From 08c7458dd93dee1ab6599cc7162c0f7c7c556090 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 11:36:50 +0200 Subject: [PATCH] FIX #yogosha5746 --- htdocs/comm/propal/class/propal.class.php | 4 ++-- htdocs/commande/class/commande.class.php | 4 ++-- .../compta/bank/class/paymentvarious.class.php | 2 +- htdocs/compta/bank/releve.php | 3 ++- .../cashcontrol/class/cashcontrol.class.php | 2 +- .../compta/facture/class/facture-rec.class.php | 6 +++--- htdocs/compta/facture/class/facture.class.php | 2 +- htdocs/compta/localtax/class/localtax.class.php | 2 +- htdocs/compta/paiement/class/paiement.class.php | 6 +++--- htdocs/core/class/commonobject.class.php | 16 ++++++++-------- .../expensereport/mod_expensereport_jade.php | 2 +- htdocs/fichinter/class/fichinterrec.class.php | 8 ++++---- htdocs/install/repair.php | 4 ++-- htdocs/projet/tasks/time.php | 6 +++--- htdocs/public/emailing/mailing-read.php | 6 +++--- htdocs/salaries/class/salary.class.php | 2 +- .../class/supplier_proposal.class.php | 2 +- htdocs/variants/class/ProductAttribute.class.php | 2 +- 18 files changed, 40 insertions(+), 39 deletions(-) diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 0388768fc1f..32206a0c251 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -2997,7 +2997,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal'; - $sql .= ' SET fk_availability = '.$availability_id; + $sql .= ' SET fk_availability = '.((int) $availability_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__.' availability('.$availability_id.')', LOG_DEBUG); @@ -3061,7 +3061,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal'; - $sql .= ' SET fk_input_reason = '.$demand_reason_id; + $sql .= ' SET fk_input_reason = '.((int) $demand_reason_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__.' demand_reason('.$demand_reason_id.')', LOG_DEBUG); diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 2f2f0a4d81c..c3e6babdbbe 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -2743,7 +2743,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; - $sql .= ' SET fk_availability = '.$availability_id; + $sql .= ' SET fk_availability = '.((int) $availability_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); @@ -2807,7 +2807,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; - $sql .= ' SET fk_input_reason = '.$demand_reason_id; + $sql .= ' SET fk_input_reason = '.((int) $demand_reason_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index dccdcd5cd24..86a70a35311 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -572,7 +572,7 @@ class PaymentVarious extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index dc71a1d2d27..010b4a08fde 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -179,7 +179,8 @@ $sqlrequestforbankline = $sql; if ($action == 'confirm_editbankreceipt' && !empty($oldbankreceipt) && !empty($newbankreceipt)) { // TODO Add a test to check newbankreceipt does not exists yet - $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.$id; + $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank'; + $sqlupdate .= ' SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.((int) $id); $result = $db->query($sqlupdate); if ($result < 0) { dol_print_error($db); diff --git a/htdocs/compta/cashcontrol/class/cashcontrol.class.php b/htdocs/compta/cashcontrol/class/cashcontrol.class.php index 1563309a3c4..cfd201e3ec4 100644 --- a/htdocs/compta/cashcontrol/class/cashcontrol.class.php +++ b/htdocs/compta/cashcontrol/class/cashcontrol.class.php @@ -213,7 +213,7 @@ class CashControl extends CommonObject if (!$error) { $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."pos_cash_fence"); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'pos_cash_fence SET ref = rowid where rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'pos_cash_fence SET ref = rowid where rowid = '.((int) $this->id); $this->db->query($sql); } diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php index 674b5917b17..b93f48ff655 100644 --- a/htdocs/compta/facture/class/facture-rec.class.php +++ b/htdocs/compta/facture/class/facture-rec.class.php @@ -1808,7 +1808,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET nb_gen_max = '.$nb; + $sql .= ' SET nb_gen_max = '.((int) $nb); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG); @@ -1835,7 +1835,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET auto_validate = '.$validate; + $sql .= ' SET auto_validate = '.((int) $validate); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); @@ -1862,7 +1862,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET generate_pdf = '.$validate; + $sql .= ' SET generate_pdf = '.