mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-12-24 18:31:29 +01:00
Clean code
This commit is contained in:
Laurent Destailleur
@@ -92,7 +92,7 @@ if ($action == 'add' || GETPOST("modify")) {
|
||||
// Supprime boite box_external_rss de definition des boites
|
||||
/* $sql = "UPDATE ".MAIN_DB_PREFIX."boxes_def";
|
||||
$sql.= " SET name = '".$db->escape($boxlabel)."'";
|
||||
$sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape(GETPOST("norss"))." %'";
|
||||
$sql.= " WHERE file ='box_external_rss.php' AND note LIKE '".$db->escape(GETPOST("norss"))." %'";
|
||||
|
||||
$resql=$db->query($sql);
|
||||
if (! $resql)
|
||||
|
||||
@@ -120,7 +120,7 @@ if (!empty($search_company)) {
|
||||
$sql .= " AND s.nom LIKE '%".$db->escape($search_company)."%'";
|
||||
}
|
||||
if (!empty($contactname)) { // access a partir du module de recherche
|
||||
$sql .= " AND (p.lastname LIKE '%".$db->escape($contactname)."%' OR lower(p.firstname) LIKE '%".$db->escape($contactname)."%') ";
|
||||
$sql .= " AND (p.lastname LIKE '%".$db->escape($contactname)."%' OR p.firstname LIKE '%".$db->escape($contactname)."%') ";
|
||||
$sortfield = "p.lastname";
|
||||
$sortorder = "ASC";
|
||||
}
|
||||
|
||||
@@ -101,7 +101,7 @@ if (GETPOST("search_code_client")) {
|
||||
$sql .= natural_search("s.code_client", GETPOST("search_code_client"));
|
||||
}
|
||||
if (dol_strlen($begin)) {
|
||||
$sql .= " AND s.nom like '".$db->escape($begin)."'";
|
||||
$sql .= " AND s.nom LIKE '".$db->escape($begin)."'";
|
||||
}
|
||||
// If the internal user must only see his customers, force searching by him
|
||||
$search_sale = 0;
|
||||
|
||||
@@ -73,7 +73,7 @@ class box_fediverse extends ModeleBoxes
|
||||
$sql = '';
|
||||
if (!empty($this->paramdef)) {
|
||||
$sql = "SELECT value FROM ".MAIN_DB_PREFIX."const";
|
||||
$sql .= " WHERE name like '%SOCIAL_NETWORKS_DATA_".$this->db->escape($this->paramdef)."%'";
|
||||
$sql .= " WHERE name LIKE '%SOCIAL_NETWORKS_DATA_".$this->db->escape($this->paramdef)."%'";
|
||||
}
|
||||
$resql = $this->db->query($sql);
|
||||
$num = $this->db->num_rows($resql);
|
||||
|
||||
@@ -11722,7 +11722,7 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
|
||||
if ($newcrit != '') {
|
||||
$numnewcrit = price2num($newcrit);
|
||||
if (is_numeric($numnewcrit)) {
|
||||
$newres .= $field.' '.$operator.' '.((float) $numnewcrit); // should be a numeric
|
||||
$newres .= $db->sanitize($field).' '.$operator.' '.((float) $numnewcrit); // should be a numeric
|
||||
} else {
|
||||
$newres .= '1 = 2'; // force false, we received a corrupted data
|
||||
}
|
||||
@@ -11732,10 +11732,10 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
|
||||
$i2++; // a criteria for 1 more field was added to string
|
||||
} elseif ($mode == 2 || $mode == -2) {
|
||||
$crit = preg_replace('/[^0-9,]/', '', $crit); // ID are always integer
|
||||
$newres .= ($i2 > 0 ? ' OR ' : '').$field." ".($mode == -2 ? 'NOT ' : '');
|
||||
$newres .= ($i2 > 0 ? ' OR ' : '').$db->sanitize($field)." ".($mode == -2 ? 'NOT ' : '');
|
||||
$newres .= $crit ? "IN (".$db->sanitize($db->escape($crit)).")" : "IN (0)";
|
||||
if ($mode == -2) {
|
||||
$newres .= ' OR '.$field.' IS NULL';
|
||||
$newres .= ' OR '.$db->sanitize($field).' IS NULL';
|
||||
}
|
||||
$i2++; // a criteria for 1 more field was added to string
|
||||
} elseif ($mode == 3 || $mode == -3) {
|
||||
@@ -11749,11 +11749,11 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
|
||||
$listofcodes .= "'".$db->escape($val)."'";
|
||||
}
|
||||
}
|
||||
