diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php
index 0c9b4113c2a..2c715aa9fd6 100644
--- a/htdocs/accountancy/class/bookkeeping.class.php
+++ b/htdocs/accountancy/class/bookkeeping.class.php
@@ -297,7 +297,7 @@ class BookKeeping extends CommonObject
$sql .= " AND fk_doc = ".((int) $this->fk_doc);
if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) {
// DO NOT USE THIS IN PRODUCTION. This will generate a lot of trouble into reports and will corrupt database (by generating duplicate entries.
- $sql .= " AND fk_docdet = ".$this->fk_docdet; // This field can be 0 if record is for several lines
+ $sql .= " AND fk_docdet = ".((int) $this->fk_docdet); // This field can be 0 if record is for several lines
}
$sql .= " AND numero_compte = '".$this->db->escape($this->numero_compte)."'";
$sql .= " AND label_operation = '".$this->db->escape($this->label_operation)."'";
diff --git a/htdocs/adherents/class/adherentstats.class.php b/htdocs/adherents/class/adherentstats.class.php
index 489ed20d6c2..e777108c491 100644
--- a/htdocs/adherents/class/adherentstats.class.php
+++ b/htdocs/adherents/class/adherentstats.class.php
@@ -70,7 +70,7 @@ class AdherentStats extends Stats
$this->where .= " m.statut != -1";
$this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")";
- //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
+ //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
if ($this->memberid) {
$this->where .= " AND m.rowid = ".((int) $this->memberid);
}
diff --git a/htdocs/admin/dolistore/class/dolistore.class.php b/htdocs/admin/dolistore/class/dolistore.class.php
index 9e5a1e8bce1..bfcb751f9a9 100644
--- a/htdocs/admin/dolistore/class/dolistore.class.php
+++ b/htdocs/admin/dolistore/class/dolistore.class.php
@@ -84,7 +84,7 @@ class Dolistore
try {
$this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api);
- dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV);
+ dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV'));
// $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data.
// Here we set the option array for the Webservice : we want categories resources
@@ -134,7 +134,7 @@ class Dolistore
try {
$this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api);
- dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV);
+ dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV'));
// $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data.
// Here we set the option array for the Webservice : we want products resources
diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php
index db3c45a0776..1ea8564808e 100644
--- a/htdocs/admin/mails_templates.php
+++ b/htdocs/admin/mails_templates.php
@@ -564,8 +564,8 @@ $sql = "SELECT rowid as rowid, module, label, type_template, lang, fk_user, priv
$sql .= " FROM ".MAIN_DB_PREFIX."c_email_templates";
$sql .= " WHERE entity IN (".getEntity('email_template').")";
if (!$user->admin) {
- $sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".$user->id."))"; // Show only public and private to me
- $sql .= " AND (active = 1 OR fk_user = ".$user->id.")"; // Show only active or owned by me
+ $sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".((int) $user->id)."))"; // Show only public and private to me
+ $sql .= " AND (active = 1 OR fk_user = ".((int) $user->id).")"; // Show only active or owned by me
}
if (empty($conf->global->MAIN_MULTILANGS)) {
$sql .= " AND (lang = '".$db->escape($langs->defaultlang)."' OR lang IS NULL OR lang = '')";
diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php
index bb70b520fa1..5a506558187 100644
--- a/htdocs/categories/class/categorie.class.php
+++ b/htdocs/categories/class/categorie.class.php
@@ -547,7 +547,7 @@ class Categorie extends CommonObject
$sql .= ", visible = ".(int) $this->visible;
$sql .= ", fk_parent = ".(int) $this->fk_parent;
$sql .= ", fk_user_modif = ".(int) $user->id;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
if ($this->db->query($sql)) {
@@ -693,7 +693,7 @@ class Categorie extends CommonObject
if ($this->db->query($sql)) {
if (!empty($conf->global->CATEGORIE_RECURSIV_ADD)) {
$sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'categorie';
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::add_type", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -781,7 +781,7 @@ class Categorie extends CommonObject
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]);
- $sql .= " WHERE fk_categorie = ".$this->id;
+ $sql .= " WHERE fk_categorie = ".((int) $this->id);
$sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $obj->id);
dol_syslog(get_class($this).'::del_type', LOG_DEBUG);
@@ -833,11 +833,11 @@ class Categorie extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type])." as c";
$sql .= ", ".MAIN_DB_PREFIX.(empty($this->MAP_OBJ_TABLE[$type]) ? $type : $this->MAP_OBJ_TABLE[$type])." as o";
$sql .= " WHERE o.entity IN (".getEntity($obj->element).")";
- $sql .= " AND c.fk_categorie = ".$this->id;
+ $sql .= " AND c.fk_categorie = ".((int) $this->id);
$sql .= " AND c.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = o.rowid";
// Protection for external users
if (($type == 'customer' || $type == 'supplier') && $user->socid > 0) {
- $sql .= " AND o.rowid = ".$user->socid;
+ $sql .= " AND o.rowid = ".((int) $user->socid);
}
if ($limit > 0 || $offset > 0) {
$sql .= $this->db->plimit($limit + 1, $offset);
@@ -877,7 +877,7 @@ class Categorie extends CommonObject
public function containsObject($type, $object_id)
{
$sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]);
- $sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id);
+ $sql .= " WHERE fk_categorie = ".((int) $this->id)." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id);
dol_syslog(get_class($this)."::containsObject", LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {
@@ -1508,7 +1508,7 @@ class Categorie extends CommonObject
$sql .= " WHERE ct.fk_categorie = c.rowid AND ct.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".(int) $id;
// This seems useless because the table already contains id of category of 1 unique type. So commented.
// So now it works also with external added categories.
- //$sql .= " AND c.type = ".$this->MAP_ID[$type];
+ //$sql .= " AND c.type = ".((int) $this->MAP_ID[$type]);
$sql .= " AND c.entity IN (".getEntity('category').")";
$res = $this->db->query($sql);
@@ -1803,7 +1803,7 @@ class Categorie extends CommonObject
foreach ($langs_available as $key => $value) {
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang";
- $sql .= " WHERE fk_category=".$this->id;
+ $sql .= " WHERE fk_category=".((int) $this->id);
$sql .= " AND lang = '".$this->db->escape($key)."'";
$result = $this->db->query($sql);
@@ -1813,10 +1813,10 @@ class Categorie extends CommonObject
$sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang";
$sql2 .= " SET label='".$this->db->escape($this->label)."',";
$sql2 .= " description='".$this->db->escape($this->description)."'";
- $sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'";
+ $sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'";
} else {
$sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)";
- $sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->label);
+ $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->label);
$sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')";
}
dol_syslog(get_class($this).'::setMultiLangs', LOG_DEBUG);
@@ -1829,10 +1829,10 @@ class Categorie extends CommonObject
$sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang";
$sql2 .= " SET label='".$this->db->escape($this->multilangs["$key"]["label"])."',";
$sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'";
- $sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'";
+ $sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'";
} else {
$sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)";
- $sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->multilangs["$key"]["label"]);
+ $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->multilangs["$key"]["label"]);
$sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')";
}
@@ -1871,7 +1871,7 @@ class Categorie extends CommonObject
$sql = "SELECT lang, label, description";
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang";
- $sql .= " WHERE fk_category=".$this->id;
+ $sql .= " WHERE fk_category=".((int) $this->id);
$result = $this->db->query($sql);
if ($result) {
diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php
index bbf86d87c59..ce8f3f89d92 100644
--- a/htdocs/comm/action/class/actioncomm.class.php
+++ b/htdocs/comm/action/class/actioncomm.class.php
@@ -875,7 +875,7 @@ class ActionComm extends CommonObject
$sql = 'SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency';
$sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm_resources';
- $sql .= ' WHERE fk_actioncomm = '.$this->id;
+ $sql .= ' WHERE fk_actioncomm = '.((int) $this->id);
$sql .= " AND element_type IN ('user', 'socpeople')";
$resql = $this->db->query($sql);
if ($resql) {
@@ -919,7 +919,7 @@ class ActionComm extends CommonObject
// phpcs:enable
$sql = "SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency";
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_resources";
- $sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".$this->id;
+ $sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".((int) $this->id);
$resql2 = $this->db->query($sql);
if ($resql2) {
@@ -996,7 +996,7 @@ class ActionComm extends CommonObject
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_reminder";
- $sql .= " WHERE fk_actioncomm = ".$this->id;
+ $sql .= " WHERE fk_actioncomm = ".((int) $this->id);
$res = $this->db->query($sql);
if (!$res) {
@@ -1159,7 +1159,7 @@ class ActionComm extends CommonObject
// Now insert assignedusers
if (!$error) {
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'user'";
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'user'";
$resql = $this->db->query($sql);
$already_inserted = array();
@@ -1184,7 +1184,7 @@ class ActionComm extends CommonObject
}
if (!$error) {
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'socpeople'";
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'socpeople'";
$resql = $this->db->query($sql);
if (!empty($this->socpeopleassigned)) {
@@ -1320,7 +1320,7 @@ class ActionComm extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
}
if (!$user->rights->agenda->allactions->read) {
- $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".$user->id;
+ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".((int) $user->id);
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
$sql .= " WHERE 1 = 1";
@@ -1329,14 +1329,14 @@ class ActionComm extends CommonObject
}
$sql .= " AND a.entity IN (".getEntity('agenda').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
+ $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($user->socid) {
- $sql .= " AND a.fk_soc = ".$user->socid;
+ $sql .= " AND a.fk_soc = ".((int) $user->socid);
}
if (!$user->rights->agenda->allactions->read) {
- $sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id;
- $sql .= " OR ar.fk_element = ".$user->id; // Added by PV
+ $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id);
+ $sql .= " OR ar.fk_element = ".((int) $user->id);
$sql .= ")";
}
@@ -2226,7 +2226,7 @@ class ActionComm extends CommonObject
//Select all action comm reminders for event
$sql = "SELECT rowid as id, typeremind, dateremind, status, offsetvalue, offsetunit, fk_user";
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_reminder";
- $sql .= " WHERE fk_actioncomm = ".$this->id;
+ $sql .= " WHERE fk_actioncomm = ".((int) $this->id);
if ($onlypast) {
$sql .= " AND dateremind <= '".$this->db->idate(dol_now())."'";
}
diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php
index cba52bf2384..c682131e442 100644
--- a/htdocs/comm/action/index.php
+++ b/htdocs/comm/action/index.php
@@ -692,7 +692,7 @@ if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
+ $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.$socid;
diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php
index 9aebf9d3ed9..d467c10fd58 100644
--- a/htdocs/comm/action/list.php
+++ b/htdocs/comm/action/list.php
@@ -447,7 +447,7 @@ if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
+ $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= " AND s.rowid = ".((int) $socid);
diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php
index b39d6c3141d..b1fecbf6475 100644
--- a/htdocs/comm/action/pertype.php
+++ b/htdocs/comm/action/pertype.php
@@ -558,7 +558,7 @@ if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
+ $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.((int) $socid);
diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php
index 10d9871c4c9..413de33db1f 100644
--- a/htdocs/comm/action/peruser.php
+++ b/htdocs/comm/action/peruser.php
@@ -579,7 +579,7 @@ if ($pid) {
$sql .= " AND a.fk_project = ".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
+ $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.((int) $socid);
diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php
index fefee1c07dd..015e06df36a 100644
--- a/htdocs/comm/card.php
+++ b/htdocs/comm/card.php
@@ -826,7 +826,7 @@ if ($object->id > 0) {
$sql .= ", p.datep as dp, p.fin_validite as date_limit";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."c_propalst as c";
$sql .= " WHERE p.fk_soc = s.rowid AND p.fk_statut = c.id";
- $sql .= " AND s.rowid = ".$object->id;
+ $sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND p.entity IN (".getEntity('propal').")";
$sql .= " ORDER BY p.datep DESC";
@@ -891,7 +891,7 @@ if ($object->id > 0) {
$sql .= ", c.facture as billed";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c";
$sql .= " WHERE c.fk_soc = s.rowid ";
- $sql .= " AND s.rowid = ".$object->id;
+ $sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND c.entity IN (".getEntity('commande').')';
$sql .= " ORDER BY c.date_commande DESC";
@@ -907,7 +907,7 @@ if ($object->id > 0) {
$sql2 .= ' FROM '.MAIN_DB_PREFIX.'societe as s';
$sql2 .= ', '.MAIN_DB_PREFIX.'commande as c';
$sql2 .= ' WHERE c.fk_soc = s.rowid';
- $sql2 .= ' AND s.rowid = '.$object->id;
+ $sql2 .= ' AND s.rowid = '.((int) $object->id);
// Show orders with status validated, shipping started and delivered (well any order we can bill)
$sql2 .= " AND ((c.fk_statut IN (1,2)) OR (c.fk_statut = 3 AND c.facture = 0))";
@@ -967,7 +967,7 @@ if ($object->id > 0) {
$sql .= ', s.nom';
$sql .= ', s.rowid as socid';
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."expedition as e";
- $sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".$object->id;
+ $sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".((int) $object->id);
$sql .= " AND e.entity IN (".getEntity('expedition').")";
$sql .= ' GROUP BY e.rowid';
$sql .= ', e.ref';
@@ -1032,7 +1032,7 @@ if ($object->id > 0) {
$sql = "SELECT s.nom, s.rowid, c.rowid as id, c.ref as ref, c.statut as contract_status, c.datec as dc, c.date_contrat as dcon, c.ref_customer as refcus, c.ref_supplier as refsup";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c";
$sql .= " WHERE c.fk_soc = s.rowid ";
- $sql .= " AND s.rowid = ".$object->id;
+ $sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND c.entity IN (".getEntity('contract').")";
$sql .= " ORDER BY c.datec DESC";
@@ -1106,7 +1106,7 @@ if ($object->id > 0) {
$sql = "SELECT s.nom, s.rowid, f.rowid as id, f.ref, f.fk_statut, f.duree as duration, f.datei as startdate";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as f";
$sql .= " WHERE f.fk_soc = s.rowid";
- $sql .= " AND s.rowid = ".$object->id;
+ $sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('intervention').")";
$sql .= " ORDER BY f.tms DESC";
@@ -1171,7 +1171,7 @@ if ($object->id > 0) {
$sql .= ', f.suspended as suspended';
$sql .= ', s.nom, s.rowid as socid';
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_rec as f";
- $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id;
+ $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= ' GROUP BY f.rowid, f.titre, f.total_ht, f.total_tva, f.total_ttc,';
$sql .= ' f.date_last_gen, f.datec, f.frequency, f.unit_frequency,';
@@ -1263,7 +1263,7 @@ if ($object->id > 0) {
$sql .= ', SUM(pf.amount) as am';
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f";
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiement_facture as pf ON f.rowid=pf.fk_facture';
- $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id;
+ $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= ' GROUP BY f.rowid, f.ref, f.type, f.total_ht, f.total_tva, f.total_ttc,';
$sql .= ' f.datef, f.datec, f.paye, f.fk_statut,';
diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php
index 1d74cba61cd..52f6e675c5f 100644
--- a/htdocs/comm/contact.php
+++ b/htdocs/comm/contact.php
@@ -90,7 +90,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc";
$sql .= " WHERE s.fk_stcomm = st.id";
$sql .= " AND p.entity IN (".getEntity('socpeople').")";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($type == "c") {
$sql .= " AND s.client IN (1, 3)";
diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php
index 48e08ce3c0d..42aab7a9cf8 100644
--- a/htdocs/comm/index.php
+++ b/htdocs/comm/index.php
@@ -130,7 +130,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = ".Propal::STATUS_DRAFT;
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@@ -227,7 +227,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
$sql .= " AND p.fk_statut = ".SupplierProposal::STATUS_DRAFT;
$sql .= " AND p.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@@ -323,7 +323,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
$sql .= " AND c.fk_statut = ".Commande::STATUS_DRAFT;
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
@@ -420,10 +420,10 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$sql .= " AND cf.fk_statut = ".CommandeFournisseur::STATUS_DRAFT;
$sql .= " AND cf.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
- $sql .= " AND cf.fk_soc = ".$socid;
+ $sql .= " AND cf.fk_soc = ".((int) $socid);
}
$resql = $db->query($sql);
@@ -561,7 +561,7 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) {
$sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")";
$sql .= " AND s.client IN (".Societe::CUSTOMER.", ".Societe::PROSPECT.", ".Societe::CUSTOMER_AND_PROSPECT.")";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = $socid";
@@ -657,7 +657,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S
$sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")";
