Fix : Found non quoted or not casted var into sql request

2026-01-07 09:32:47 +01:00 · 2021-10-10 21:15:14 +02:00
parent 73bd05606c
commit a7563ff62e
1 changed files with 1 additions and 1 deletions
--- a/htdocs/fourn/class/fournisseur.commande.class.php
+++ b/htdocs/fourn/class/fournisseur.commande.class.php
@@ -2287,7 +2287,7 @@ class CommandeFournisseur extends CommonOrder
 		$sql .= " dispatch.rowid as dispatchedlineid, sum(dispatch.qty) as qty_dispatched";
 		$sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as supplierOrderDet";
 		$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as dispatch ON supplierOrderDet.rowid = dispatch.fk_commandefourndet";
-		$sql .= " WHERE supplierOrderDet.fk_commande = ".$this->id;
+		$sql .= " WHERE supplierOrderDet.fk_commande = ".((int) $this->id);
 		$sql .= " GROUP BY supplierOrderDet.fk_product";

 		$resql = $this->db->query($sql);