$newres .= ($i2 > 0 ? ' OR ' : '').$field." ".($mode == -3 ? 'NOT ' : '')."IN (".$db->sanitize($listofcodes, 1).")";
|
||||
$newres .= ($i2 > 0 ? ' OR ' : '').$db->sanitize($field)." ".($mode == -3 ? 'NOT ' : '')."IN (".$db->sanitize($listofcodes, 1).")";
|
||||
$i2++; // a criteria for 1 more field was added to string
|
||||
}
|
||||
if ($mode == -3) {
|
||||
$newres .= ' OR '.$field.' IS NULL';
|
||||
$newres .= ' OR '.$db->sanitize($field).' IS NULL';
|
||||
}
|
||||
} elseif ($mode == 4) {
|
||||
$tmparray = explode(',', $crit);
|
||||
@@ -11762,10 +11762,10 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
|
||||
foreach ($tmparray as $val) {
|
||||
$val = trim($val);
|
||||
if ($val) {
|
||||
$newres .= ($i2 > 0 ? " OR (" : "(").$field." LIKE '".$db->escape($val).",%'";
|
||||
$newres .= ' OR '.$field." = '".$db->escape($val)."'";
|
||||
$newres .= ' OR '.$field." LIKE '%,".$db->escape($val)."'";
|
||||
$newres .= ' OR '.$field." LIKE '%,".$db->escape($val).",%'";
|
||||
$newres .= ($i2 > 0 ? " OR (" : "(").$db->sanitize($field)." LIKE '".$db->escape($val).",%'";
|
||||
$newres .= ' OR '.$db->sanitize($field)." = '".$db->escape($val)."'";
|
||||
$newres .= ' OR '.$db->sanitize($field)." LIKE '%,".$db->escape($val)."'";
|
||||
$newres .= ' OR '.$db->sanitize($field)." LIKE '%,".$db->escape($val).",%'";
|
||||
$newres .= ')';
|
||||
$i2++; // a criteria for 1 more field was added to string (we can add several criteria for the same field as it is a multiselect search criteria)
|
||||
}
|
||||
@@ -11787,7 +11787,7 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
|
||||
}
|
||||
|
||||
if (preg_match('/\.(id|rowid)$/', $field)) { // Special case for rowid that is sometimes a ref so used as a search field
|
||||
$newres .= $field." = ".(is_numeric($tmpcrit) ? ((float) $tmpcrit) : '0');
|
||||
$newres .= $db->sanitize($field)." = ".(is_numeric($tmpcrit) ? ((float) $tmpcrit) : '0');
|
||||
} else {
|
||||
$tmpcrit2 = $tmpcrit;
|
||||
$tmpbefore = '%';
|
||||
@@ -11795,10 +11795,10 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
|
||||
$tmps = '';
|
||||
|
||||
if (preg_match('/^!/', $tmpcrit)) {
|
||||
$tmps .= $field." NOT LIKE "; // ! as exclude character
|
||||
$tmps .= $db->sanitize($field)." NOT LIKE "; // ! as exclude character
|
||||
$tmpcrit2 = preg_replace('/^!/', '', $tmpcrit2);
|
||||
} else {
|
||||
$tmps .= $field." LIKE ";
|
||||
$tmps .= $db->sanitize($field)." LIKE ";
|
||||
}
|
||||
$tmps .= "'";
|
||||
|
||||
|
||||
@@ -1231,9 +1231,9 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $
|
||||
// Get counter in database
|
||||
$counter = 0;
|
||||
$sql = "SELECT MAX(".$sqlstring.") as val";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX.$table;
|
||||
$sql .= " WHERE ".$field." LIKE '".$db->escape($maskLike) . (getDolGlobalString('SEARCH_FOR_NEXT_VAL_ON_START_ONLY') ? "%" : "") . "'";
|
||||
$sql .= " AND ".$field." NOT LIKE '(PROV%)'";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX.$db->sanitize($table);
|
||||
$sql .= " WHERE ".$db->sanitize($field)." LIKE '".$db->escape($maskLike) . (getDolGlobalString('SEARCH_FOR_NEXT_VAL_ON_START_ONLY') ? "%" : "") . "'";
|
||||
$sql .= " AND ".$db->sanitize($field)." NOT LIKE '(PROV%)'";
|
||||
|
||||
// To ensure that all variables within the MAX() brackets are integers
|
||||
// This avoid bad detection of max when data are noised with non numeric values at the position of the numero
|
||||
@@ -1299,10 +1299,10 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $
|
||||
}
|
||||
|
||||
$ref = '';
|
||||