$sql .= " AND s.fournisseur = ".Societe::SUPPLIER;
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@@ -763,7 +763,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.fk_product = p.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@@ -838,7 +838,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED;
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@@ -954,7 +954,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_SHIPMENTONPROCESS.")";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php
index 3f2cfc2974c..08ab8b6c8d7 100644
--- a/htdocs/comm/mailing/cibles.php
+++ b/htdocs/comm/mailing/cibles.php
@@ -60,7 +60,7 @@ $search_lastname = GETPOST("search_lastname", 'alphanohtml');
$search_firstname = GETPOST("search_firstname", 'alphanohtml');
$search_email = GETPOST("search_email", 'alphanohtml');
$search_other = GETPOST("search_other", 'alphanohtml');
-$search_dest_status = GETPOST('search_dest_status', 'alphanohtml');
+$search_dest_status = GETPOST('search_dest_status', 'int');
// Search modules dirs
$modulesdir = dolGetModulesDirs('/mailings');
@@ -473,7 +473,7 @@ if ($object->fetch($id) >= 0) {
$asearchcriteriahasbeenset++;
}
if ($search_dest_status != '' && $search_dest_status >= -1) {
- $sql .= " AND mc.statut=".$db->escape($search_dest_status)." ";
+ $sql .= " AND mc.statut = ".((int) $search_dest_status);
$asearchcriteriahasbeenset++;
}
$sql .= $db->order($sortfield, $sortorder);
@@ -539,6 +539,8 @@ if ($object->fetch($id) >= 0) {
}
$morehtmlcenter .= ' id.'">'.$langs->trans("Download").'';
+ $massactionbutton = '';
+
print_barre_liste($langs->trans("MailSelectedRecipients"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $morehtmlcenter, $num, $nbtotalofrecords, 'generic', 0, '', '', $limit);
print '';
diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php
index 3bc30d7d729..6e3f60a7cf5 100644
--- a/htdocs/comm/propal/class/propal.class.php
+++ b/htdocs/comm/propal/class/propal.class.php
@@ -1879,8 +1879,8 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET ref = '".$this->db->escape($num)."',";
- $sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".$user->id;
- $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
+ $sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".((int) $user->id);
+ $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(get_class($this)."::valid", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -1906,7 +1906,7 @@ class Propal extends CommonObject
if (preg_match('/^[\(]?PROV/i', $this->ref)) {
// Now we rename also files into index
$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'propale/".$this->db->escape($this->newref)."'";
- $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".$conf->entity;
+ $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@@ -1974,7 +1974,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET datep = '".$this->db->idate($date)."'";
- $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
+ $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -2030,7 +2030,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET fin_validite = ".($date_fin_validite != '' ? "'".$this->db->idate($date_fin_validite)."'" : 'null');
- $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
+ $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -2101,7 +2101,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
$sql .= " SET date_livraison = ".($delivery_date != '' ? "'".$this->db->idate($delivery_date)."'" : 'null');
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -2156,9 +2156,9 @@ class Propal extends CommonObject
$this->db->begin();
- $sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
- $sql .= " SET fk_availability = '".$id."'";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql = "UPDATE ".MAIN_DB_PREFIX."propal";
+ $sql .= " SET fk_availability = ".((int) $id);
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__.' availability('.$id.')', LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -2221,7 +2221,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
$sql .= " SET fk_input_reason = ".((int) $id);
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -2346,7 +2346,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".((float) $remise);
- $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
+ $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -2409,7 +2409,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET remise_absolue = ".((float) $remise);
- $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
+ $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -2530,7 +2530,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."', date_signature='".$this->db->idate($now)."', fk_user_signature=".$user->id;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@@ -2707,7 +2707,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_statut = ".self::STATUS_DRAFT;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
@@ -2780,7 +2780,7 @@ class Propal extends CommonObject
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = c.id";
if (!$user->rights->societe->client->voir && !$socid) { //restriction
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@@ -2789,7 +2789,7 @@ class Propal extends CommonObject
$sql .= " AND p.fk_statut = ".self::STATUS_DRAFT;
}
if ($notcurrentuser > 0) {
- $sql .= " AND p.fk_user_author <> ".$user->id;
+ $sql .= " AND p.fk_user_author <> ".((int) $user->id);
}
$sql .= $this->db->order($sortfield, $sortorder);
$sql .= $this->db->plimit($limit, $offset);
@@ -2934,7 +2934,7 @@ class Propal extends CommonObject
if (!$error && !empty($this->table_element_line)) {
$tabletodelete = $this->table_element_line;
$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")";
- $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id);
if (!$this->db->query($sqlef) || !$this->db->query($sql)) {
$error++;
$this->error = $this->db->lasterror();
@@ -2970,7 +2970,7 @@ class Propal extends CommonObject
// Delete main record
if (!$error) {
- $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id);
$res = $this->db->query($sql);
if (!$res) {
$error++;
@@ -3285,7 +3285,7 @@ class Propal extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."propal as p";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc";
- $sql .= " WHERE sc.fk_user = ".$user->id;
+ $sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." p.entity IN (".getEntity('propal').")";
@@ -3296,7 +3296,7 @@ class Propal extends CommonObject
$sql .= " AND p.fk_statut = ".self::STATUS_SIGNED;
}
if ($user->socid) {
- $sql .= " AND p.fk_soc = ".$user->socid;
+ $sql .= " AND p.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@@ -3462,7 +3462,7 @@ class Propal extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
- $sql .= " WHERE sc.fk_user = ".$user->id;
+ $sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." p.entity IN (".getEntity('propal').")";
@@ -4156,7 +4156,7 @@ class PropaleLigne extends CommonObjectLine
$error = 0;
$this->db->begin();
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".$this->rowid;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".((int) $this->rowid);
dol_syslog("PropaleLigne::delete", LOG_DEBUG);
if ($this->db->query($sql)) {
// Remove extrafields
diff --git a/htdocs/comm/propal/class/propalestats.class.php b/htdocs/comm/propal/class/propalestats.class.php
index a06945a09a6..181e5b545f8 100644
--- a/htdocs/comm/propal/class/propalestats.class.php
+++ b/htdocs/comm/propal/class/propalestats.class.php
@@ -94,10 +94,10 @@ class PropaleStats extends Stats
//$this->where.= " AND p.fk_soc = s.rowid AND p.entity = ".$conf->entity;
$this->where .= ($this->where ? ' AND ' : '')."p.entity IN (".getEntity('propal').")";
if (!$user->rights->societe->client->voir && !$this->socid) {
- $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($this->socid) {
- $this->where .= " AND p.fk_soc = ".$this->socid;
+ $this->where .= " AND p.fk_soc = ".((int) $this->socid);
}
if ($this->userid > 0) {
$this->where .= ' AND fk_user_author = '.((int) $this->userid);
diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php
index 7ff3e405499..e080e36b49c 100644
--- a/htdocs/comm/propal/index.php
+++ b/htdocs/comm/propal/index.php
@@ -85,7 +85,7 @@ if (!empty($conf->propal->enabled)) {
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut =".Propal::STATUS_DRAFT;
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND p.fk_soc = ".((int) $socid);
@@ -163,7 +163,7 @@ if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.tms DESC";
$sql .= $db->plimit($max, 0);
@@ -236,7 +236,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) {
$sql .= " AND p.entity IN (".getEntity($propalstatic->element).")";
$sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED;
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@@ -319,7 +319,7 @@ if (! empty($conf->propal->enabled))
$sql.= " AND c.entity = ".$conf->entity;
$sql.= " AND c.fk_statut = 1";
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
- if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+ if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
$sql.= " ORDER BY c.rowid DESC";
$resql=$db->query($sql);
@@ -394,7 +394,7 @@ if (! empty($conf->propal->enabled))
$sql.= " AND c.entity = ".$conf->entity;
$sql.= " AND c.fk_statut = 2 ";
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
- if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+ if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
$sql.= " ORDER BY c.rowid DESC";
$resql=$db->query($sql);
diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php
index a21b4650f5b..23a16e2cfe7 100644
--- a/htdocs/comm/propal/list.php
+++ b/htdocs/comm/propal/list.php
@@ -526,7 +526,7 @@ $sql .= $hookmanager->resPrint;
$sql .= ' WHERE p.fk_soc = s.rowid';
$sql .= ' AND p.entity IN ('.getEntity('propal').')';
if (!$user->rights->societe->client->voir && !$socid) { //restriction
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_town) {
diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php
index 65b446727e5..050b7251898 100644
--- a/htdocs/commande/class/commande.class.php
+++ b/htdocs/commande/class/commande.class.php
@@ -493,8 +493,8 @@ class Commande extends CommonOrder
$sql .= " SET ref = '".$this->db->escape($num)."',";
$sql .= " fk_statut = ".self::STATUS_VALIDATED.",";
$sql .= " date_valid='".$this->db->idate($now)."',";
- $sql .= " fk_user_valid = ".$user->id;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " fk_user_valid = ".((int) $user->id);
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::valid", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -624,7 +624,7 @@ class Commande extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande";
$sql .= " SET fk_statut = ".self::STATUS_DRAFT;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
if ($this->db->query($sql)) {
if (!$error) {
@@ -807,7 +807,7 @@ class Commande extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande";
$sql .= " SET fk_statut = ".self::STATUS_CANCELED;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND fk_statut = ".self::STATUS_VALIDATED;
dol_syslog(get_class($this)."::cancel", LOG_DEBUG);
@@ -2543,7 +2543,7 @@ class Commande extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande";
$sql .= " SET date_commande = ".($date ? "'".$this->db->idate($date)."'" : 'null');
- $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".((int) self::STATUS_DRAFT);
+ $sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".((int) self::STATUS_DRAFT);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -2615,7 +2615,7 @@ class Commande extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande";
$sql .= " SET date_livraison = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null');
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -2688,7 +2688,7 @@ class Commande extends CommonOrder
$sql .= " WHERE c.entity IN (".getEntity('commande').")";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) { //restriction
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@@ -2697,7 +2697,7 @@ class Commande extends CommonOrder
$sql .= " AND c.fk_statut = ".self::STATUS_DRAFT;
}
if (is_object($excluser)) {
- $sql .= " AND c.fk_user_author <> ".$excluser->id;
+ $sql .= " AND c.fk_user_author <> ".((int) $excluser->id);
}
$sql .= $this->db->order($sortfield, $sortorder);
$sql .= $this->db->plimit($limit, $offset);
@@ -3395,8 +3395,8 @@ class Commande extends CommonOrder
// Delete extrafields of lines and lines
if (!$error && !empty($this->table_element_line)) {
$tabletodelete = $this->table_element_line;
- $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")";
- $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id;
+ $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")";
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id);
if (!$this->db->query($sqlef) || !$this->db->query($sql)) {
$error++;
$this->error = $this->db->lasterror();
@@ -3432,7 +3432,7 @@ class Commande extends CommonOrder
// Delete main record
if (!$error) {
- $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id);
$res = $this->db->query($sql);
if (!$res) {
$error++;
@@ -3507,14 +3507,14 @@ class Commande extends CommonOrder
$sql .= " FROM ".MAIN_DB_PREFIX."commande as c";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc";
- $sql .= " WHERE sc.fk_user = ".$user->id;
+ $sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." c.entity IN (".getEntity('commande').")";
//$sql.= " AND c.fk_statut IN (1,2,3) AND c.facture = 0";
$sql .= " AND ((c.fk_statut IN (".self::STATUS_VALIDATED.",".self::STATUS_SHIPMENTONPROCESS.")) OR (c.fk_statut = ".self::STATUS_CLOSED." AND c.facture = 0))"; // If status is 2 and facture=1, it must be selected
if ($user->socid) {
- $sql .= " AND c.fk_soc = ".$user->socid;
+ $sql .= " AND c.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@@ -3917,7 +3917,7 @@ class Commande extends CommonOrder
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
- $sql .= " WHERE sc.fk_user = ".$user->id;
+ $sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." co.entity IN (".getEntity('commande').")";
@@ -4649,7 +4649,7 @@ class OrderLine extends CommonOrderLine
$sql .= ",total_localtax1='".price2num($this->total_localtax1)."'";
$sql .= ",total_localtax2='".price2num($this->total_localtax2)."'";
$sql .= ",total_ttc='".price2num($this->total_ttc)."'";
- $sql .= " WHERE rowid = ".$this->rowid;
+ $sql .= " WHERE rowid = ".((int) $this->rowid);
dol_syslog("OrderLine::update_total", LOG_DEBUG);
diff --git a/htdocs/commande/class/commandestats.class.php b/htdocs/commande/class/commandestats.class.php
index 6bd6067dcf7..8ac89d5a18f 100644
--- a/htdocs/commande/class/commandestats.class.php
+++ b/htdocs/commande/class/commandestats.class.php
@@ -94,13 +94,13 @@ class CommandeStats extends Stats
$this->where .= ($this->where ? ' AND ' : '').'c.entity IN ('.getEntity('commande').')';
if (!$user->rights->societe->client->voir && !$this->socid) {
- $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($this->socid) {
- $this->where .= " AND c.fk_soc = ".$this->socid;
+ $this->where .= " AND c.fk_soc = ".((int) $this->socid);
}
if ($this->userid > 0) {
- $this->where .= ' AND c.fk_user_author = '.$this->userid;
+ $this->where .= ' AND c.fk_user_author = '.((int) $this->userid);
}
if ($typentid) {
diff --git a/htdocs/commande/customer.php b/htdocs/commande/customer.php
index 62f8c4772f6..3ecaa0fbee1 100644
--- a/htdocs/commande/customer.php
+++ b/htdocs/commande/customer.php
@@ -87,7 +87,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE s.fk_stcomm = st.id AND c.fk_soc = s.rowid";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (GETPOST("search_nom")) {
$sql .= natural_search("s.nom", GETPOST("search_nom"));
diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php
index 73f40668cea..f7dee2b4062 100644
--- a/htdocs/commande/index.php
+++ b/htdocs/commande/index.php
@@ -101,7 +101,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $db->query($sql);
@@ -169,7 +169,7 @@ if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.tms DESC";
$sql .= $db->plimit($max, 0);
@@ -253,7 +253,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.rowid DESC";
@@ -342,7 +342,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.rowid DESC";
diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php
index d25af27f34c..b11d97811c8 100644
--- a/htdocs/commande/list.php
+++ b/htdocs/commande/list.php
@@ -486,7 +486,7 @@ if ($socid > 0) {
$sql .= ' AND s.rowid = '.((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_ref) {
$sql .= natural_search('c.ref', $search_ref);
@@ -570,7 +570,7 @@ if ($search_sale > 0) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale);
}
if ($search_user > 0) {
- $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".$search_user;
+ $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".((int) $search_user);
}
if ($search_total_ht != '') {
$sql .= natural_search('c.total_ht', $search_total_ht, 1);
diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php
index 03ec879c5ad..d2a9554abab 100644
--- a/htdocs/compta/bank/class/account.class.php
+++ b/htdocs/compta/bank/class/account.class.php
@@ -1998,7 +1998,7 @@ class AccountLine extends CommonObject
// Protection to avoid any delete of accounted lines. Protection on by default
if (empty($conf->global->BANK_ALLOW_TRANSACTION_DELETION_EVEN_IF_IN_ACCOUNTING)) {
- $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id;
+ $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);
@@ -2385,7 +2385,7 @@ class AccountLine extends CommonObject
$result .= yn($this->rappro);
}
if ($option == 'showall' || $option == 'showconciliatedandaccounted') {
- $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id;
+ $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);
diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php
index 167c809a8b1..97184c1b8eb 100644
--- a/htdocs/compta/bank/releve.php
+++ b/htdocs/compta/bank/releve.php
@@ -116,7 +116,7 @@ if ($_GET["rel"] == 'prev') {
$sql = "SELECT DISTINCT(b.num_releve) as num";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve < '".$db->escape($numref)."'";
- $sql .= " AND b.fk_account = ".$object->id;
+ $sql .= " AND b.fk_account = ".((int) $object->id);
$sql .= " ORDER BY b.num_releve DESC";
dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG);
@@ -134,7 +134,7 @@ if ($_GET["rel"] == 'prev') {