((int) $validate); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setGeneratePdf", LOG_DEBUG); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 111ace7c415..a43d4431c59 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -4610,7 +4610,7 @@ class Facture extends CommonInvoice $this->db->begin(); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/localtax/class/localtax.class.php b/htdocs/compta/localtax/class/localtax.class.php index 46b2b2b7805..324ccbf2923 100644 --- a/htdocs/compta/localtax/class/localtax.class.php +++ b/htdocs/compta/localtax/class/localtax.class.php @@ -559,7 +559,7 @@ class Localtax extends CommonObject public function update_fk_bank($id) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.$id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.((int) $id); $sql .= ' WHERE rowid = '.$this->id; $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 9dcc57a47f2..5647295d171 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -736,7 +736,7 @@ class Paiement extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this).'::update_fk_bank', LOG_DEBUG); @@ -855,7 +855,7 @@ class Paiement extends CommonObject */ public function validate(User $user = null) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 1 WHERE rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 1 WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this).'::valide', LOG_DEBUG); $result = $this->db->query($sql); @@ -876,7 +876,7 @@ class Paiement extends CommonObject */ public function reject(User $user = null) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 2 WHERE rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 2 WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this).'::reject', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 48e92d58172..ed1ce977221 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -2332,7 +2332,7 @@ abstract class CommonObject $fieldname = 'multicurrency_tx'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.$rate; + $sql .= ' SET '.$fieldname.' = '.((float) $rate); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2617,7 +2617,7 @@ abstract class CommonObject $fieldname = 'retained_warranty_fk_cond_reglement'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.$id; + $sql .= ' SET '.$fieldname.' = '.((int) $id); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -3062,11 +3062,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.$rang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; $sql .= ' AND rang = '.($rang - 1); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang - 1); + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang - 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -3093,11 +3093,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.$rang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; - $sql .= ' AND rang = '.($rang + 1); + $sql .= ' AND rang = '.((int) ($rang + 1)); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang + 1); + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang + 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -7656,7 +7656,7 @@ abstract class CommonObject public static function commonReplaceThirdparty(DoliDB $db, $origin_id, $dest_id, array $tables, $ignoreerrors = 0) { foreach ($tables as $table) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$table.' SET fk_soc = '.$dest_id.' WHERE fk_soc = '.$origin_id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$table.' SET fk_soc = '.((int) $dest_id).' WHERE fk_soc = '.((int) $origin_id); if (!$db->query($sql)) { if ($ignoreerrors) { diff --git a/htdocs/core/modules/expensereport/mod_expensereport_jade.php b/htdocs/core/modules/expensereport/mod_expensereport_jade.php index bbe2245a97d..b25ac15345b 100644 --- a/htdocs/core/modules/expensereport/mod_expensereport_jade.php +++ b/htdocs/core/modules/expensereport/mod_expensereport_jade.php @@ -163,7 +163,7 @@ class mod_expensereport_jade extends ModeleNumRefExpenseReport } $newref = str_replace(' ', '_', $user_author_infos).$expld_car.$prefix.$newref.$expld_car.dol_print_date($object->date_debut, '%y%m%d'); - $sqlbis = 'UPDATE '.MAIN_DB_PREFIX.'expensereport SET ref_number_int = '.$ref_number_int.' WHERE rowid = '.$object->id; + $sqlbis = 'UPDATE '.MAIN_DB_PREFIX.'expensereport SET ref_number_int = '.((int) $ref_number_int).' WHERE rowid = '.((int) $object->id); $resqlbis = $db->query($sqlbis); if (!$resqlbis) { dol_print_error($resqlbis); diff --git a/htdocs/fichinter/class/fichinterrec.class.php b/htdocs/fichinter/class/fichinterrec.class.php index 8ed842a70c9..960a2734706 100644 --- a/htdocs/fichinter/class/fichinterrec.class.php +++ b/htdocs/fichinter/class/fichinterrec.class.php @@ -784,8 +784,8 @@ class FichinterRec extends Fichinter } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET nb_gen_max = '.$nb; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' SET nb_gen_max = '.