$sql = "SELECT ".$field." as ref";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX.$table;
|
||||
$sql .= " WHERE ".$field." LIKE '".$db->escape($maskLike) . (getDolGlobalString('SEARCH_FOR_NEXT_VAL_ON_START_ONLY') ? "%" : "") . "'";
|
||||
$sql .= " AND ".$field." NOT LIKE '%PROV%'";
|
||||
$sql = "SELECT ".$db->sanitize($field)." as ref";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX.$db->sanitize($table);
|
||||
$sql .= " WHERE ".$db->sanitize($field)." LIKE '".$db->escape($maskLike) . (getDolGlobalString('SEARCH_FOR_NEXT_VAL_ON_START_ONLY') ? "%" : "") . "'";
|
||||
$sql .= " AND ".$db->sanitize($field)." NOT LIKE '%PROV%'";
|
||||
if ($bentityon) { // only if entity enable
|
||||
$sql .= " AND entity IN (".getEntity($sharetable).")";
|
||||
} elseif (!empty($forceentity)) {
|
||||
@@ -1364,8 +1364,7 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $
|
||||
// Get counter in database
|
||||
$maskrefclient_sql = "SELECT MAX(".$maskrefclient_sqlstring.") as val";
|
||||
$maskrefclient_sql .= " FROM ".MAIN_DB_PREFIX.$table;
|
||||
//$sql.= " WHERE ".$field." not like '(%'";
|
||||
$maskrefclient_sql .= " WHERE ".$field." LIKE '".$db->escape($maskrefclient_maskLike) . (getDolGlobalString('SEARCH_FOR_NEXT_VAL_ON_START_ONLY') ? "%" : "") . "'";
|
||||
$maskrefclient_sql .= " WHERE ".$db->sanitize($field)." LIKE '".$db->escape($maskrefclient_maskLike) . (getDolGlobalString('SEARCH_FOR_NEXT_VAL_ON_START_ONLY') ? "%" : "") . "'";
|
||||
if ($bentityon) { // only if entity enable
|
||||
$maskrefclient_sql .= " AND entity IN (".getEntity($sharetable).")";
|
||||
} elseif (!empty($forceentity)) {
|
||||
|
||||
@@ -1762,8 +1762,8 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
|
||||
$err = 0;
|
||||
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."const";
|
||||
$sql .= " WHERE ".$this->db->decrypt('name')." like '".$this->db->escape($this->const_name)."_TABS_%'";
|
||||
$sql .= " AND entity = ".$conf->entity;
|
||||
$sql .= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->db->escape($this->const_name)."_TABS_%'";
|
||||
$sql .= " AND entity = ".((int) $conf->entity);
|
||||
|
||||
dol_syslog(get_class($this)."::delete_tabs", LOG_DEBUG);
|
||||
if (!$this->db->query($sql)) {
|
||||
|
||||
@@ -112,9 +112,9 @@ class mod_codeclient_monkey extends ModeleThirdPartyCode
|
||||
|
||||
// First, we get the max value (response immediate car champ indexe)
|
||||
$posindice = strlen($prefix) + 6;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(".$field." FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(".$db->sanitize($field)." FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe";
|
||||
$sql .= " WHERE ".$field." LIKE '".$db->escape($prefix)."____-%'";
|
||||
$sql .= " WHERE ".$db->sanitize($field)." LIKE '".$db->escape($prefix)."____-%'";
|
||||
$sql .= " AND entity IN (".getEntity('societe').")";
|
||||
|
||||
dol_syslog(get_class($this)."::getNextValue", LOG_DEBUG);
|
||||
|
||||
@@ -312,7 +312,7 @@ if (GETPOSTISSET('search_processing')) {
|
||||
// Manage filter
|
||||
if (is_array($filter) && count($filter) > 0) {
|
||||
foreach ($filter as $key => $value) {
|
||||
$sql .= " AND ".$key." LIKE '%".$db->escape($value)."%'";
|
||||
$sql .= " AND ".$db->sanitize($key)." LIKE '%".$db->escape($value)."%'";
|
||||
}
|
||||
}
|
||||
if (!empty($search_module_name)) {
|
||||
|
||||
@@ -2242,7 +2242,7 @@ class EmailCollector extends CommonObject
|
||||
// This is an external reference, we check if we have it in our database
|
||||
if (is_null($objectemail) && isModEnabled('ticket')) {
|
||||