$sql = "SELECT DISTINCT(b.num_releve) as num";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve > '".$db->escape($numref)."'";
- $sql .= " AND b.fk_account = ".$object->id;
+ $sql .= " AND b.fk_account = ".((int) $object->id);
$sql .= " ORDER BY b.num_releve ASC";
dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG);
@@ -165,7 +165,7 @@ $sql .= " WHERE b.num_releve='".$db->escape($numref)."'";
if (empty($numref)) {
$sql .= " OR b.num_releve is null";
}
-$sql .= " AND b.fk_account = ".$object->id;
+$sql .= " AND b.fk_account = ".((int) $object->id);
$sql .= " AND b.fk_account = ba.rowid";
$sql .= $db->order("b.datev, b.datec", "ASC"); // We add date of creation to have correct order when everything is done the same day
@@ -340,7 +340,7 @@ if (empty($numref)) {
$sql = "SELECT sum(b.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve < '".$db->escape($objp->numr)."'";
- $sql .= " AND b.fk_account = ".$object->id;
+ $sql .= " AND b.fk_account = ".((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
@@ -353,7 +353,7 @@ if (empty($numref)) {
$sql = "SELECT sum(b.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve = '".$db->escape($objp->numr)."'";
- $sql .= " AND b.fk_account = ".$object->id;
+ $sql .= " AND b.fk_account = ".((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
@@ -421,7 +421,7 @@ if (empty($numref)) {
$sql = "SELECT sum(b.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve < '".$db->escape($numref)."'";
- $sql .= " AND b.fk_account = ".$object->id;
+ $sql .= " AND b.fk_account = ".((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
@@ -605,7 +605,7 @@ if (empty($numref)) {
$sql .= " FROM ".MAIN_DB_PREFIX."bank_categ as ct";
$sql .= ", ".MAIN_DB_PREFIX."bank_class as cl";
$sql .= " WHERE ct.rowid = cl.fk_categ";
- $sql .= " AND ct.entity = ".$conf->entity;
+ $sql .= " AND ct.entity = ".((int) $conf->entity);
$sql .= " AND cl.lineid = ".((int) $objp->rowid);
$resc = $db->query($sql);
diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php
index 0bc18e31bde..af61af5e836 100644
--- a/htdocs/compta/cashcontrol/report.php
+++ b/htdocs/compta/cashcontrol/report.php
@@ -115,9 +115,9 @@ elseif ($syear && $smonth && ! $sday) $sql.= " AND dateo BETWEEN '".$db->idate(d
elseif ($syear && $smonth && $sday) $sql.= " AND dateo BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $smonth, $sday, $syear))."' AND '".$db->idate(dol_mktime(23, 59, 59, $smonth, $sday, $syear))."'";
else dol_print_error('', 'Year not defined');
// Define filter on bank account
-$sql.=" AND (b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CASH;
-$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CB;
-$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE;
+$sql.=" AND (b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CASH);
+$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CB);
+$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE);
$sql.=")";
*/
$sql = "SELECT f.rowid as facid, f.ref, f.datef as do, pf.amount as amount, b.fk_account as bankid, cp.code";
diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php
index b0a4716b7e1..504e5638abc 100644
--- a/htdocs/compta/clients.php
+++ b/htdocs/compta/clients.php
@@ -104,7 +104,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE s.fk_stcomm = st.id AND s.client in (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (dol_strlen($stcomm)) {
$sql .= " AND s.fk_stcomm=".((int) $stcomm);
diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php
index 547f0676b7b..12351032b53 100644
--- a/htdocs/compta/deplacement/index.php
+++ b/htdocs/compta/deplacement/index.php
@@ -159,7 +159,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme
$sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')';
}
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND d.fk_soc = ".((int) $socid);
diff --git a/htdocs/compta/deplacement/list.php b/htdocs/compta/deplacement/list.php
index 61d30ea1345..428eacbc93a 100644
--- a/htdocs/compta/deplacement/list.php
+++ b/htdocs/compta/deplacement/list.php
@@ -105,7 +105,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme
$sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')';
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND (sc.fk_user = ".$user->id." OR d.fk_soc IS NULL) ";
+ $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR d.fk_soc IS NULL) ";
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php
index eb380a4a212..42262b60358 100644
--- a/htdocs/compta/facture/class/facture.class.php
+++ b/htdocs/compta/facture/class/facture.class.php
@@ -2996,7 +2996,7 @@ class Facture extends CommonInvoice
$sql = "UPDATE ".MAIN_DB_PREFIX."facture";
$sql .= " SET fk_statut = ".self::STATUS_DRAFT;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
if ($result) {
@@ -4042,7 +4042,7 @@ class Facture extends CommonInvoice
$sql .= " WHERE f.entity IN (".getEntity('invoice').")";
$sql .= " AND f.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) { //restriction
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@@ -4051,7 +4051,7 @@ class Facture extends CommonInvoice
$sql .= " AND f.fk_statut = ".self::STATUS_DRAFT;
}
if (is_object($excluser)) {
- $sql .= " AND f.fk_user_author <> ".$excluser->id;
+ $sql .= " AND f.fk_user_author <> ".((int) $excluser->id);
}
$sql .= $this->db->order($sortfield, $sortorder);
$sql .= $this->db->plimit($limit, $offset);
@@ -4233,14 +4233,14 @@ class Facture extends CommonInvoice
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON f.fk_soc = sc.fk_soc";
- $sql .= " WHERE sc.fk_user = ".$user->id;
+ $sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." f.paye=0";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND f.fk_statut = ".self::STATUS_VALIDATED;
if ($user->socid) {
- $sql .= " AND f.fk_soc = ".$user->socid;
+ $sql .= " AND f.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@@ -4480,7 +4480,7 @@ class Facture extends CommonInvoice
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
- $sql .= " WHERE sc.fk_user = ".$user->id;
+ $sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." f.entity IN (".getEntity('invoice').")";
@@ -5679,7 +5679,7 @@ class FactureLigne extends CommonInvoiceLine
return -1;
}
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".$this->rowid;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".((int) $this->rowid);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
if ($this->db->query($sql)) {
$this->db->commit();
@@ -5719,7 +5719,7 @@ class FactureLigne extends CommonInvoiceLine
$sql .= ",total_localtax1=".price2num($this->total_localtax1)."";
$sql .= ",total_localtax2=".price2num($this->total_localtax2)."";
$sql .= ",total_ttc=".price2num($this->total_ttc)."";
- $sql .= " WHERE rowid = ".$this->rowid;
+ $sql .= " WHERE rowid = ".((int) $this->rowid);
dol_syslog(get_class($this)."::update_total", LOG_DEBUG);
diff --git a/htdocs/compta/facture/class/facturestats.class.php b/htdocs/compta/facture/class/facturestats.class.php
index e6547cc9f89..96c8e88b97e 100644
--- a/htdocs/compta/facture/class/facturestats.class.php
+++ b/htdocs/compta/facture/class/facturestats.class.php
@@ -86,16 +86,16 @@ class FactureStats extends Stats
$this->where = " f.fk_statut >= 0";
$this->where .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$this->socid) {
- $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($mode == 'customer') {
$this->where .= " AND (f.fk_statut <> 3 OR f.close_code <> 'replaced')"; // Exclude replaced invoices as they are duplicated (we count closed invoices for other reasons)
}
if ($this->socid) {
- $this->where .= " AND f.fk_soc = ".$this->socid;
+ $this->where .= " AND f.fk_soc = ".((int) $this->socid);
}
if ($this->userid > 0) {
- $this->where .= ' AND f.fk_user_author = '.$this->userid;
+ $this->where .= ' AND f.fk_user_author = '.((int) $this->userid);
}
if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) {
$this->where .= " AND f.type IN (0,1,2,5)";
diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php
index 93be3ba445a..0d0084c1482 100644
--- a/htdocs/compta/facture/list.php
+++ b/htdocs/compta/facture/list.php
@@ -607,7 +607,7 @@ $sql .= $hookmanager->resPrint;
$sql .= ' WHERE f.fk_soc = s.rowid';
$sql .= ' AND f.entity IN ('.getEntity('invoice').')';
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".((int) $search_product_category);
diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php
index b1ad18e6461..ca7cd08a6fe 100644
--- a/htdocs/compta/index.php
+++ b/htdocs/compta/index.php
@@ -135,7 +135,7 @@ if (!empty($conf->facture->enabled) && !empty($user->rights->facture->lire)) {
$sql .= " WHERE s.rowid = f.fk_soc";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
@@ -280,7 +280,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$sql .= " WHERE s.rowid = ff.fk_soc";
$sql .= " AND ff.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND ff.fk_soc = ".((int) $socid);
@@ -592,7 +592,7 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php
index 0c05a1bc03a..683b2fd0423 100644
--- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php
+++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php
@@ -290,7 +290,7 @@ class RemiseCheque extends CommonObject
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bordereau_cheque";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$resql = $this->db->query($sql);
@@ -344,7 +344,7 @@ class RemiseCheque extends CommonObject
if ($this->errno == 0 && $numref) {
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET statut = 1, ref = '".$this->db->escape($numref)."'";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND statut = 0";
@@ -585,7 +585,7 @@ class RemiseCheque extends CommonObject
$sql .= ", ".MAIN_DB_PREFIX."bordereau_cheque as bc";
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND b.fk_bordereau = bc.rowid";
- $sql .= " AND bc.rowid = ".$this->id;
+ $sql .= " AND bc.rowid = ".((int) $this->id);
$sql .= " AND bc.entity = ".$conf->entity;
$sql .= " ORDER BY b.dateo ASC, b.rowid ASC";
@@ -661,7 +661,7 @@ class RemiseCheque extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET amount = ".price2num($total);
$sql .= ", nbcheque = ".((int) $nb);
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$resql = $this->db->query($sql);
@@ -851,7 +851,7 @@ class RemiseCheque extends CommonObject
if ($user->rights->banque->cheque) {
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET date_bordereau = ".($date ? "'".$this->db->idate($date)."'" : 'null');
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog("RemiseCheque::set_date", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -880,8 +880,8 @@ class RemiseCheque extends CommonObject
// phpcs:enable
if ($user->rights->banque->cheque) {
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
- $sql .= " SET ref = '".$ref."'";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " SET ref = '".$this->db->escape($ref)."'";
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog("RemiseCheque::set_number", LOG_DEBUG);
$resql = $this->db->query($sql);
diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php
index f31d66a2f6d..971400afa5e 100644
--- a/htdocs/compta/paiement/class/paiement.class.php
+++ b/htdocs/compta/paiement/class/paiement.class.php
@@ -800,7 +800,7 @@ class Paiement extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX.'bank';
$sql .= " SET dateo = '".$this->db->idate($date)."', datev = '".$this->db->idate($date)."'";
- $sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".$this->id.")";
+ $sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".((int) $this->id).")";
$sql .= " AND rappro = 0";
$result = $this->db->query($sql);
diff --git a/htdocs/compta/paiement/list.php b/htdocs/compta/paiement/list.php
index ee847603954..d1a94f5e690 100644
--- a/htdocs/compta/paiement/list.php
+++ b/htdocs/compta/paiement/list.php
@@ -209,7 +209,7 @@ if (GETPOST("orphelins", "alpha")) {
}
$sql .= " WHERE p.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND sc.fk_user = ".$user->id;
+ $sql .= " AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
$sql .= " AND f.fk_soc = ".((int) $socid);
diff --git a/htdocs/compta/paymentbybanktransfer/index.php b/htdocs/compta/paymentbybanktransfer/index.php
index 5d76ae4d8b4..25763dd8339 100644
--- a/htdocs/compta/paymentbybanktransfer/index.php
+++ b/htdocs/compta/paymentbybanktransfer/index.php
@@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0";
$sql .= " AND pfd.ext_payment_id IS NULL";
$sql .= " AND pfd.fk_facture_fourn = f.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php
index 1b6afa3cffe..10c8f304102 100644
--- a/htdocs/compta/prelevement/class/bonprelevement.class.php
+++ b/htdocs/compta/prelevement/class/bonprelevement.class.php
@@ -203,7 +203,7 @@ class BonPrelevement extends CommonObject
*/
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes";
- $sql .= " WHERE fk_prelevement_bons = ".$this->id;
+ $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND fk_soc =".((int) $client_id);
$sql .= " AND code_banque = '".$this->db->escape($code_banque)."'";
$sql .= " AND code_guichet = '".$this->db->escape($code_guichet)."'";
@@ -348,8 +348,8 @@ class BonPrelevement extends CommonObject
if ($this->db->begin()) {
$sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_bons";
$sql .= " SET statut = ".self::STATUS_TRANSFERED;
- $sql .= " WHERE rowid = ".$this->id;
- $sql .= " AND entity = ".$conf->entity;
+ $sql .= " WHERE rowid = ".((int) $this->id);
+ $sql .= " AND entity = ".((int) $conf->entity);
$result = $this->db->query($sql);
if (!$result) {
@@ -374,7 +374,7 @@ class BonPrelevement extends CommonObject
if (!$error) {
$sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes";
$sql .= " SET statut = 2";
- $sql .= " WHERE fk_prelevement_bons = ".$this->id;
+ $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id);
if (!$this->db->query($sql)) {
dol_syslog(get_class($this)."::set_credite Erreur 1");
@@ -429,7 +429,7 @@ class BonPrelevement extends CommonObject
$sql .= ", statut = ".self::STATUS_CREDITED;
$sql .= ", date_credit = '".$this->db->idate($date)."'";
$sql .= " WHERE rowid=".((int) $this->id);
- $sql .= " AND entity = ".$conf->entity;
+ $sql .= " AND entity = ".((int) $conf->entity);
$sql .= " AND statut = ".self::STATUS_TRANSFERED;
$resql = $this->db->query($sql);
@@ -528,7 +528,7 @@ class BonPrelevement extends CommonObject
if (!$error) {
$sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes";
$sql .= " SET statut = 2";
- $sql .= " WHERE fk_prelevement_bons = ".$this->id;
+ $sql .= " WHERE fk_prelevement_bons = ".((int) $this->id);
if (!$this->db->query($sql)) {
dol_syslog(get_class($this)."::set_infocredit Update lines Error");
@@ -582,8 +582,8 @@ class BonPrelevement extends CommonObject
$sql .= " , date_trans = '".$this->db->idate($date)."'";
$sql .= " , method_trans = ".((int) $method);
$sql .= " , statut = ".self::STATUS_TRANSFERED;
- $sql .= " WHERE rowid = ".$this->id;
- $sql .= " AND entity = ".$conf->entity;
+ $sql .= " WHERE rowid = ".((int) $this->id);
+ $sql .= " AND entity = ".((int) $conf->entity);
$sql .= " AND statut = 0";
if ($this->db->query($sql)) {
@@ -646,8 +646,8 @@ class BonPrelevement extends CommonObject
$sql .= " , ".MAIN_DB_PREFIX."prelevement_facture as pf";
$sql .= " WHERE pf.fk_prelevement_lignes = pl.rowid";
$sql .= " AND pl.fk_prelevement_bons = p.rowid";
- $sql .= " AND p.rowid = ".$this->id;
- $sql .= " AND p.entity = ".$conf->entity;
+ $sql .= " AND p.rowid = ".((int) $this->id);
+ $sql .= " AND p.entity = ".((int) $conf->entity);
if ($amounts) {
if ($this->type == 'bank-transfer') {
$sql .= " GROUP BY fk_facture_fourn";
@@ -989,7 +989,7 @@ class BonPrelevement extends CommonObject
$sql = "SELECT substring(ref from char_length(ref) - 1)";
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons";
$sql .= " WHERE ref LIKE '%".$this->db->escape($ref)."%'";
- $sql .= " AND entity = ".$conf->entity;
+ $sql .= " AND entity = ".((int) $conf->entity);
$sql .= " ORDER BY ref DESC LIMIT 1";
dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG);
@@ -1076,7 +1076,7 @@ class BonPrelevement extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande";
$sql .= " SET traite = 1";
$sql .= ", date_traite = '".$this->db->idate($now)."'";
- $sql .= ", fk_prelevement_bons = ".$this->id;
+ $sql .= ", fk_prelevement_bons = ".((int) $this->id);
$sql .= " WHERE rowid = ".((int) $fac[1]);
$resql = $this->db->query($sql);
@@ -1141,7 +1141,7 @@ class BonPrelevement extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons";
$sql .= " SET amount = ".price2num($this->total);
$sql .= " WHERE rowid = ".((int) $this->id);
- $sql .= " AND entity = ".$conf->entity;
+ $sql .= " AND entity = ".((int) $conf->entity);
$resql = $this->db->query($sql);
if (!$resql) {
@@ -1205,7 +1205,7 @@ class BonPrelevement extends CommonObject
}
if (!$error) {
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id.")";
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id).")";
$resql1 = $this->db->query($sql);
if (!$resql1) {
dol_print_error($this->db);
@@ -1213,7 +1213,7 @@ class BonPrelevement extends CommonObject
}
if (!$error) {
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id);
$resql2 = $this->db->query($sql);
if (!$resql2) {
dol_print_error($this->db);
@@ -1221,7 +1221,7 @@ class BonPrelevement extends CommonObject
}
if (!$error) {
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".$this->id;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".((int) $this->id);
$resql3 = $this->db->query($sql);
if (!$resql3) {
dol_print_error($this->db);
@@ -1229,7 +1229,7 @@ class BonPrelevement extends CommonObject
}
if (!$error) {
- $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".$this->id;
+ $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".((int) $this->id);
$resql4 = $this->db->query($sql);
if (!$resql4) {
dol_print_error($this->db);
@@ -1491,7 +1491,7 @@ class BonPrelevement extends CommonObject
$sql .= " ".MAIN_DB_PREFIX."societe as soc,";
$sql .= " ".MAIN_DB_PREFIX."c_country as c,";
$sql .= " ".MAIN_DB_PREFIX."societe_rib as rib";
- $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id;
+ $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND pl.rowid = pf.fk_prelevement_lignes";
$sql .= " AND pf.fk_facture = f.rowid";
$sql .= " AND f.fk_soc = soc.rowid";
@@ -1607,7 +1607,7 @@ class BonPrelevement extends CommonObject
$sql .= " ".MAIN_DB_PREFIX."societe as soc,";
$sql .= " ".MAIN_DB_PREFIX."c_country as c,";
$sql .= " ".MAIN_DB_PREFIX."societe_rib as rib";
