From a7563ff62e1fbef41f99bbb679674f0ef2cce67c Mon Sep 17 00:00:00 2001
From: Benjamin Chantalat <74144396+PyroShape@users.noreply.github.com>
Date: Sun, 10 Oct 2021 21:15:14 +0200
Subject: [PATCH] Fix : Found non quoted or not casted var into sql request

---
 htdocs/fourn/class/fournisseur.commande.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php
index a9d3cbdcac5..787d9ee321b 100644
--- a/htdocs/fourn/class/fournisseur.commande.class.php
+++ b/htdocs/fourn/class/fournisseur.commande.class.php
@@ -2287,7 +2287,7 @@ class CommandeFournisseur extends CommonOrder
 		$sql .= " dispatch.rowid as dispatchedlineid, sum(dispatch.qty) as qty_dispatched";
 		$sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as supplierOrderDet";
 		$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as dispatch ON supplierOrderDet.rowid = dispatch.fk_commandefourndet";
-		$sql .= " WHERE supplierOrderDet.fk_commande = ".$this->id;
+		$sql .= " WHERE supplierOrderDet.fk_commande = ".((int) $this->id);
 		$sql .= " GROUP BY supplierOrderDet.fk_product";
 
 		$resql = $this->db->query($sql);