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."ticket";
|
||||
$sql .= " WHERE email_msgid = '".$this->db->escape($reg[1])."' OR origin_references like '%".$this->db->escape($this->db->escapeforlike($reg[1]))."%'";
|
||||
$sql .= " WHERE email_msgid = '".$this->db->escape($reg[1])."' OR origin_references LIKE '%".$this->db->escape($this->db->escapeforlike($reg[1]))."%'";
|
||||
$resql = $this->db->query($sql);
|
||||
if ($resql) {
|
||||
$obj = $this->db->fetch_object($resql);
|
||||
|
||||
@@ -336,15 +336,15 @@ class ConferenceOrBooth extends ActionComm
|
||||
if (count($filter) > 0) {
|
||||
foreach ($filter as $key => $value) {
|
||||
if ($key == 't.id' || $key == 't.fk_project' || $key == 't.fk_soc' || $key == 't.fk_action') {
|
||||
$sqlwhere[] = $key." = ".((int) $value);
|
||||
$sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value);
|
||||
} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
|
||||
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
|
||||
$sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'";
|
||||
} elseif ($key == 'customsql') {
|
||||
$sqlwhere[] = $value;
|
||||
$sqlwhere[] = $value; // deprecated
|
||||
} elseif (strpos($value, '%') === false) {
|
||||
$sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')';
|
||||
$sqlwhere[] = $this->db->sanitize($key).' IN ('.$this->db->sanitize($this->db->escape($value)).')';
|
||||
} else {
|
||||
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
|
||||
$sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($value)."%'";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -406,9 +406,9 @@ class Export
|
||||
switch ($InfoFieldList[0]) {
|
||||
case 'Text':
|
||||
if (!(strpos($ValueField, '%') === false)) {
|
||||
$szFilterQuery = " ".$NameField." LIKE '".$this->db->escape($ValueField)."'";
|
||||
$szFilterQuery = " ".$this->db->sanitize($NameField)." LIKE '".$this->db->escape($ValueField)."'";
|
||||
} else {
|
||||
$szFilterQuery = " ".$NameField." = '".$this->db->escape($ValueField)."'";
|
||||
$szFilterQuery = " ".$this->db->sanitize($NameField)." = '".$this->db->escape($ValueField)."'";
|
||||
}
|
||||
break;
|
||||
case 'Date':
|
||||
|
||||
@@ -89,25 +89,24 @@ if (!$user->hasRight("societe", "client", "voir") && !$socid) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
|
||||
}
|
||||
|
||||
/*
|
||||
if (dol_strlen($stcomm)) {
|
||||
$sql .= " AND s.fk_stcomm=$stcomm";
|
||||
$sql .= " AND s.fk_stcomm = ".((int) $stcomm);
|
||||
}
|
||||
|
||||
if (dol_strlen($begin)) {
|
||||
$sql .= " AND p.lastname LIKE '$begin%'";
|
||||
$sql .= " AND p.lastname LIKE '".$db->escape($begin)."%'";
|
||||
}
|
||||
|
||||
if ($contactname) {
|
||||
$sql .= " AND p.lastname LIKE '%".strtolower($contactname)."%'";
|
||||
$sql .= " AND p.lastname LIKE '%".$db->escape($contactname)."%'";
|
||||
$sortfield = "p.lastname";
|
||||
$sortorder = "ASC";
|
||||
}
|
||||
|
||||
*/
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
|
||||
$sql .= " ORDER BY $sortfield $sortorder ";
|
||||
$sql .= " ORDER BY $sortfield $sortorder";
|
||||
$sql .= $db->plimit($limit, $offset);
|
||||
|
||||
$result = $db->query($sql);
|
||||
|
||||
@@ -1148,7 +1148,7 @@ if ($ok && GETPOST('force_disable_of_modules_not_found', 'alpha')) {
|
||||
foreach ($arraylistofkey as $key) {
|
||||
$sql = "SELECT DISTINCT name, value";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."const as c";
|
||||
$sql .= " WHERE name LIKE 'MAIN_MODULE_%_".strtoupper($key)."'";
|
||||
$sql .= " WHERE name LIKE 'MAIN_MODULE_%_".strtoupper($db->escape($key))."'";