- $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id;
+ $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND pl.rowid = pf.fk_prelevement_lignes";
$sql .= " AND pf.fk_facture_fourn = f.rowid";
$sql .= " AND f.fk_soc = soc.rowid";
@@ -1697,7 +1697,7 @@ class BonPrelevement extends CommonObject
$sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,";
$sql .= " ".MAIN_DB_PREFIX."facture as f,";
$sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf";
- $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id;
+ $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND pl.rowid = pf.fk_prelevement_lignes";
$sql .= " AND pf.fk_facture = f.rowid";
@@ -1723,7 +1723,7 @@ class BonPrelevement extends CommonObject
$sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,";
$sql .= " ".MAIN_DB_PREFIX."facture_fourn as f,";
$sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf";
- $sql .= " WHERE pl.fk_prelevement_bons = ".$this->id;
+ $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND pl.rowid = pf.fk_prelevement_lignes";
$sql .= " AND pf.fk_facture_fourn = f.rowid";
diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php
index 266097f7a2d..0230e4cb726 100644
--- a/htdocs/compta/prelevement/demandes.php
+++ b/htdocs/compta/prelevement/demandes.php
@@ -138,7 +138,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE s.rowid = f.fk_soc";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
diff --git a/htdocs/compta/prelevement/index.php b/htdocs/compta/prelevement/index.php
index 11c38bbb044..c0f89a7e046 100644
--- a/htdocs/compta/prelevement/index.php
+++ b/htdocs/compta/prelevement/index.php
@@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0";
$sql .= " AND pfd.ext_payment_id IS NULL";
$sql .= " AND pfd.fk_facture = f.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php
index 5aca25466a3..f2f192271ac 100644
--- a/htdocs/compta/resultat/clientfourn.php
+++ b/htdocs/compta/resultat/clientfourn.php
@@ -614,9 +614,9 @@ if ($modecompta == 'BOOKKEEPING') {
}
}
- $sql .= " AND f.entity = ".$conf->entity;
+ $sql .= " AND f.entity = ".((int) $conf->entity);
if ($socid) {
- $sql .= " AND f.fk_soc = ".$socid;
+ $sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " GROUP BY name, socid";
$sql .= $db->order($sortfield, $sortorder);
diff --git a/htdocs/compta/sociales/class/chargesociales.class.php b/htdocs/compta/sociales/class/chargesociales.class.php
index 1977ac9791b..14b2cf67590 100644
--- a/htdocs/compta/sociales/class/chargesociales.class.php
+++ b/htdocs/compta/sociales/class/chargesociales.class.php
@@ -301,7 +301,7 @@ class ChargeSociales extends CommonObject
// Delete payments
if (!$error) {
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".$this->id;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".((int) $this->id);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php
index 48ba4b06d30..fa95b08faca 100644
--- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php
+++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php
@@ -777,7 +777,7 @@ class PaymentSocialContribution extends CommonObject
$type = 'bank';
- $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->bank_line;
+ $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->bank_line);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);
diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php
index 165a7bf7bc3..83bc4202b9d 100644
--- a/htdocs/contact/class/contact.class.php
+++ b/htdocs/contact/class/contact.class.php
@@ -385,13 +385,13 @@ class Contact extends CommonObject
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
- $sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= ' '.$clause.' sp.entity IN ('.getEntity($this->element).')';
- $sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".$user->id."))";
+ $sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".((int) $user->id)."))";
if ($user->socid > 0) {
- $sql .= " AND sp.fk_soc = ".$user->socid;
+ $sql .= " AND sp.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@@ -1068,7 +1068,7 @@ class Contact extends CommonObject
// Search Dolibarr user linked to this contact
$sql = "SELECT u.rowid ";
$sql .= " FROM ".MAIN_DB_PREFIX."user as u";
- $sql .= " WHERE u.fk_socpeople = ".$this->id;
+ $sql .= " WHERE u.fk_socpeople = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@@ -1091,7 +1091,7 @@ class Contact extends CommonObject
if ($user) {
$sql = "SELECT fk_user";
$sql .= " FROM ".MAIN_DB_PREFIX."user_alert";
- $sql .= " WHERE fk_user = ".$user->id." AND fk_contact = ".$this->db->escape($id);
+ $sql .= " WHERE fk_user = ".((int) $user->id)." AND fk_contact = ".((int) $id);
$resql = $this->db->query($sql);
if ($resql) {
@@ -1162,7 +1162,7 @@ class Contact extends CommonObject
$sql = "SELECT tc.element, count(ec.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as tc";
$sql .= " WHERE ec.fk_c_type_contact = tc.rowid";
- $sql .= " AND fk_socpeople = ".$this->id;
+ $sql .= " AND fk_socpeople = ".((int) $this->id);
$sql .= " AND tc.source = 'external'";
$sql .= " GROUP BY tc.element";
@@ -1211,7 +1211,7 @@ class Contact extends CommonObject
$sql = "SELECT ec.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."element_contact ec,";
$sql .= " ".MAIN_DB_PREFIX."c_type_contact tc";
- $sql .= " WHERE ec.fk_socpeople=".$this->id;
+ $sql .= " WHERE ec.fk_socpeople=".((int) $this->id);
$sql .= " AND ec.fk_c_type_contact=tc.rowid";
$sql .= " AND tc.source='external'";
dol_syslog(__METHOD__, LOG_DEBUG);
@@ -1242,7 +1242,7 @@ class Contact extends CommonObject
if (!$error) {
// Remove Roles
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@@ -1254,7 +1254,7 @@ class Contact extends CommonObject
if (!$error) {
// Remove Roles
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@@ -1266,7 +1266,7 @@ class Contact extends CommonObject
if (!$error) {
// Remove category
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".$this->id;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@@ -1727,7 +1727,7 @@ class Contact extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."societe_contacts as sc, ".MAIN_DB_PREFIX."c_type_contact as tc";
$sql .= " WHERE tc.rowid = sc.fk_c_type_contact";
$sql .= " AND tc.source = 'external' AND tc.active=1";
- $sql .= " AND sc.fk_socpeople = ".$this->id;
+ $sql .= " AND sc.fk_socpeople = ".((int) $this->id);
$sql .= " AND sc.entity IN (".getEntity('societe').')';
$resql = $this->db->query($sql);
@@ -2040,7 +2040,7 @@ class Contact extends CommonObject
$obj = $this->db->fetch_object($resql);
$noemail = $obj->nb;
if (empty($noemail)) {
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".$this->db->escape(getEntity('mailing', 0)).", '".$this->db->idate(dol_now())."')";
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".getEntity('mailing', 0).", '".$this->db->idate(dol_now())."')";
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@@ -2054,7 +2054,7 @@ class Contact extends CommonObject
$this->errors[] = $this->error;
}
} else {
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity = ".$this->db->escape(getEntity('mailing', 0));
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity IN (".getEntity('mailing', 0).")";
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php
index e5a9ab3f0d6..a63a1bf7e49 100644
--- a/htdocs/contact/list.php
+++ b/htdocs/contact/list.php
@@ -389,7 +389,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
}
$sql .= ' WHERE p.entity IN ('.getEntity('socpeople').')';
if (!$user->rights->societe->client->voir && !$socid) { //restriction
- $sql .= " AND (sc.fk_user = ".$user->id." OR p.fk_soc IS NULL)";
+ $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR p.fk_soc IS NULL)";
}
if (!empty($userid)) { // propre au commercial
$sql .= " AND p.fk_user_creat=".((int) $userid);
@@ -403,13 +403,13 @@ if ($search_stcomm != '' && $search_stcomm != -2) {
// Filter to exclude not owned private contacts
if ($search_priv != '0' && $search_priv != '1') {
- $sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".$user->id."))";
+ $sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".((int) $user->id)."))";
} else {
if ($search_priv == '0') {
$sql .= " AND p.priv='0'";
}
if ($search_priv == '1') {
- $sql .= " AND (p.priv='1' AND p.fk_user_creat=".$user->id.")";
+ $sql .= " AND (p.priv='1' AND p.fk_user_creat=".((int) $user->id).")";
}
}
diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php
index 5436c55faeb..29d84c86c57 100644
--- a/htdocs/contrat/class/contrat.class.php
+++ b/htdocs/contrat/class/contrat.class.php
@@ -792,7 +792,7 @@ class Contrat extends CommonObject
$sql .= " d.fk_unit,";
$sql .= " d.product_type as type";
$sql .= " FROM ".MAIN_DB_PREFIX."contratdet as d LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid";
- $sql .= " WHERE d.fk_contrat = ".$this->id;
+ $sql .= " WHERE d.fk_contrat = ".((int) $this->id);
$sql .= " ORDER by d.rowid ASC";
dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG);
@@ -1150,11 +1150,11 @@ class Contrat extends CommonObject
/*
$sql = "DELETE cdl";
$sql.= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd";
- $sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id;
+ $sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id);
*/
$sql = "SELECT cdl.rowid as cdlrowid ";
$sql .= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd";
- $sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id;
+ $sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id);
dol_syslog(get_class($this)."::delete contratdet_log", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -1188,7 +1188,7 @@ class Contrat extends CommonObject
// Delete contratdet extrafields
$main = MAIN_DB_PREFIX.'contratdet';
$ef = $main."_extrafields";
- $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".$this->id.")";
+ $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".((int) $this->id).")";
dol_syslog(get_class($this)."::delete contratdet_extrafields", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -1201,7 +1201,7 @@ class Contrat extends CommonObject
if (!$error) {
// Delete contratdet
$sql = "DELETE FROM ".MAIN_DB_PREFIX."contratdet";
- $sql .= " WHERE fk_contrat=".$this->id;
+ $sql .= " WHERE fk_contrat=".((int) $this->id);
dol_syslog(get_class($this)."::delete contratdet", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -1213,7 +1213,7 @@ class Contrat extends CommonObject
// Delete llx_ecm_files
if (!$error) {
- $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id;
+ $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();
@@ -2105,7 +2105,7 @@ class Contrat extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."contratdet as cd";
$sql .= " WHERE fk_contrat =".$this->id;
if ($status >= 0) {
- $sql .= " AND statut = ".$status;
+ $sql .= " AND statut = ".((int) $status);
}
dol_syslog(get_class($this)."::array_detail()", LOG_DEBUG);
@@ -2205,12 +2205,12 @@ class Contrat extends CommonObject
//$sql.= " AND cd.date_fin_validite < '".$this->db->idate($datetouse)."'";
}
$sql .= " AND c.fk_soc = s.rowid";
- $sql .= " AND c.entity = ".$conf->entity;
+ $sql .= " AND c.entity = ".((int) $conf->entity);
if ($user->socid) {
- $sql .= " AND c.fk_soc = ".$user->socid;
+ $sql .= " AND c.fk_soc = ".((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $this->db->query($sql);
@@ -2279,7 +2279,7 @@ class Contrat extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
- $sql .= " WHERE sc.fk_user = ".$user->id;
+ $sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." c.entity = ".$conf->entity;
@@ -3120,7 +3120,7 @@ class ContratLigne extends CommonObjectLine
if ($this->date_ouverture_prevue != $this->oldcopy->date_ouverture_prevue) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET';
$sql .= " date_ouverture_prevue = ".($this->date_ouverture_prevue != '' ? "'".$this->db->idate($this->date_ouverture_prevue)."'" : "null");
- $sql .= " WHERE fk_contrat = ".$this->fk_contrat;
+ $sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat);
$resql = $this->db->query($sql);
if (!$resql) {
@@ -3131,7 +3131,7 @@ class ContratLigne extends CommonObjectLine
if ($this->date_fin_validite != $this->oldcopy->date_fin_validite) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET';
$sql .= " date_fin_validite = ".($this->date_fin_validite != '' ? "'".$this->db->idate($this->date_fin_validite)."'" : "null");
- $sql .= " WHERE fk_contrat = ".$this->fk_contrat;
+ $sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat);
$resql = $this->db->query($sql);
if (!$resql) {
diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php
index a5e3da943b7..cc3bc87ca54 100644
--- a/htdocs/contrat/index.php
+++ b/htdocs/contrat/index.php
@@ -102,7 +102,7 @@ if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY cd.statut";
$resql = $db->query($sql);
@@ -139,7 +139,7 @@ if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY cd.statut";
$resql = $db->query($sql);
@@ -247,7 +247,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire) {
$sql .= " AND c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND c.statut = 0";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
@@ -320,7 +320,7 @@ $sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND c.statut > 0";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@@ -395,7 +395,7 @@ $sql .= " WHERE c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@@ -477,7 +477,7 @@ $sql .= " AND cd.statut = 0";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@@ -559,7 +559,7 @@ $sql .= " AND cd.date_fin_validite < '".$db->idate($now)."'";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php
index a744b2c1bf7..2438505a13c 100644
--- a/htdocs/contrat/list.php
+++ b/htdocs/contrat/list.php
@@ -271,7 +271,7 @@ if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= dolSqlDateFilter('c.date_contrat', $day, $month, $year);
if ($search_name) {
diff --git a/htdocs/contrat/services_list.php b/htdocs/contrat/services_list.php
index d4ab03b9800..d98aca0927d 100644
--- a/htdocs/contrat/services_list.php
+++ b/htdocs/contrat/services_list.php
@@ -262,7 +262,7 @@ if ($search_product_category > 0) {
}
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($mode == "0") {
$sql .= " AND cd.statut = 0";
diff --git a/htdocs/core/boxes/box_actions.php b/htdocs/core/boxes/box_actions.php
index 121137fd1a6..64a2314560c 100644
--- a/htdocs/core/boxes/box_actions.php
+++ b/htdocs/core/boxes/box_actions.php
@@ -100,13 +100,13 @@ class box_actions extends ModeleBoxes
$sql .= " AND a.entity IN (".getEntity('actioncomm').")";
$sql .= " AND a.percent >= 0 AND a.percent < 100";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
+ $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!$user->rights->agenda->allactions->read) {
- $sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id.")";
+ $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id).")";
}
$sql .= " ORDER BY a.datec DESC";
$sql .= $this->db->plimit($max, 0);
diff --git a/htdocs/core/boxes/box_activity.php b/htdocs/core/boxes/box_activity.php
index 18c1f28c590..a858111d76d 100644
--- a/htdocs/core/boxes/box_activity.php
+++ b/htdocs/core/boxes/box_activity.php
@@ -120,10 +120,10 @@ class box_activity extends ModeleBoxes
$sql .= " WHERE p.entity IN (".getEntity('propal').")";
$sql .= " AND p.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " AND p.datep >= '".$this->db->idate($tmpdate)."'";
$sql .= " AND p.date_cloture IS NULL"; // just unclosed
@@ -210,10 +210,10 @@ class box_activity extends ModeleBoxes
$sql .= " WHERE c.entity IN (".getEntity('commande').")";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " AND c.date_commande >= '".$this->db->idate($tmpdate)."'";
$sql .= " GROUP BY c.fk_statut";
@@ -297,10 +297,10 @@ class box_activity extends ModeleBoxes
$sql .= ")";
$sql .= " WHERE f.entity IN (".getEntity('invoice').')';
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.datef >= '".$this->db->idate($tmpdate)."' AND f.paye=1";
diff --git a/htdocs/core/boxes/box_clients.php b/htdocs/core/boxes/box_clients.php
index 3c83d7521f2..995f017f5f1 100644
--- a/htdocs/core/boxes/box_clients.php
+++ b/htdocs/core/boxes/box_clients.php
@@ -98,10 +98,10 @@ class box_clients extends ModeleBoxes
$sql .= " WHERE s.client IN (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY s.tms DESC";
$sql .= $this->db->plimit($max, 0);
diff --git a/htdocs/core/boxes/box_commandes.php b/htdocs/core/boxes/box_commandes.php
index 6583673f8ca..4d47f703fff 100644
--- a/htdocs/core/boxes/box_commandes.php
+++ b/htdocs/core/boxes/box_commandes.php
@@ -110,10 +110,10 @@ class box_commandes extends ModeleBoxes
$sql .= " AND c.fk_statut = 1";
}
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_commande DESC, c.ref DESC ";
diff --git a/htdocs/core/boxes/box_contacts.php b/htdocs/core/boxes/box_contacts.php
index fada6a93bfd..6aefc1f2d74 100644
--- a/htdocs/core/boxes/box_contacts.php
+++ b/htdocs/core/boxes/box_contacts.php
@@ -98,10 +98,10 @@ class box_contacts extends ModeleBoxes
}
$sql .= " WHERE sp.entity IN (".getEntity('socpeople').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND sp.fk_soc = ".$user->socid;
+ $sql .= " AND sp.fk_soc = ".((int) $user->socid);
}
$sql .= " ORDER BY sp.tms DESC";
$sql .= $this->db->plimit($max, 0);
diff --git a/htdocs/core/boxes/box_contracts.php b/htdocs/core/boxes/box_contracts.php
index 9d7b625db91..9bb794b94fa 100644
--- a/htdocs/core/boxes/box_contracts.php
+++ b/htdocs/core/boxes/box_contracts.php
@@ -92,10 +92,10 @@ class box_contracts extends ModeleBoxes
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
if (! empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_contrat DESC, c.ref DESC ";
diff --git a/htdocs/core/boxes/box_customers_outstanding_bill_reached.php b/htdocs/core/boxes/box_customers_outstanding_bill_reached.php
index d0117526515..b61fe66f064 100644
--- a/htdocs/core/boxes/box_customers_outstanding_bill_reached.php
+++ b/htdocs/core/boxes/box_customers_outstanding_bill_reached.php
@@ -99,7 +99,7 @@ class box_customers_outstanding_bill_reached extends ModeleBoxes
$sql .= " WHERE s.client IN (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = $user->socid";
diff --git a/htdocs/core/boxes/box_factures.php b/htdocs/core/boxes/box_factures.php
index 12382ccb583..6bdeabda212 100644
--- a/htdocs/core/boxes/box_factures.php
+++ b/htdocs/core/boxes/box_factures.php
@@ -107,10 +107,10 @@ class box_factures extends ModeleBoxes
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY f.datef DESC, f.ref DESC ";