((int) $nb); + $sql .= ' WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG); if ($this->db->query($sql)) { @@ -811,8 +811,8 @@ class FichinterRec extends Fichinter } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET auto_validate = '.$validate; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' SET auto_validate = '.((int) $validate); + $sql .= ' WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index 9357128d050..1eb980ae173 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -1347,8 +1347,8 @@ if ($ok && GETPOST('repair_link_dispatch_lines_supplier_order_lines')) { $qty_for_line = min($remaining_qty, $obj_line->qty); if ($first_iteration) { $sql_attach = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch'; - $sql_attach .= ' SET fk_commandefourndet = '.$obj_line->rowid.', qty = '.$qty_for_line; - $sql_attach .= ' WHERE rowid = '.$obj_dispatch->rowid; + $sql_attach .= ' SET fk_commandefourndet = '.((int) $obj_line->rowid).', qty = '.((float) $qty_for_line); + $sql_attach .= ' WHERE rowid = '.((int) $obj_dispatch->rowid); $first_iteration = false; } else { $sql_attach_values = array( diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index 54f622b95a1..1c3cacb4cee 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -428,7 +428,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($langs->trans("TimeSpentForInvoice", $username).' : '.$qtyhourtext, $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).') AND fk_user = '.((int) $userid); $result = $db->query($sql); if (!$result) { @@ -467,7 +467,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($value['note'], $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).') AND fk_user = '.((int) $userid); $result = $db->query($sql); if (!$result) { @@ -503,7 +503,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($lineName, $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).')'; $result = $db->query($sql); if (!$result) { diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php index 454201203cc..91418707d3a 100644 --- a/htdocs/public/emailing/mailing-read.php +++ b/htdocs/public/emailing/mailing-read.php @@ -122,19 +122,19 @@ if (!empty($tag)) { //Update status of target $statut = '2'; - $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE rowid = ".((int) $obj->rowid); + $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".((int) $statut)." WHERE rowid = ".((int) $obj->rowid); $resql = $db->query($sql); if (!$resql) dol_print_error($db); //Update status communication of thirdparty prospect if ($obj->source_id > 0 && $obj->source_type == 'thirdparty' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid = '.$obj->source_id; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid = '.((int) $obj->source_id); $resql = $db->query($sql); } //Update status communication of contact prospect if ($obj->source_id > 0 && $obj->source_type == 'contact' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.$obj->source_id.')'; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '((int) $obj->source_id).')'; $resql = $db->query($sql); } } diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index fdd1bfd7f73..85ccfc0a1db 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -463,7 +463,7 @@ class Salary extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index bbb06f2a2da..0320a663ea8 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1777,7 +1777,7 @@ class SupplierProposal extends CommonObject $price = price2num($product->subprice * $product->qty, 'MU'); $unitPrice = price2num($product->subprice, 'MU'); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_fournisseur_price SET '.(!empty($product->ref_fourn) ? 'ref_fourn = "'.$product->ref_fourn.'", ' : '').' price ='.$price.', unitprice ='.$unitPrice.' WHERE rowid = '.$idProductFournPrice; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_fournisseur_price SET '.(!empty($product->ref_fourn) ? 'ref_fourn = "'.$this->db->escape($product->ref_fourn).'", ' : '').' price ='.((float) $price).', unitprice ='.((float) $unitPrice).' WHERE rowid = '.((int) $idProductFournPrice); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/variants/class/ProductAttribute.class.php b/htdocs/variants/class/ProductAttribute.class.php index a4e9f92eb10..1e7f44bb936 100644 --- a/htdocs/variants/class/ProductAttribute.class.php +++ b/htdocs/variants/class/ProductAttribute.class.php @@ -319,7 +319,7 @@ class ProductAttribute extends CommonObject $newrang = $this->rang + 1; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_attribute SET rang = '.$this->rang.' WHERE rang = '.$newrang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_attribute SET rang = '.((int) $this->rang).' WHERE rang = '.((int) $newrang); if (!$this->db->query($sql)) { $this->db->rollback();