|
||||
$sql .= " ORDER BY name";
|
||||
|
||||
$resql = $db->query($sql);
|
||||
|
||||
@@ -299,11 +299,11 @@ class MoLine extends CommonObjectLine
|
||||
if (count($filter) > 0) {
|
||||
foreach ($filter as $key => $value) {
|
||||
if ($key == 't.rowid') {
|
||||
$sqlwhere[] = $key." = ".((int) $value);
|
||||
$sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value);
|
||||
} elseif (strpos($key, 'date') !== false) {
|
||||
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
|
||||
$sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'";
|
||||
} else {
|
||||
$sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
|
||||
$sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -605,11 +605,11 @@ class ProductCustomerPrice extends CommonObject
|
||||
if (count($filter) > 0) {
|
||||
foreach ($filter as $key => $value) {
|
||||
if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year
|
||||
$sql .= " AND ".$key." = '".$this->db->escape($value)."'";
|
||||
$sql .= " AND ".$this->db->sanitize($key)." = '".$this->db->escape($value)."'";
|
||||
} elseif ($key == 'soc.nom') {
|
||||
$sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'";
|
||||
$sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($value)."%'";
|
||||
} else {
|
||||
$sql .= " AND ".$key." = ".((int) $value);
|
||||
$sql .= " AND ".$this->db->sanitize($key)." = ".((int) $value);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -440,13 +440,13 @@ class ProductFournisseurPrice extends CommonObject
|
||||
if (count($filter) > 0) {
|
||||
foreach ($filter as $key => $value) {
|
||||
if ($key == 't.rowid') {
|
||||
$sqlwhere[] = $key." = ".((int) $value);
|
||||
$sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value);
|
||||
} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
|
||||
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
|
||||
$sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'";
|
||||
} elseif (strpos($value, '%') === false) {
|
||||
$sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')';
|
||||
$sqlwhere[] = $this->db->sanitize($key).' IN ('.$this->db->sanitize($this->db->escape($value)).')';
|
||||
} else {
|
||||
$sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
|
||||
$sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -416,7 +416,7 @@ if (!empty($sql_select)) {
|
||||
$sql .= $where;
|
||||
$sql .= dolSqlDateFilter($dateprint, 0, $month, $year);
|
||||
if ($sref) {
|
||||
$sql .= " AND ".$doc_number." LIKE '%".$db->escape($sref)."%'";
|
||||
$sql .= " AND ".$db->sanitize($doc_number)." LIKE '%".$db->escape($sref)."%'";
|
||||
}
|
||||
if ($sprod_fulldescr) {
|
||||
// We test both case description is correctly saved of was save after dol_escape_htmltag().
|
||||
|
||||
@@ -2104,7 +2104,7 @@ class Ticket extends CommonObject
|
||||
}
|
||||
if (is_array($filters) && !empty($filters)) {
|
||||
foreach ($filters as $field => $value) {
|
||||
$sql .= " ".$clause." ".$field." LIKE '".$this->db->escape($value)."'";
|
||||
$sql .= " ".$clause." ".$this->db->sanitize($field)." LIKE '".$this->db->escape($value)."'";
|
||||
}
|
||||
if (!empty($email)) {
|
||||
$sql .= ")";
|
||||
|
||||
@@ -416,7 +416,7 @@ class Website extends CommonObject
|
||||
$sqlwhere = array();
|
||||
if (count($filter) > 0) {
|
||||
foreach ($filter as $key => $value) {
|
||||
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
|
||||
$sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($value)."%'";
|
||||
}
|
||||
}
|
||||
if (count($sqlwhere) > 0) {
|
||||
|
||||
Reference in New Issue
Block a user