Fix: Duplicate escaping when using encrypt

htdocs/lib/databases/mssql.lib.php

@@ -690,10 +690,11 @@ class DoliDb
 	}
 
 	/**
-	 *	\brief          Encrypt sensitive data in database
-	 *	\param	        fieldorvalue	Field name or value to encrypt
-	 * 	\param			withQuotes		Return string with quotes
-	 * 	\return	        return			XXX(field) or XXX('value') or field or 'value'
+     *  Encrypt sensitive data in database
+     *  Warning: This function includes the escape, so it must use direct value
+     *  @param          fieldorvalue    Field name or value to encrypt
+     *  @param          withQuotes      Return string with quotes
+     *  @return         return          XXX(field) or XXX('value') or field or 'value'
 	 */
 	function encrypt($fieldorvalue, $withQuotes=0)
 	{
@@ -706,7 +707,7 @@ class DoliDb
 		$cryptKey = (!empty($conf->db->dolibarr_main_db_cryptkey)?$conf->db->dolibarr_main_db_cryptkey:'');
 
 		$return = $fieldorvalue;
-		return ($withQuotes?"'":"").$return.($withQuotes?"'":"");
+		return ($withQuotes?"'":"").$this->escape($return).($withQuotes?"'":"");
 	}
 
 	/**