1";
 
 		$resql=$this->db->query($sql);
 		if ($resql)

htdocs/product/class/service.class.php

@@ -66,8 +66,8 @@ class Service extends CommonObject
 
 		$sql = "SELECT count(p.rowid) as nb";
 		$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
-		$sql.= " WHERE p.fk_product_type = 1";
-		$sql.= " AND p.entity = ".$conf->entity;
+		$sql.= ' WHERE p.entity IN ('.getEntity($this->element, 1).')';
+		$sql.= " AND p.fk_product_type = 1";
 
 		$resql=$this->db->query($sql);
 		if ($resql)

htdocs/product/composition/fiche.php

@@ -132,18 +132,18 @@ if ($action == 'search')
 	$sql.= ' FROM '.MAIN_DB_PREFIX.'product as p';
 	$sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_product as cp ON p.rowid = cp.fk_product';
 	if ($conf->global->MAIN_MULTILANGS) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_lang as pl ON pl.fk_product = p.rowid AND lang='".($current_lang)."'";
-	$sql.= " WHERE p.entity = ".$conf->entity;
+	$sql.= ' WHERE p.entity IN ('.getEntity("product", 1).')';
 	if ($key != "")
 	{
 		if ($conf->global->MAIN_MULTILANGS)
 		{
-			$sql.= " AND (p.ref like '%".$key."%'";
-			$sql.= " OR pl.label like '%".$key."%')";
+			$sql.= " AND (p.ref LIKE '%".$key."%'";
+			$sql.= " OR pl.label LIKE '%".$key."%')";
 		}
 		else
 		{
-			$sql.= " AND (p.ref like '%".$key."%'";
-			$sql.= " OR p.label like '%".$key."%')";
+			$sql.= " AND (p.ref LIKE '%".$key."%'";
+			$sql.= " OR p.label LIKE '%".$key."%')";
 		}
 	}
 	if ($conf->categorie->enabled && $catMere != -1 and $catMere)

htdocs/product/index.php

@@ -165,7 +165,7 @@ $max=15;
 $sql = "SELECT p.rowid, p.label, p.price, p.ref, p.fk_product_type, p.tosell, p.tobuy,";
 $sql.= " p.tms as datem";
 $sql.= " FROM ".MAIN_DB_PREFIX."product as p";
-$sql.= " WHERE p.entity IN (".getEntity($sharedelement, 1).")";
+$sql.= " WHERE p.entity IN (".getEntity($product_static->element, 1).")";
 if ($type != '') $sql.= " AND p.fk_product_type = ".$type;
 $sql.= $db->order("p.tms","DESC");
 $sql.= $db->plimit($max,0);

htdocs/product/liste.php

@@ -148,9 +148,9 @@ else
     	if ($type == 1) $sql.= " AND p.fk_product_type = '1'";
     	else $sql.= " AND p.fk_product_type <> '1'";
     }
-    if ($sref)     $sql.= " AND p.ref like '%".$sref."%'";
-    if ($sbarcode) $sql.= " AND p.barcode like '%".$sbarcode."%'";
-    if ($snom)     $sql.= " AND p.label like '%".$db->escape($snom)."%'";
+    if ($sref)     $sql.= " AND p.ref LIKE '%".$sref."%'";
+    if ($sbarcode) $sql.= " AND p.barcode LIKE '%".$sbarcode."%'";
+    if ($snom)     $sql.= " AND p.label LIKE '%".$db->escape($snom)."%'";
     if (isset($tosell) && dol_strlen($tosell) > 0) $sql.= " AND p.tosell = ".$db->escape($tosell);
     if (isset($tobuy) && dol_strlen($tobuy) > 0)   $sql.= " AND p.tobuy = ".$db->escape($tobuy);
     if (dol_strlen($canvas) > 0)                   $sql.= " AND p.canvas = '".$db->escape($canvas)."'";

htdocs/product/popuprop.php

@@ -65,7 +65,7 @@ llxHeader('',$title,$helpurl,'');
 //On n'affiche le lien page suivante que s'il y a une page suivante ...
 $sql = "SELECT count(*) as c";
 $sql.= " FROM ".MAIN_DB_PREFIX."product";
-$sql.= " WHERE entity = ".$conf->entity;
+$sql.= ' WHERE entity IN ('.getEntity('product', 1).')';
 if (isset($_GET['type'])) $sql.= " AND fk_product_type = ".$_GET['type'];
 
 $result=$db->query($sql);
@@ -99,8 +99,8 @@ print "</tr>\n";
 $sql  = "SELECT p.rowid, p.label, p.ref, p.fk_product_type as type, count(*) as c";
 $sql.= " FROM ".MAIN_DB_PREFIX."propaldet as pd";
 $sql.= ", ".MAIN_DB_PREFIX."product as p";
-$sql.= " WHERE p.rowid = pd.fk_product";
-$sql.= " AND p.entity = ".$conf->entity;
+$sql.= ' WHERE p.entity IN ('.getEntity('product', 1).')';
+$sql.= " AND p.rowid = pd.fk_product";
 if (isset($_GET['type'])) $sql.= " AND fk_product_type = ".$_GET['type'];
 $sql.= " GROUP BY (p.rowid)";
 $sql.= $db->order($sortfield,$sortorder);

htdocs/product/reassort.php

@@ -97,11 +97,11 @@ $sql.= ' FROM ('.MAIN_DB_PREFIX.'product as p';
 // We'll need this table joined to the select in order to filter by categ
 if ($search_categ) $sql.= ", ".MAIN_DB_PREFIX."categorie_product as cp";
 $sql.= ') LEFT JOIN '.MAIN_DB_PREFIX.'product_stock as s on p.rowid = s.fk_product';
-$sql.= " WHERE p.entity = ".$conf->entity;
+$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
 if ($search_categ) $sql.= " AND p.rowid = cp.fk_product";	// Join for the needed table to filter by categ
 if ($sall)
 {
-	$sql.= " AND (p.ref like '%".$db->escape($sall)."%' OR p.label like '%".$db->escape($sall)."%' OR p.description like '%".$db->escape($sall)."%' OR p.note like '%".$db->escape($sall)."%')";
+	$sql.= " AND (p.ref LIKE '%".$db->escape($sall)."%' OR p.label LIKE '%".$db->escape($sall)."%' OR p.description LIKE '%".$db->escape($sall)."%' OR p.note LIKE '%".$db->escape($sall)."%')";
 }
 // if the type is not 1, we show all products (type = 0,2,3)
 if (dol_strlen($type))
@@ -115,9 +115,9 @@ if (dol_strlen($type))
         $sql.= " AND p.fk_product_type <> '1'";
     }
 }
-if ($sref)     $sql.= " AND p.ref like '%".$sref."%'";
-if ($sbarcode) $sql.= " AND p.barcode like '%".$sbarcode."%'";
-if ($snom)     $sql.= " AND p.label like '%".$db->escape($snom)."%'";
+if ($sref)     $sql.= " AND p.ref LIKE '%".$sref."%'";
+if ($sbarcode) $sql.= " AND p.barcode LIKE '%".$sbarcode."%'";
+if ($snom)     $sql.= " AND p.label LIKE '%".$db->escape($snom)."%'";
 if (isset($_GET["tosell"]) && dol_strlen($_GET["tosell"]) > 0)
 {
 	$sql.= " AND p.tosell = ".$_GET["tosell"];