diff --git a/htdocs/core/boxes/box_factures_fourn.php b/htdocs/core/boxes/box_factures_fourn.php
index a5d63c7b9c3..70640efeb78 100644
--- a/htdocs/core/boxes/box_factures_fourn.php
+++ b/htdocs/core/boxes/box_factures_fourn.php
@@ -106,10 +106,10 @@ class box_factures_fourn extends ModeleBoxes
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND f.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY f.datef DESC, f.ref DESC ";
diff --git a/htdocs/core/boxes/box_factures_fourn_imp.php b/htdocs/core/boxes/box_factures_fourn_imp.php
index 9c35055011d..fac13c654a4 100644
--- a/htdocs/core/boxes/box_factures_fourn_imp.php
+++ b/htdocs/core/boxes/box_factures_fourn_imp.php
@@ -102,10 +102,10 @@ class box_factures_fourn_imp extends ModeleBoxes
$sql .= " AND f.paye = 0";
$sql .= " AND fk_statut = 1";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY datelimite DESC, f.ref_supplier DESC ";
$sql .= $this->db->plimit($max, 0);
diff --git a/htdocs/core/boxes/box_factures_imp.php b/htdocs/core/boxes/box_factures_imp.php
index 400ae910749..3b6e857b058 100644
--- a/htdocs/core/boxes/box_factures_imp.php
+++ b/htdocs/core/boxes/box_factures_imp.php
@@ -110,10 +110,10 @@ class box_factures_imp extends ModeleBoxes
$sql .= " AND f.paye = 0";
$sql .= " AND fk_statut = 1";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " GROUP BY s.rowid, s.nom, s.name_alias, s.code_client, s.code_compta, s.client, s.logo, s.email, s.entity, s.tva_intra, s.siren, s.siret, s.ape, s.idprof4, s.idprof5, s.idprof6,";
$sql .= " f.ref, f.date_lim_reglement,";
diff --git a/htdocs/core/boxes/box_ficheinter.php b/htdocs/core/boxes/box_ficheinter.php
index 7179be0cfbb..3b62361343a 100644
--- a/htdocs/core/boxes/box_ficheinter.php
+++ b/htdocs/core/boxes/box_ficheinter.php
@@ -96,10 +96,10 @@ class box_ficheinter extends ModeleBoxes
$sql .= " WHERE f.fk_soc = s.rowid ";
$sql .= " AND f.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY f.tms DESC";
$sql .= $this->db->plimit($max, 0);
diff --git a/htdocs/core/boxes/box_fournisseurs.php b/htdocs/core/boxes/box_fournisseurs.php
index b0d5a0774fc..c0516c1cf4c 100644
--- a/htdocs/core/boxes/box_fournisseurs.php
+++ b/htdocs/core/boxes/box_fournisseurs.php
@@ -93,10 +93,10 @@ class box_fournisseurs extends ModeleBoxes
$sql .= " WHERE s.fournisseur = 1";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY s.tms DESC ";
$sql .= $this->db->plimit($max, 0);
diff --git a/htdocs/core/boxes/box_last_modified_ticket.php b/htdocs/core/boxes/box_last_modified_ticket.php
index 33d2bab0485..57e54594255 100644
--- a/htdocs/core/boxes/box_last_modified_ticket.php
+++ b/htdocs/core/boxes/box_last_modified_ticket.php
@@ -94,14 +94,14 @@ class box_last_modified_ticket extends ModeleBoxes
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc";
- $sql .= " WHERE t.entity = ".$conf->entity;
+ $sql .= " WHERE t.entity IN (".getEntity('ticket').')';
// $sql.= " AND e.rowid = er.fk_event";
- //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+ //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
if ($user->socid) {
- $sql .= " AND t.fk_soc= ".$user->socid;
+ $sql .= " AND t.fk_soc = ".((int) $user->socid);
}
- $sql .= " ORDER BY t.tms DESC, t.rowid DESC ";
+ $sql .= " ORDER BY t.tms DESC, t.rowid DESC";
$sql .= $this->db->plimit($max, 0);
$resql = $this->db->query($sql);
diff --git a/htdocs/core/boxes/box_last_ticket.php b/htdocs/core/boxes/box_last_ticket.php
index e08a54f1c87..39086464f73 100644
--- a/htdocs/core/boxes/box_last_ticket.php
+++ b/htdocs/core/boxes/box_last_ticket.php
@@ -93,12 +93,11 @@ class box_last_ticket extends ModeleBoxes
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_category as category ON category.code=t.category_code";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc";
-
- $sql .= " WHERE t.entity = ".$conf->entity;
+ $sql .= " WHERE t.entity IN (".getEntity('ticket').")";
// $sql.= " AND e.rowid = er.fk_event";
- //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+ //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
if ($user->socid) {
- $sql .= " AND t.fk_soc= ".$user->socid;
+ $sql .= " AND t.fk_soc= ".((int) $user->socid);
}
//$sql.= " AND t.fk_statut > 9";
diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php
index 9f1204c4dc4..f14ab699690 100644
--- a/htdocs/core/boxes/box_project.php
+++ b/htdocs/core/boxes/box_project.php
@@ -136,8 +136,9 @@ class box_project extends ModeleBoxes
$sql = "SELECT count(*) as nb, sum(progress) as totprogress";
$sql .= " FROM ".MAIN_DB_PREFIX."projet as p LEFT JOIN ".MAIN_DB_PREFIX."projet_task as pt on pt.fk_projet = p.rowid";
- $sql .= " WHERE p.entity IN (".getEntity('project').')';
- $sql .= " AND p.rowid = ".$objp->rowid;
+ $sql .= " WHERE p.entity IN (".getEntity('project').')';
+ $sql .= " AND p.rowid = ".((int) $objp->rowid);
+
$resultTask = $this->db->query($sql);
if ($resultTask) {
$objTask = $this->db->fetch_object($resultTask);
diff --git a/htdocs/core/boxes/box_propales.php b/htdocs/core/boxes/box_propales.php
index 9c6376351e7..6599116a980 100644
--- a/htdocs/core/boxes/box_propales.php
+++ b/htdocs/core/boxes/box_propales.php
@@ -96,10 +96,10 @@ class box_propales extends ModeleBoxes
$sql .= " WHERE p.fk_soc = s.rowid";
$sql .= " AND p.entity IN (".getEntity('propal').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY p.datep DESC, p.ref DESC ";
diff --git a/htdocs/core/boxes/box_prospect.php b/htdocs/core/boxes/box_prospect.php
index 7489cc997ea..06d42e34b18 100644
--- a/htdocs/core/boxes/box_prospect.php
+++ b/htdocs/core/boxes/box_prospect.php
@@ -99,10 +99,10 @@ class box_prospect extends ModeleBoxes
$sql .= " WHERE s.client IN (2, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY s.tms DESC";
$sql .= $this->db->plimit($max, 0);
diff --git a/htdocs/core/boxes/box_services_contracts.php b/htdocs/core/boxes/box_services_contracts.php
index 98e2b82bb37..320932a0c6f 100644
--- a/htdocs/core/boxes/box_services_contracts.php
+++ b/htdocs/core/boxes/box_services_contracts.php
@@ -96,12 +96,12 @@ class box_services_contracts extends ModeleBoxes
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contrat";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= ")";
$sql .= " WHERE c.entity = ".$conf->entity;
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= $this->db->order("c.tms", "DESC");
$sql .= $this->db->plimit($max, 0);
diff --git a/htdocs/core/boxes/box_services_expired.php b/htdocs/core/boxes/box_services_expired.php
index 75cc1cde413..95086cdf2a3 100644
--- a/htdocs/core/boxes/box_services_expired.php
+++ b/htdocs/core/boxes/box_services_expired.php
@@ -96,7 +96,7 @@ class box_services_expired extends ModeleBoxes
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY c.rowid, c.ref, c.statut, c.date_contrat, c.ref_customer, c.ref_supplier, s.nom, s.rowid";
$sql .= ", s.email, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur";
diff --git a/htdocs/core/boxes/box_shipments.php b/htdocs/core/boxes/box_shipments.php
index abb639ddb94..2b6adfe3bdc 100644
--- a/htdocs/core/boxes/box_shipments.php
+++ b/htdocs/core/boxes/box_shipments.php
@@ -109,10 +109,10 @@ class box_shipments extends ModeleBoxes
$sql .= " AND e.fk_statut = 1";
}
if ($user->socid > 0) {
- $sql.= " AND s.rowid = ".$user->socid;
+ $sql.= " AND s.rowid = ".((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND sc.fk_user = ".$user->id;
+ $sql .= " AND sc.fk_user = ".((int) $user->id);
} else {
$sql .= " ORDER BY e.date_delivery, e.ref DESC ";
}
diff --git a/htdocs/core/boxes/box_supplier_orders.php b/htdocs/core/boxes/box_supplier_orders.php
index 0c2b97ce6b5..b3451d9b6c3 100644
--- a/htdocs/core/boxes/box_supplier_orders.php
+++ b/htdocs/core/boxes/box_supplier_orders.php
@@ -98,10 +98,10 @@ class box_supplier_orders extends ModeleBoxes
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('supplier_order').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_commande DESC, c.ref DESC ";
diff --git a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
index 04dabbd0ff3..8125a848fd0 100644
--- a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
+++ b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
@@ -99,10 +99,10 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes
$sql .= " AND c.entity IN (".getEntity('supplier_order').")";
$sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_commande DESC, c.ref DESC";
diff --git a/htdocs/core/boxes/box_validated_projects.php b/htdocs/core/boxes/box_validated_projects.php
index 66a4f76f1b3..f1fb55878aa 100644
--- a/htdocs/core/boxes/box_validated_projects.php
+++ b/htdocs/core/boxes/box_validated_projects.php
@@ -118,7 +118,7 @@ class box_validated_projects extends ModeleBoxes
if ($projectsListId) {
$sql .= ' AND p.rowid IN ('.$this->db->sanitize($projectsListId).')'; // Only project we ara allowed
}
- $sql .= " AND t.rowid NOT IN (SELECT fk_task FROM ".MAIN_DB_PREFIX."projet_task_time WHERE fk_user =".$user->id.")";
+ $sql .= " AND t.rowid NOT IN (SELECT fk_task FROM ".MAIN_DB_PREFIX."projet_task_time WHERE fk_user = ".((int) $user->id).")";
$sql .= " GROUP BY p.rowid, p.ref, p.fk_soc, p.dateo";
$sql .= " ORDER BY p.dateo ASC";
diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php
index 81f2b529f1d..605ffec63bd 100644
--- a/htdocs/core/class/commoninvoice.class.php
+++ b/htdocs/core/class/commoninvoice.class.php
@@ -462,7 +462,7 @@ abstract class CommonInvoice extends CommonObject
$type = 'supplier_invoice';
}
- $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id;
+ $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);
diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
index 4d3c39027ac..a7049ea5a76 100644
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -1843,7 +1843,7 @@ abstract class CommonObject
if (!empty($element)) {
$sql .= " AND entity IN (".getEntity($element).")";
} else {
- $sql .= " AND entity = ".$conf->entity;
+ $sql .= " AND entity = ".((int) $conf->entity);
}
dol_syslog(get_class($this).'::fetchObjectFrom', LOG_DEBUG);
@@ -1992,7 +1992,7 @@ abstract class CommonObject
/**
* Load properties id_previous and id_next by comparing $fieldid with $this->ref
*
- * @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')"
+ * @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')". Do not allow user input data here.
* @param string $fieldid Name of field to use for the select MAX and MIN
* @param int $nodbprefix Do not include DB prefix to forge table name
* @return int <0 if KO, >0 if OK
@@ -2041,10 +2041,10 @@ abstract class CommonObject
}
$sql .= " WHERE te.".$fieldid." < '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists)
if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND sc.fk_user = ".$user->id;
+ $sql .= " AND sc.fk_user = ".((int) $user->id);
}
if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)';
+ $sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)';
}
if (!empty($filter)) {
if (!preg_match('/^\s*AND/i', $filter)) {
@@ -2111,10 +2111,10 @@ abstract class CommonObject
}
$sql .= " WHERE te.".$fieldid." > '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists)
if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND sc.fk_user = ".$user->id;
+ $sql .= " AND sc.fk_user = ".((int) $user->id);
}
if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)';
+ $sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)';
}
if (!empty($filter)) {
if (!preg_match('/^\s*AND/i', $filter)) {
@@ -3899,14 +3899,14 @@ abstract class CommonObject
$sql = "UPDATE " . MAIN_DB_PREFIX . "element_element SET ";
if ($updatesource) {
- $sql .= "fk_source = " . $sourceid;
+ $sql .= "fk_source = " . ((int) $sourceid);
$sql .= ", sourcetype = '" . $this->db->escape($sourcetype) . "'";
- $sql .= " WHERE fk_target = " . $this->id;
+ $sql .= " WHERE fk_target = " . ((int) $this->id);
$sql .= " AND targettype = '" . $this->db->escape($this->element) . "'";
} elseif ($updatetarget) {
- $sql .= "fk_target = " . $targetid;
+ $sql .= "fk_target = " . ((int) $targetid);
$sql .= ", targettype = '" . $this->db->escape($targettype) . "'";
- $sql .= " WHERE fk_source = " . $this->id;
+ $sql .= " WHERE fk_source = " . ((int) $this->id);
$sql .= " AND sourcetype = '" . $this->db->escape($this->element) . "'";
}
@@ -3992,15 +3992,15 @@ abstract class CommonObject
$sql .= " rowid = " . ((int) $rowid);
} else {
if ($deletesource) {
- $sql .= " fk_source = " . $sourceid . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'";
- $sql .= " AND fk_target = " . $this->id . " AND targettype = '" . $this->db->escape($this->element) . "'";
+ $sql .= " fk_source = " . ((int) $sourceid) . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'";
+ $sql .= " AND fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "'";
} elseif ($deletetarget) {
- $sql .= " fk_target = " . $targetid . " AND targettype = '" . $this->db->escape($targettype) . "'";
- $sql .= " AND fk_source = " . $this->id . " AND sourcetype = '" . $this->db->escape($this->element) . "'";
+ $sql .= " fk_target = " . ((int) $targetid) . " AND targettype = '" . $this->db->escape($targettype) . "'";
+ $sql .= " AND fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "'";
} else {
- $sql .= " (fk_source = " . $this->id . " AND sourcetype = '" . $this->db->escape($this->element) . "')";
+ $sql .= " (fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "')";
$sql .= " OR";
- $sql .= " (fk_target = " . $this->id . " AND targettype = '" . $this->db->escape($this->element) . "')";
+ $sql .= " (fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "')";
}
}
@@ -5506,7 +5506,7 @@ abstract class CommonObject
$sql = "SELECT rowid, property, lang , value";
$sql .= " FROM ".MAIN_DB_PREFIX."object_lang";
$sql .= " WHERE type_object = '".$this->db->escape($element)."'";
- $sql .= " AND fk_object = ".$this->id;
+ $sql .= " AND fk_object = ".((int) $this->id);
//dol_syslog(get_class($this)."::fetch_optionals get extrafields data for ".$this->table_element, LOG_DEBUG); // Too verbose
$resql = $this->db->query($sql);
@@ -5783,7 +5783,7 @@ abstract class CommonObject
dol_syslog(get_class($this)."::deleteExtraFields delete", LOG_DEBUG);
- $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id;
+ $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id);
$resql = $this->db->query($sql_del);
if (!$resql) {
@@ -5983,7 +5983,7 @@ abstract class CommonObject
dol_syslog(get_class($this)."::insertExtraFields delete then insert", LOG_DEBUG);
- $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id;
+ $sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id);
$this->db->query($sql_del);
$sql = "INSERT INTO ".MAIN_DB_PREFIX.$table_element."_extrafields (fk_object";
@@ -9509,7 +9509,7 @@ abstract class CommonObject
// Delete ecm_files extrafields
$sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_files_extrafields WHERE fk_object IN (";
$sql .= " SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE filename LIKE '".$this->db->escape($this->ref)."%'";
- $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".$conf->entity; // No need of getEntity here
+ $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity); // No need of getEntity here
$sql .= ")";
if (!$this->db->query($sql)) {
@@ -9521,7 +9521,7 @@ abstract class CommonObject
// Delete ecm_files
$sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_files";
$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%'";
- $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".$conf->entity; // No need of getEntity here
+ $sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity); // No need of getEntity here
if (!$this->db->query($sql)) {
$this->error = $this->db->lasterror();
@@ -9533,7 +9533,7 @@ abstract class CommonObject
// Delete in database with mode 1
if ($mode == 1) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files_extrafields";
- $sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id.")";
+ $sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id).")";
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();
diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php
index 2aa829f4090..eaf4bc511c8 100644
--- a/htdocs/core/class/discount.class.php
+++ b/htdocs/core/class/discount.class.php
@@ -144,7 +144,7 @@ class DiscountAbsolute
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fsup ON sr.fk_invoice_supplier_source = fsup.rowid";
$sql .= " WHERE sr.entity IN (".getEntity('invoice').")";
if ($rowid) {
- $sql .= " AND sr.rowid=".((int) $rowid);
+ $sql .= " AND sr.rowid = ".((int) $rowid);
}
if ($fk_facture_source) {
$sql .= " AND sr.fk_facture_source = ".((int) $fk_facture_source);
@@ -315,7 +315,7 @@ class DiscountAbsolute
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except";
$sql .= " WHERE (fk_invoice_supplier_line IS NOT NULL"; // Not used as absolute simple discount
$sql .= " OR fk_invoice_supplier IS NOT NULL)"; // Not used as credit note and not used as deposit
- $sql .= " AND fk_invoice_supplier_source = ".$this->fk_invoice_supplier_source;
+ $sql .= " AND fk_invoice_supplier_source = ".((int) $this->fk_invoice_supplier_source);
//$sql.=" AND rowid != ".$this->id;
dol_syslog(get_class($this)."::delete Check if we can remove discount", LOG_DEBUG);
@@ -355,7 +355,7 @@ class DiscountAbsolute
if ($this->fk_facture_source) {
$sql = "UPDATE ".MAIN_DB_PREFIX."facture";
$sql .= " set paye=0, fk_statut=1";
- $sql .= " WHERE (type = 2 or type = 3) AND rowid=".$this->fk_facture_source;
+ $sql .= " WHERE (type = 2 or type = 3) AND rowid = ".((int) $this->fk_facture_source);
dol_syslog(get_class($this)."::delete Update credit note or deposit invoice statut", LOG_DEBUG);
$result = $this->db->query($sql);
@@ -370,7 +370,7 @@ class DiscountAbsolute
} elseif ($this->fk_invoice_supplier_source) {
$sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn";
$sql .= " set paye=0, fk_statut=1";
- $sql .= " WHERE (type = 2 or type = 3) AND rowid=".$this->fk_invoice_supplier_source;
+ $sql .= " WHERE (type = 2 or type = 3) AND rowid = ".((int) $this->fk_invoice_supplier_source);
dol_syslog(get_class($this)."::delete Update credit note or deposit invoice statut", LOG_DEBUG);
$result = $this->db->query($sql);
@@ -488,7 +488,7 @@ class DiscountAbsolute
*
* @param Societe $company Object third party for filter
* @param User $user Filtre sur un user auteur des remises
- * @param string $filter Filtre autre
+ * @param string $filter Filter other. Warning: Do not use a user input value here.
* @param int $maxvalue Filter on max value for discount
* @param int $discount_type 0 => customer discount, 1 => supplier discount
* @param int $multicurrency Return multicurrency_amount instead of amount
@@ -503,17 +503,17 @@ class DiscountAbsolute
$sql = "SELECT SUM(rc.amount_ttc) as amount, SUM(rc.multicurrency_amount_ttc) as multicurrency_amount";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc";
$sql .= " WHERE rc.entity = ".$conf->entity;
- $sql .= " AND rc.discount_type=".intval($discount_type);
+ $sql .= " AND rc.discount_type=".((int) $discount_type);
if (!empty($discount_type)) {
$sql .= " AND (rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_line IS NULL)"; // Available from supplier
} else {
$sql .= " AND (rc.fk_facture IS NULL AND rc.fk_facture_line IS NULL)"; // Available to customer
}
if (is_object($company)) {
- $sql .= " AND rc.fk_soc = ".$company->id;
+ $sql .= " AND rc.fk_soc = ".((int) $company->id);
}
if (is_object($user)) {
- $sql .= " AND rc.fk_user = ".$user->id;
+ $sql .= " AND rc.fk_user = ".((int) $user->id);
}
if ($filter) {
$sql .= ' AND ('.$filter.')';
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 07abdb4b465..e1d3c5b14f6 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -1347,13 +1347,13 @@ class Form
}
$sql .= " WHERE s.entity IN (".getEntity('societe').")";
if (!empty($user->socid)) {
- $sql .= " AND s.rowid = ".$user->socid;
+ $sql .= " AND s.rowid = ".((int) $user->socid);
}
if ($filter) {
$sql .= " AND (".$filter.")";
}
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (!empty($conf->global->COMPANY_HIDE_INACTIVE_IN_COMBOBOX)) {
$sql .= " AND s.status <> 0";
@@ -1664,7 +1664,7 @@ class Form
}
$sql .= " WHERE sp.entity IN (".getEntity('socpeople').")";
if ($socid > 0 || $socid == -1) {
- $sql .= " AND sp.fk_soc=".$socid;
+ $sql .= " AND sp.fk_soc = ".((int) $socid);
}
if (!empty($conf->global->CONTACT_HIDE_INACTIVE_IN_COMBOBOX)) {
$sql .= " AND sp.statut <> 0";
@@ -2446,13 +2446,13 @@ class Form
if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY) || !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) {
$sql .= ", (SELECT pp.rowid FROM ".MAIN_DB_PREFIX."product_price as pp WHERE pp.fk_product = p.rowid";
if ($price_level >= 1 && !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) {
- $sql .= " AND price_level=".$price_level;
+ $sql .= " AND price_level = ".((int) $price_level);
}
$sql .= " ORDER BY date_price";
$sql .= " DESC LIMIT 1) as price_rowid";
$sql .= ", (SELECT pp.price_by_qty FROM ".MAIN_DB_PREFIX."product_price as pp WHERE pp.fk_product = p.rowid"; // price_by_qty is 1 if some prices by qty exists in subtable
if ($price_level >= 1 && !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) {
- $sql .= " AND price_level=".$price_level;
+ $sql .= " AND price_level = ".((int) $price_level);
}
$sql .= " ORDER BY date_price";
$sql .= " DESC LIMIT 1) as price_by_qty";
@@ -2472,7 +2472,7 @@ class Form
//Price by customer
if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES) && !empty($socid)) {
- $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".$socid." AND pcp.fk_product=p.rowid";
+ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".((int) $socid)." AND pcp.fk_product=p.rowid";
}
// Units
if (!empty($conf->global->PRODUCT_USE_UNITS)) {
@@ -3462,7 +3462,7 @@ class Form
$sql .= " WHERE pfp.entity IN (".getEntity('productsupplierprice').")";
$sql .= " AND p.tobuy = 1";
$sql .= " AND s.fournisseur = 1";
- $sql .= " AND p.rowid = ".$productid;
+ $sql .= " AND p.rowid = ".((int) $productid);
$sql .= " ORDER BY s.nom, pfp.ref_fourn DESC";
dol_syslog(get_class($this)."::select_product_fourn_price", LOG_DEBUG);
@@ -7013,14 +7013,14 @@ class Form
}
if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) {
if ($objecttmp->element == 'societe') {
- $sql .= " AND t.rowid = ".$user->socid;
+ $sql .= " AND t.rowid = ".((int) $user->socid);
} else {
- $sql .= " AND t.fk_soc = ".$user->socid;
+ $sql .= " AND t.fk_soc = ".((int) $user->socid);
}
}
if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') {
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
}
}
@@ -9049,7 +9049,7 @@ class Form
$sql .= " AND f.fk_projet = p.rowid AND f.fk_statut=0"; //Brouillons seulement
//if ($projectsListId) $sql.= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")";
//if ($socid == 0) $sql.= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)";
- //if ($socid > 0) $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)";
+ //if ($socid > 0) $sql.= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)";
$sql .= " ORDER BY p.ref, f.ref ASC";
$resql = $this->db->query($sql);
diff --git a/htdocs/core/class/html.formcontract.class.php b/htdocs/core/class/html.formcontract.class.php
index eb0f1baaef1..5db615f4654 100644
--- a/htdocs/core/class/html.formcontract.class.php
+++ b/htdocs/core/class/html.formcontract.class.php
@@ -80,7 +80,7 @@ class FormContract
if ($socid > 0) {
// CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY is 'all' or a list of ids separated by coma.
if (empty($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY)) {
- $sql .= " AND (c.fk_soc=".$socid." OR c.fk_soc IS NULL)";
+ $sql .= " AND (c.fk_soc=".((int) $socid)." OR c.fk_soc IS NULL)";
} elseif ($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY != 'all') {
$sql .= " AND (c.fk_soc IN (".$this->db->sanitize($socid.", ".$conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY).") ";
$sql .= " OR c.fk_soc IS NULL)";
diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php
index 9da814f3369..3dc2743adf1 100644
--- a/htdocs/core/class/html.formmail.class.php
+++ b/htdocs/core/class/html.formmail.class.php
@@ -1276,7 +1276,7 @@ class FormMail extends Form
$sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql .= " WHERE (type_template='".$db->escape($type_template)."' OR type_template='all')";
$sql .= " AND entity IN (".getEntity('c_email_templates').")";
- $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // Get all public or private owned
+ $sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // Get all public or private owned
if ($active >= 0) {
$sql .= " AND active = ".((int) $active);
}
@@ -1399,7 +1399,7 @@ class FormMail extends Form
$sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql .= " WHERE type_template='".$this->db->escape($type_template)."'";
$sql .= " AND entity IN (".getEntity('c_email_templates').")";
- $sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".$user->id.")";
+ $sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".((int) $user->id).")";
if (is_object($outputlangs)) {
$sql .= " AND (lang = '".$this->db->escape($outputlangs->defaultlang)."' OR lang IS NULL OR lang = '')";
}
@@ -1435,7 +1435,7 @@ class FormMail extends Form
$sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql .= " WHERE type_template IN ('".$this->db->escape($type_template)."', 'all')";
$sql .= " AND entity IN (".getEntity('c_email_templates').")";
- $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // See all public templates or templates I own.
+ $sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // See all public templates or templates I own.
if ($active >= 0) {
$sql .= " AND active = ".((int) $active);
}
diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php
index 5f00ed6877b..f0fdfaadd02 100644
--- a/htdocs/core/class/html.formother.class.php
+++ b/htdocs/core/class/html.formother.class.php
@@ -497,10 +497,10 @@ class FormOther
}
if (empty($user->rights->user->user->lire)) {
- $sql_usr .= " AND u.rowid = ".$user->id;
+ $sql_usr .= " AND u.rowid = ".((int) $user->id);
}
if (!empty($user->socid)) {
- $sql_usr .= " AND u.fk_soc = ".$user->socid;
+ $sql_usr .= " AND u.fk_soc = ".((int) $user->socid);
}
//Add hook to filter on user (for exemple on usergroup define in custom modules)
@@ -524,7 +524,7 @@ class FormOther
$sql_usr .= " WHERE u2.entity IN (".getEntity('user').")";
}
- $sql_usr .= " AND u2.rowid = sc.fk_user AND sc.fk_soc=".$user->socid;
+ $sql_usr .= " AND u2.rowid = sc.fk_user AND sc.fk_soc = ".((int) $user->socid);
//Add hook to filter on user (for exemple on usergroup define in custom modules)
if (!empty($reshook)) {
diff --git a/htdocs/core/class/html.formprojet.class.php b/htdocs/core/class/html.formprojet.class.php
index 4177c4237b8..9696dca7183 100644
--- a/htdocs/core/class/html.formprojet.class.php
+++ b/htdocs/core/class/html.formprojet.class.php
@@ -350,7 +350,7 @@ class FormProjets
$sql .= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)";
}
if ($socid > 0) {
- $sql .= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)";
+ $sql .= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)";
}
$sql .= " ORDER BY p.ref, t.ref ASC";
diff --git a/htdocs/core/class/notify.class.php b/htdocs/core/class/notify.class.php
index bb37293354e..2f160457ba1 100644
--- a/htdocs/core/class/notify.class.php
+++ b/htdocs/core/class/notify.class.php
@@ -398,7 +398,7 @@ class Notify
$sql .= " WHERE n.fk_user = c.rowid AND a.rowid = n.fk_action";
$sql .= " AND c.statut = 1";
if (is_numeric($notifcode)) {
- $sql .= " AND n.fk_action = ".$notifcode; // Old usage
+ $sql .= " AND n.fk_action = ".((int) $notifcode); // Old usage
} else {
$sql .= " AND a.code = '".$this->db->escape($notifcode)."'"; // New usage
}
diff --git a/htdocs/core/lib/agenda.lib.php b/htdocs/core/lib/agenda.lib.php
index 9796c49cf59..048335201ee 100644
--- a/htdocs/core/lib/agenda.lib.php
+++ b/htdocs/core/lib/agenda.lib.php
@@ -168,7 +168,7 @@ function show_array_actions_to_do($max = 5)
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
$sql .= " AND ((a.percent >= 0 AND a.percent < 100) OR (a.percent = -1 AND a.datep2 > '".$db->idate($now)."'))";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@@ -284,7 +284,7 @@ function show_array_last_actions_done($max = 5)
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
$sql .= " AND (a.percent >= 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php
index 0204fd28922..4b536ccb2ad 100644
--- a/htdocs/core/lib/company.lib.php
+++ b/htdocs/core/lib/company.lib.php
@@ -1085,7 +1085,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '')
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople_extrafields as ef on (t.rowid = ef.fk_object)";
$sql .= " WHERE t.fk_soc = ".$object->id;
if ($search_status != '' && $search_status != '-1') {
- $sql .= " AND t.statut = ".$db->escape($search_status);
+ $sql .= " AND t.statut = ".((int) $search_status);
}
if ($search_name) {
$sql .= natural_search(array('t.lastname', 't.firstname'), $search_name);
@@ -1489,46 +1489,46 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
if ($force_filter_contact === false) {
if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur')) && $filterobj->id) {
- $sql .= " AND a.fk_soc = ".$filterobj->id;
+ $sql .= " AND a.fk_soc = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Dolresource') {
/* Nothing */
} elseif (is_object($filterobj) && get_class($filterobj) == 'Project' && $filterobj->id) {
- $sql .= " AND a.fk_project = ".$filterobj->id;
+ $sql .= " AND a.fk_project = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') {
$sql .= " AND a.fk_element = m.rowid AND a.elementtype = 'member'";
if ($filterobj->id) {
- $sql .= " AND a.fk_element = ".$filterobj->id;
+ $sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'order_supplier'";
if ($filterobj->id) {
- $sql .= " AND a.fk_element = ".$filterobj->id;
+ $sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Product') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'product'";
if ($filterobj->id) {
- $sql .= " AND a.fk_element = ".$filterobj->id;
+ $sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Ticket') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'ticket'";
if ($filterobj->id) {
- $sql .= " AND a.fk_element = ".$filterobj->id;
+ $sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'BOM') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'bom'";
if ($filterobj->id) {
- $sql .= " AND a.fk_element = ".$filterobj->id;
+ $sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Contrat') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'contract'";
if ($filterobj->id) {
- $sql .= " AND a.fk_element = ".$filterobj->id;
+ $sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && is_array($filterobj->fields) && is_array($filterobj->fields['rowid']) && is_array($filterobj->fields['ref']) && $filterobj->table_element && $filterobj->element) {
// Generic case
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? '@'.$module : '')."'";
if ($filterobj->id) {
- $sql .= " AND a.fk_element = ".$filterobj->id;
+ $sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
}
}
diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php
index 3838829f8cd..4be6aa8379e 100644
--- a/htdocs/core/lib/invoice.lib.php
+++ b/htdocs/core/lib/invoice.lib.php
@@ -242,7 +242,7 @@ function getCustomerInvoicePieChart($socid = 0)
$sql .= ' AND f.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY f.fk_statut";
@@ -362,7 +362,7 @@ function getPurchaseInvoicePieChart($socid = 0)
$sql .= ' AND f.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY f.fk_statut";
@@ -600,7 +600,7 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0)
$sql .= " WHERE s.rowid = f.fk_soc AND f.fk_statut = ".Facture::STATUS_DRAFT;
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@@ -743,7 +743,7 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0)
$sql .= " WHERE s.rowid = f.fk_soc AND f.fk_statut = ".FactureFournisseur::STATUS_DRAFT;
$sql .= " AND f.entity IN (".getEntity('invoice').')';
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
@@ -867,7 +867,7 @@ function getCustomerInvoiceLatestEditTable($maxCount = 5, $socid = 0)
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY f.tms DESC";
$sql .= $db->plimit($maxCount, 0);
@@ -969,7 +969,7 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0)
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY f.tms DESC";
$sql .= $db->plimit($maxCount, 0);
@@ -1079,7 +1079,7 @@ function getCustomerInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0)
$sql .= " WHERE s.rowid = f.fk_soc AND f.paye = 0 AND f.fk_statut = ".Facture::STATUS_VALIDATED;
$sql .= " AND f.entity IN (".getEntity('invoice').')';
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
@@ -1267,7 +1267,7 @@ function getPurchaseInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0)
$sql .= " AND ff.paye = 0";
$sql .= " AND ff.fk_statut = ".FactureFournisseur::STATUS_VALIDATED;
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND ff.fk_soc = ".((int) $socid);
diff --git a/htdocs/core/lib/order.lib.php b/htdocs/core/lib/order.lib.php
index 7e02450160a..6dcb40e1cc7 100644
--- a/htdocs/core/lib/order.lib.php
+++ b/htdocs/core/lib/order.lib.php
@@ -208,7 +208,7 @@ function getCustomerOrderPieChart($socid = 0)
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY c.fk_statut";
diff --git a/htdocs/core/lib/project.lib.php b/htdocs/core/lib/project.lib.php
index 26d66ceae23..ddf3aa64382 100644
--- a/htdocs/core/lib/project.lib.php
+++ b/htdocs/core/lib/project.lib.php
@@ -100,7 +100,7 @@ function project_prepare_head(Project $project)
//$sql .= " WHERE t.fk_user = u.rowid AND t.fk_task = pt.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t, ".MAIN_DB_PREFIX."projet_task as pt";
$sql .= " WHERE t.fk_task = pt.rowid";
- $sql .= " AND pt.fk_projet =".$project->id;
+ $sql .= " AND pt.fk_projet =".((int) $project->id);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
@@ -113,7 +113,7 @@ function project_prepare_head(Project $project)
}
}
- $head[$h][0] = DOL_URL_ROOT.'/projet/tasks/time.php?withproject=1&projectid='.$project->id;
+ $head[$h][0] = DOL_URL_ROOT.'/projet/tasks/time.php?withproject=1&projectid='.urlencode($project->id);
$head[$h][1] = $langs->trans("TimeSpent");
if ($nbTimeSpent > 0) {
$head[$h][1] .= '...';
@@ -2445,7 +2445,7 @@ function print_projecttasks_array($db, $form, $socid, $projectsListId, $mytasks
if ($mytasks) {
$sql .= " AND p.rowid = t.fk_projet";
$sql .= " AND ec.element_id = t.rowid";
- $sql .= " AND ec.fk_socpeople = ".$user->id;
+ $sql .= " AND ec.fk_socpeople = ".((int) $user->id);
$sql .= " AND ec.fk_c_type_contact = ctc.rowid"; // Replace the 2 lines with ec.fk_c_type_contact in $arrayidtypeofcontact
$sql .= " AND ctc.element = 'project_task'";
}
diff --git a/htdocs/core/lib/propal.lib.php b/htdocs/core/lib/propal.lib.php
index 38589c9e610..f7dc3970dcb 100644
--- a/htdocs/core/lib/propal.lib.php
+++ b/htdocs/core/lib/propal.lib.php
@@ -187,7 +187,7 @@ function getCustomerProposalPieChart($socid = 0)
$sql .= ' AND p.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND p.fk_statut IN (".$db->sanitize(implode(" ,", $listofstatus)).")";
$sql .= " GROUP BY p.fk_statut";
diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index d64069aa923..b297c81035e 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -668,7 +668,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta
$sql .= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= ", ".MAIN_DB_PREFIX."societe as s)";
$sql .= " WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).")";
- $sql .= " AND sc.fk_user = ".$user->id;
+ $sql .= " AND sc.fk_user = ".((int) $user->id);
$sql .= " AND sc.fk_soc = s.rowid";
$sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")";
} elseif (!empty($conf->multicompany->enabled)) {
@@ -684,7 +684,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
- $sql .= " AND dbt.fk_soc = ".$user->socid;
+ $sql .= " AND dbt.fk_soc = ".((int) $user->socid);
} elseif (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
// If internal user: Check permission for internal users that are restricted on their objects
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
@@ -754,7 +754,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta
$sql = "SELECT COUNT(dbt.".$dbt_keyfield.") as nb";
$sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql .= " WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).")";
- $sql .= " AND dbt.".$dbt_keyfield." = ".$user->socid;
+ $sql .= " AND dbt.".$dbt_keyfield." = ".((int) $user->socid);
} elseif (!empty($conf->societe->enabled) && !$user->rights->societe->client->voir) {
// If internal user: Check permission for internal users that are restricted on their objects
if ($feature != 'ticket') {
@@ -767,15 +767,15 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta
$sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
$sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
$sql .= " AND sc.fk_soc = dbt.".$dbt_keyfield;
- $sql .= " AND sc.fk_user = ".$user->id;
+ $sql .= " AND sc.fk_user = ".((int) $user->id);
} else {
// On ticket, the thirdparty is not mandatory, so we need a special test to accept record with no thirdparties.
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
- $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield." AND sc.fk_user = ".$user->id;
+ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield." AND sc.fk_user = ".((int) $user->id);
$sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
$sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
- $sql .= " AND (sc.fk_user = ".$user->id." OR sc.fk_user IS NULL)";
+ $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR sc.fk_user IS NULL)";
}
} elseif (!empty($conf->multicompany->enabled)) {
// If multicompany and internal users with all permissions, check user is in correct entity
diff --git a/htdocs/core/lib/ticket.lib.php b/htdocs/core/lib/ticket.lib.php
index f2a6194ab06..3aededf6a81 100644
--- a/htdocs/core/lib/ticket.lib.php
+++ b/htdocs/core/lib/ticket.lib.php
@@ -351,7 +351,7 @@ function show_ticket_messaging($conf, $langs, $db, $filterobj, $objcon = '', $no
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."element_resources as er";
$sql .= " ON er.resource_type = 'dolresource'";
$sql .= " AND er.element_id = a.id";
- $sql .= " AND er.resource_id = ".$filterobj->id;
+ $sql .= " AND er.resource_id = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') {
$sql .= ", ".MAIN_DB_PREFIX."adherent as m";
} elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') {
@@ -369,38 +369,38 @@ function show_ticket_messaging($conf, $langs, $db, $filterobj, $objcon = '', $no
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
if ($force_filter_contact === false) {
if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur')) && $filterobj->id) {
- $sql .= " AND a.fk_soc = ".$filterobj->id;
+ $sql .= " AND a.fk_soc = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Project' && $filterobj->id) {
- $sql .= " AND a.fk_project = ".$filterobj->id;
+ $sql .= " AND a.fk_project = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') {
$sql .= " AND a.fk_element = m.rowid AND a.elementtype = 'member'";
if ($filterobj->id) {
- $sql .= " AND a.fk_element = ".$filterobj->id;
+ $sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'order_supplier'";
if ($filterobj->id) {
- $sql .= " AND a.fk_element = ".$filterobj->id;
+ $sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Product') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'product'";
if ($filterobj->id) {
- $sql .= " AND a.fk_element = ".$filterobj->id;
+ $sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Ticket') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'ticket'";
if ($filterobj->id) {
- $sql .= " AND a.fk_element = ".$filterobj->id;
+ $sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'BOM') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'bom'";
if ($filterobj->id) {
- $sql .= " AND a.fk_element = ".$filterobj->id;
+ $sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Contrat') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'contract'";
if ($filterobj->id) {
- $sql .= " AND a.fk_element = ".$filterobj->id;
+ $sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
}
}
diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
index 44b658cc42e..6ad123f3461 100644
--- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
+++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
@@ -854,7 +854,7 @@ class pdf_crabe extends ModelePDFFactures
$sql .= " re.description, re.fk_facture_source,";
$sql .= " f.type, f.datef";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re, ".MAIN_DB_PREFIX."facture as f";
- $sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".$object->id;
+ $sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".((int) $object->id);
$resql = $this->db->query($sql);
if ($resql) {
$num = $this->db->num_rows($resql);
@@ -914,7 +914,7 @@ class pdf_crabe extends ModelePDFFactures
$sql .= " cp.code";
$sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id";
- $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$object->id;
+ $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $object->id);
//$sql.= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = 1";
$sql .= " ORDER BY p.datep";
diff --git a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php
index d6b4516695a..42a8830e3fc 100644
--- a/htdocs/core/modules/facture/doc/pdf_sponge.modules.php
+++ b/htdocs/core/modules/facture/doc/pdf_sponge.modules.php
@@ -1015,7 +1015,7 @@ class pdf_sponge extends ModelePDFFactures
$sql .= " re.description, re.fk_facture_source,";
$sql .= " f.type, f.datef";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re, ".MAIN_DB_PREFIX."facture as f";
- $sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".$object->id;
+ $sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".((int) $object->id);
$resql = $this->db->query($sql);
if ($resql) {
$num = $this->db->num_rows($resql);
@@ -1061,7 +1061,7 @@ class pdf_sponge extends ModelePDFFactures
$sql .= " cp.code";
$sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id";
- $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$object->id;
+ $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $object->id);
//$sql.= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = 1";
$sql .= " ORDER BY p.datep";
diff --git a/htdocs/core/modules/mailings/contacts1.modules.php b/htdocs/core/modules/mailings/contacts1.modules.php
index 0ca62392c82..2d41dfd9725 100644
--- a/htdocs/core/modules/mailings/contacts1.modules.php
+++ b/htdocs/core/modules/mailings/contacts1.modules.php
@@ -395,7 +395,7 @@ class mailing_contacts1 extends MailingTargets
$sql .= " AND (SELECT count(*) FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = sp.email) = 0";
// Exclude unsubscribed email adresses
$sql .= " AND sp.statut = 1";
- $sql .= " AND sp.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
+ $sql .= " AND sp.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")";
// Filter on category
if ($filter_category <> 'all') {
$sql .= " AND cs.fk_categorie = c.rowid AND cs.fk_socpeople = sp.rowid";
diff --git a/htdocs/core/modules/mailings/fraise.modules.php b/htdocs/core/modules/mailings/fraise.modules.php
index 34a5bd34a1e..09445264dc7 100644
--- a/htdocs/core/modules/mailings/fraise.modules.php
+++ b/htdocs/core/modules/mailings/fraise.modules.php
@@ -252,7 +252,7 @@ class mailing_fraise extends MailingTargets
}
$sql .= " , ".MAIN_DB_PREFIX."adherent_type as ta";
$sql .= " WHERE a.entity IN (".getEntity('member').") AND a.email <> ''"; // Note that null != '' is false
- $sql .= " AND a.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$this->db->escape($mailing_id).")";
+ $sql .= " AND a.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")";
// Filter on status
if (GETPOST("filter") == '-1') {
$sql .= " AND a.statut=-1";
diff --git a/htdocs/core/modules/printing/printgcp.modules.php b/htdocs/core/modules/printing/printgcp.modules.php
index ace8a5da188..ec53b523336 100644
--- a/htdocs/core/modules/printing/printgcp.modules.php
+++ b/htdocs/core/modules/printing/printgcp.modules.php
@@ -334,7 +334,7 @@ class printing_printgcp extends PrintingDriver
$fileprint .= '/'.$file;
$mimetype = dol_mimetype($fileprint);
// select printer uri for module order, propal,...
- $sql = "SELECT rowid, printer_id, copy FROM ".MAIN_DB_PREFIX."printing WHERE module='".$this->db->escape($module)."' AND driver='printgcp' AND userid=".$user->id;
+ $sql = "SELECT rowid, printer_id, copy FROM ".MAIN_DB_PREFIX."printing WHERE module='".$this->db->escape($module)."' AND driver='printgcp' AND userid=".((int) $user->id);
$result = $this->db->query($sql);
if ($result) {
$obj = $this->db->fetch_object($result);
diff --git a/htdocs/core/modules/printing/printipp.modules.php b/htdocs/core/modules/printing/printipp.modules.php
index b4d4c89b47f..6c4403e2593 100644
--- a/htdocs/core/modules/printing/printipp.modules.php
+++ b/htdocs/core/modules/printing/printipp.modules.php
@@ -148,7 +148,7 @@ class printing_printipp extends PrintingDriver
}
// select printer uri for module order, propal,...
- $sql = "SELECT rowid,printer_id,copy FROM ".MAIN_DB_PREFIX."printing WHERE module = '".$this->db->escape($module)."' AND driver = 'printipp' AND userid = ".$user->id;
+ $sql = "SELECT rowid,printer_id,copy FROM ".MAIN_DB_PREFIX."printing WHERE module = '".$this->db->escape($module)."' AND driver = 'printipp' AND userid = ".((int) $user->id);
$result = $this->db->query($sql);
if ($result) {
$obj = $this->db->fetch_object($result);
diff --git a/htdocs/core/modules/rapport/pdf_paiement.class.php b/htdocs/core/modules/rapport/pdf_paiement.class.php
index 9f85aca1aff..5904db84398 100644
--- a/htdocs/core/modules/rapport/pdf_paiement.class.php
+++ b/htdocs/core/modules/rapport/pdf_paiement.class.php
@@ -206,7 +206,7 @@ class pdf_paiement
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (!empty($socid)) {
$sql .= " AND s.rowid = ".((int) $socid);
@@ -241,13 +241,13 @@ class pdf_paiement
if (!empty($conf->banque->enabled)) {
$sql .= " AND p.fk_bank = b.rowid AND b.fk_account = ba.rowid ";
}
- $sql .= " AND f.entity = ".$conf->entity;
+ $sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (!empty($socid)) {
- $sql .= " AND s.rowid = ".$socid;
+ $sql .= " AND s.rowid = ".((int) $socid);
}
// If global param PAYMENTS_FOURN_REPORT_GROUP_BY_MOD is set, payement fourn are ordered by paiement_code
if (!empty($conf->global->PAYMENTS_FOURN_REPORT_GROUP_BY_MOD)) {
diff --git a/htdocs/core/website.inc.php b/htdocs/core/website.inc.php
index 8ffa69e31ac..97199614ece 100644
--- a/htdocs/core/website.inc.php
+++ b/htdocs/core/website.inc.php
@@ -96,7 +96,7 @@ if ($_SERVER['PHP_SELF'] != DOL_URL_ROOT.'/website/index.php') { // If we browsi
$sql .= " WHERE wp.fk_website = ".((int) $website->id);
$sql .= " AND (wp.fk_page = ".((int) $pageid)." OR wp.rowid = ".((int) $pageid);
if (is_object($websitepage) && $websitepage->fk_page > 0) {
- $sql .= " OR wp.fk_page = ".$websitepage->fk_page." OR wp.rowid = ".$websitepage->fk_page;
+ $sql .= " OR wp.fk_page = ".((int) $websitepage->fk_page)." OR wp.rowid = ".((int) $websitepage->fk_page);
}
$sql .= ")";
$sql .= " AND wp.lang = '".$db->escape(GETPOST('l', 'aZ09'))."'";
diff --git a/htdocs/delivery/class/delivery.class.php b/htdocs/delivery/class/delivery.class.php
index 18887a99e28..019187fca28 100644
--- a/htdocs/delivery/class/delivery.class.php
+++ b/htdocs/delivery/class/delivery.class.php
@@ -273,10 +273,10 @@ class Delivery extends CommonObject
$sql = "INSERT INTO ".MAIN_DB_PREFIX."deliverydet (fk_delivery, fk_origin_line,";
$sql .= " fk_product, description, qty)";
- $sql .= " VALUES (".$this->id.",".$origin_id.",";
- $sql .= " ".($idprod > 0 ? $idprod : "null").",";
+ $sql .= " VALUES (".$this->id.",".((int) $origin_id).",";
+ $sql .= " ".($idprod > 0 ? ((int) $idprod) : "null").",";
$sql .= " ".($description ? "'".$this->db->escape($description)."'" : "null").",";
- $sql .= $qty.")";
+ $sql .= (price2num($qty, 'MS')).")";
dol_syslog(get_class($this)."::create_line", LOG_DEBUG);
if (!$this->db->query($sql)) {
@@ -412,7 +412,7 @@ class Delivery extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."delivery";
$sql .= " WHERE ref = '".$this->db->escape($numref)."'";
$sql .= " AND fk_statut <> 0";
- $sql .= " AND entity = ".$conf->entity;
+ $sql .= " AND entity = ".((int) $conf->entity);
$resql = $this->db->query($sql);
if ($resql) {
@@ -453,7 +453,7 @@ class Delivery extends CommonObject
if (preg_match('/^[\(]?PROV/i', $this->ref)) {
// Now we rename also files into index
$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'expedition/receipt/".$this->db->escape($this->newref)."'";
- $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/receipt/".$this->db->escape($this->ref)."' and entity = ".$conf->entity;
+ $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/receipt/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity);
$resql = $this->db->query($sql);
if (!$resql) {
$error++; $this->error = $this->db->lasterror();
@@ -641,7 +641,7 @@ class Delivery extends CommonObject
$error = 0;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."deliverydet";
- $sql .= " WHERE fk_delivery = ".$this->id;
+ $sql .= " WHERE fk_delivery = ".((int) $this->id);
if ($this->db->query($sql)) {
// Delete linked object
$res = $this->deleteObjectLinked();
@@ -761,7 +761,7 @@ class Delivery extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd, ".MAIN_DB_PREFIX."deliverydet as ld";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p on p.rowid = ld.fk_product";
$sql .= " WHERE ld.fk_origin_line = cd.rowid";
- $sql .= " AND ld.fk_delivery = ".$this->id;
+ $sql .= " AND ld.fk_delivery = ".((int) $this->id);
dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -958,8 +958,8 @@ class Delivery extends CommonObject
$sql .= " WHERE ld.fk_delivery = l.rowid";
$sql .= " AND ld.fk_origin_line = cd.rowid";
$sql .= " AND cd.fk_".$this->linked_object[0]['type']." = c.rowid";
- $sql .= " AND cd.fk_".$this->linked_object[0]['type']." = ".$this->linked_object[0]['linkid'];
- $sql .= " AND ld.fk_origin_line = ".$objSourceLine->rowid;
+ $sql .= " AND cd.fk_".$this->linked_object[0]['type']." = ".((int) $this->linked_object[0]['linkid']);
+ $sql .= " AND ld.fk_origin_line = ".((int) $objSourceLine->rowid);
$sql .= " GROUP BY ld.fk_origin_line";
$result = $this->db->query($sql);
diff --git a/htdocs/eventorganization/eventorganizationindex.php b/htdocs/eventorganization/eventorganizationindex.php
index dc66f61daec..d708883c249 100644
--- a/htdocs/eventorganization/eventorganizationindex.php
+++ b/htdocs/eventorganization/eventorganizationindex.php
@@ -83,8 +83,8 @@ if (! empty($conf->eventorganization->enabled) && $user->rights->eventorganizati
$sql.= " WHERE c.fk_soc = s.rowid";
$sql.= " AND c.fk_statut = 0";
$sql.= " AND c.entity IN (".getEntity('commande').")";
- if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
- if ($socid) $sql.= " AND c.fk_soc = ".$socid;
+ if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
+ if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
$resql = $db->query($sql);
if ($resql)
@@ -158,7 +158,7 @@ if (! empty($conf->eventorganization->enabled) && $user->rights->eventorganizati
$sql.= " FROM ".MAIN_DB_PREFIX."eventorganization_myobject as s";
//if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE s.entity IN (".getEntity($myobjectstatic->element).")";
- //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+ //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
//if ($socid) $sql.= " AND s.rowid = $socid";
$sql .= " ORDER BY s.tms DESC";
$sql .= $db->plimit($max, 0);
diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php
index ee7324a22c4..85245b38e89 100644
--- a/htdocs/expedition/class/expedition.class.php
+++ b/htdocs/expedition/class/expedition.class.php
@@ -733,7 +733,7 @@ class Expedition extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,";
$sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expeditiondet_batch as edb on edb.fk_expeditiondet = ed.rowid";
- $sql .= " WHERE ed.fk_expedition = ".$this->id;
+ $sql .= " WHERE ed.fk_expedition = ".((int) $this->id);
$sql .= " AND cd.rowid = ed.fk_origin_line";
dol_syslog(get_class($this)."::valid select details", LOG_DEBUG);
@@ -811,7 +811,7 @@ class Expedition extends CommonObject
if (preg_match('/^[\(]?PROV/i', $this->ref)) {
// Now we rename also files into index
$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'expedition/sending/".$this->db->escape($this->newref)."'";
- $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/sending/".$this->db->escape($this->ref)."' and entity = ".$conf->entity;
+ $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/sending/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity);
$resql = $this->db->query($sql);
if (!$resql) {
$error++; $this->error = $this->db->lasterror();
@@ -1224,7 +1224,7 @@ class Expedition extends CommonObject
$sql = "SELECT cd.fk_product, cd.subprice, ed.qty, ed.fk_entrepot, ed.rowid as expeditiondet_id";
$sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,";
$sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed";
- $sql .= " WHERE ed.fk_expedition = ".$this->id;
+ $sql .= " WHERE ed.fk_expedition = ".((int) $this->id);
$sql .= " AND cd.rowid = ed.fk_origin_line";
dol_syslog(get_class($this)."::delete select details", LOG_DEBUG);
@@ -1285,7 +1285,7 @@ class Expedition extends CommonObject
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet";
- $sql .= " WHERE fk_expedition = ".$this->id;
+ $sql .= " WHERE fk_expedition = ".((int) $this->id);
if ($this->db->query($sql)) {
// Delete linked object
@@ -1408,7 +1408,7 @@ class Expedition extends CommonObject
$sql = "SELECT cd.fk_product, cd.subprice, ed.qty, ed.fk_entrepot, ed.rowid as expeditiondet_id";
$sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,";
$sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed";
- $sql .= " WHERE ed.fk_expedition = ".$this->id;
+ $sql .= " WHERE ed.fk_expedition = ".((int) $this->id);
$sql .= " AND cd.rowid = ed.fk_origin_line";
dol_syslog(get_class($this)."::delete select details", LOG_DEBUG);
@@ -1469,10 +1469,10 @@ class Expedition extends CommonObject
if (!$error) {
$main = MAIN_DB_PREFIX.'expeditiondet';
$ef = $main."_extrafields";
- $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_expedition = ".$this->id.")";
+ $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_expedition = ".((int) $this->id).")";
$sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet";
- $sql .= " WHERE fk_expedition = ".$this->id;
+ $sql .= " WHERE fk_expedition = ".((int) $this->id);
if ($this->db->query($sqlef) && $this->db->query($sql)) {
// Delete linked object
@@ -1577,7 +1577,7 @@ class Expedition extends CommonObject
$sql .= ", p.weight, p.weight_units, p.length, p.length_units, p.surface, p.surface_units, p.volume, p.volume_units, p.tosell as product_tosell, p.tobuy as product_tobuy, p.tobatch as product_tobatch";
$sql .= " FROM ".MAIN_DB_PREFIX."expeditiondet as ed, ".MAIN_DB_PREFIX."commandedet as cd";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = cd.fk_product";
- $sql .= " WHERE ed.fk_expedition = ".$this->id;
+ $sql .= " WHERE ed.fk_expedition = ".((int) $this->id);
$sql .= " AND ed.fk_origin_line = cd.rowid";
$sql .= " ORDER BY cd.rang, ed.fk_origin_line";
@@ -2207,7 +2207,7 @@ class Expedition extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,";
$sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expeditiondet_batch as edb on edb.fk_expeditiondet = ed.rowid";
- $sql .= " WHERE ed.fk_expedition = ".$this->id;
+ $sql .= " WHERE ed.fk_expedition = ".((int) $this->id);
$sql .= " AND cd.rowid = ed.fk_origin_line";
dol_syslog(get_class($this)."::valid select details", LOG_DEBUG);
@@ -2377,7 +2377,7 @@ class Expedition extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd,";
$sql .= " ".MAIN_DB_PREFIX."expeditiondet as ed";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expeditiondet_batch as edb on edb.fk_expeditiondet = ed.rowid";
- $sql .= " WHERE ed.fk_expedition = ".$this->id;
+ $sql .= " WHERE ed.fk_expedition = ".((int) $this->id);
$sql .= " AND cd.rowid = ed.fk_origin_line";
dol_syslog(get_class($this)."::valid select details", LOG_DEBUG);
diff --git a/htdocs/expedition/class/expeditionstats.class.php b/htdocs/expedition/class/expeditionstats.class.php
index d25c7b52098..3c1bef04d09 100644
--- a/htdocs/expedition/class/expeditionstats.class.php
+++ b/htdocs/expedition/class/expeditionstats.class.php
@@ -74,7 +74,7 @@ class ExpeditionStats extends Stats
//$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity;
$this->where .= " AND c.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$this->socid) {
- $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($this->socid) {
$this->where .= " AND c.fk_soc = ".((int) $this->socid);
diff --git a/htdocs/expedition/index.php b/htdocs/expedition/index.php
index defd1ddf9b4..173cc1889bc 100644
--- a/htdocs/expedition/index.php
+++ b/htdocs/expedition/index.php
@@ -68,13 +68,13 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande as c ON el.fk_source = c.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc";
- $sql .= $clause." sc.fk_user = ".$user->id;
+ $sql .= $clause." sc.fk_user = ".((int) $user->id);
$clause = " AND ";
}
$sql .= $clause." e.fk_statut = ".Expedition::STATUS_DRAFT;
$sql .= " AND e.entity IN (".getEntity('expedition').")";
if ($socid) {
- $sql .= " AND c.fk_soc = ".$socid;
+ $sql .= " AND c.fk_soc = ".((int) $socid);
}
$resql = $db->query($sql);
@@ -143,11 +143,11 @@ if (!$user->rights->societe->client->voir && !$socid) {
}
$sql .= " WHERE e.entity IN (".getEntity('expedition').")";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND sc.fk_user = ".$user->id;
+ $sql .= " AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND e.fk_statut = ".Expedition::STATUS_VALIDATED;
if ($socid) {
- $sql .= " AND c.fk_soc = ".$socid;
+ $sql .= " AND c.fk_soc = ".((int) $socid);
}
$sql .= " ORDER BY e.date_delivery DESC";
$sql .= $db->plimit($max, 0);
@@ -215,10 +215,10 @@ $sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('order').")";
$sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_ACCEPTED.")";
if ($socid > 0) {
- $sql .= " AND c.fk_soc = ".$socid;
+ $sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.rowid ASC";
diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php
index 5a110d33f2a..fd056a75056 100644
--- a/htdocs/expedition/list.php
+++ b/htdocs/expedition/list.php
@@ -289,7 +289,7 @@ if ($socid > 0) {
}
if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no permission to see all
$sql .= " AND e.fk_soc = sc.fk_soc";
- $sql .= " AND sc.fk_user = ".$user->id;
+ $sql .= " AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND e.fk_soc = ".((int) $socid);
@@ -326,7 +326,7 @@ if ($search_sale > 0) {
}
if ($search_user > 0) {
// The contact on a shipment is also the contact of the order.
- $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = eesource.fk_source AND ec.fk_socpeople = ".$db->escape($search_user);
+ $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = eesource.fk_source AND ec.fk_socpeople = ".((int) $search_user);
}
if ($search_ref_exp) {
$sql .= natural_search('e.ref', $search_ref_exp);
diff --git a/htdocs/expensereport/class/expensereportstats.class.php b/htdocs/expensereport/class/expensereportstats.class.php
index 8f3574f2952..13e7a44bc7f 100644
--- a/htdocs/expensereport/class/expensereportstats.class.php
+++ b/htdocs/expensereport/class/expensereportstats.class.php
@@ -71,7 +71,7 @@ class ExpenseReportStats extends Stats
//$this->where.= " AND entity = ".$conf->entity;
if ($this->socid) {
- $this->where .= " AND e.fk_soc = ".$this->socid;
+ $this->where .= " AND e.fk_soc = ".((int) $this->socid);
}
// Only me and subordinates
diff --git a/htdocs/expensereport/class/paymentexpensereport.class.php b/htdocs/expensereport/class/paymentexpensereport.class.php
index 6e3e8d34137..48adeab929d 100644
--- a/htdocs/expensereport/class/paymentexpensereport.class.php
+++ b/htdocs/expensereport/class/paymentexpensereport.class.php
@@ -359,7 +359,7 @@ class PaymentExpenseReport extends CommonObject
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_url";
- $sql .= " WHERE type='payment_expensereport' AND url_id=".$this->id;
+ $sql .= " WHERE type='payment_expensereport' AND url_id=".((int) $this->id);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
diff --git a/htdocs/exports/class/export.class.php b/htdocs/exports/class/export.class.php
index b8960572255..483935c7fdf 100644
--- a/htdocs/exports/class/export.class.php
+++ b/htdocs/exports/class/export.class.php
@@ -297,20 +297,23 @@ class Export
* @param string $TypeField Type of Field to filter
* @param string $NameField Name of the field to filter
* @param string $ValueField Value of the field for filter. Must not be ''
- * @return string sql string of then field ex : "field='xxx'>"
+ * @return string SQL string of then field ex : "field='xxx'"
*/
public function build_filterQuery($TypeField, $NameField, $ValueField)
{
// phpcs:enable
+ $NameField = checkVal($NameField, 'aZ09');
+ $szFilterQuery = '';
+
//print $TypeField." ".$NameField." ".$ValueField;
$InfoFieldList = explode(":", $TypeField);
// build the input field on depend of the type of file
switch ($InfoFieldList[0]) {
case 'Text':
if (!(strpos($ValueField, '%') === false)) {
- $szFilterQuery .= " ".$NameField." LIKE '".$ValueField."'";
+ $szFilterQuery = " ".$NameField." LIKE '".$this->db->escape($ValueField)."'";
} else {
- $szFilterQuery .= " ".$NameField." = '".$ValueField."'";
+ $szFilterQuery = " ".$NameField." = '".$this->db->escape($ValueField)."'";
}
break;
case 'Date':
@@ -330,17 +333,17 @@ class Export
case 'Duree':
break;
case 'Numeric':
- // si le signe -
+ // if there is a signe +
if (strpos($ValueField, "+") > 0) {
// mode plage
$ValueArray = explode("+", $ValueField);
- $szFilterQuery = "(".$NameField.">=".$ValueArray[0];
- $szFilterQuery .= " AND ".$NameField."<=".$ValueArray[1].")";
+ $szFilterQuery = "(".$NameField." >= ".((float) $ValueArray[0]);
+ $szFilterQuery .= " AND ".$NameField." <= ".((float) $ValueArray[1]).")";
} else {
if (is_numeric(substr($ValueField, 0, 1))) {
- $szFilterQuery = " ".$NameField."=".$ValueField;
+ $szFilterQuery = " ".$NameField." = ".((float) $ValueField);
} else {
- $szFilterQuery = " ".$NameField.substr($ValueField, 0, 1).substr($ValueField, 1);
+ $szFilterQuery = " ".$NameField.substr($ValueField, 0, 1).((float) substr($ValueField, 1));
}
}
break;
@@ -350,12 +353,12 @@ class Export
case 'Status':
case 'List':
if (is_numeric($ValueField)) {
- $szFilterQuery = " ".$NameField."=".$ValueField;
+ $szFilterQuery = " ".$NameField." = ".((float) $ValueField);
} else {
if (!(strpos($ValueField, '%') === false)) {
- $szFilterQuery = " ".$NameField." LIKE '".$ValueField."'";
+ $szFilterQuery = " ".$NameField." LIKE '".$this->db->escape($ValueField)."'";
} else {
- $szFilterQuery = " ".$NameField." = '".$ValueField."'";
+ $szFilterQuery = " ".$NameField." = '".$this->db->escape($ValueField)."'";
}
}
break;
diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php
index 44ff46b233c..260bff00016 100644
--- a/htdocs/fichinter/card-rec.php
+++ b/htdocs/fichinter/card-rec.php
@@ -774,7 +774,7 @@ if ($action == 'create') {
$sql .= " AND s.rowid = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_ref) {
$sql .= natural_search('f.titre', $search_ref);
diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php
index 0bb5d2522ab..371853dc70c 100644
--- a/htdocs/fichinter/class/fichinter.class.php
+++ b/htdocs/fichinter/class/fichinter.class.php
@@ -206,7 +206,7 @@ class Fichinter extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON fi.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
- $sql .= " WHERE sc.fk_user = ".$user->id;
+ $sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." fi.entity IN (".getEntity('intervention').")";
@@ -383,8 +383,8 @@ class Fichinter extends CommonObject
$sql .= ", fk_projet = ".((int) $this->fk_project);
$sql .= ", note_private = ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : "null");
$sql .= ", note_public = ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : "null");
- $sql .= ", fk_user_modif = ".$user->id;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= ", fk_user_modif = ".((int) $user->id);
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
if ($this->db->query($sql)) {
@@ -510,7 +510,7 @@ class Fichinter extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."fichinter";
$sql .= " SET fk_statut = ".self::STATUS_DRAFT;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@@ -570,11 +570,11 @@ class Fichinter extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."fichinter";
$sql .= " SET fk_statut = 1";
- $sql .= ", ref = '".$num."'";
+ $sql .= ", ref = '".$this->db->escape($num)."'";
$sql .= ", date_valid = '".$this->db->idate($now)."'";
- $sql .= ", fk_user_valid = ".$user->id;
- $sql .= " WHERE rowid = ".$this->id;
- $sql .= " AND entity = ".$conf->entity;
+ $sql .= ", fk_user_valid = ".((int) $user->id);
+ $sql .= " WHERE rowid = ".((int) $this->id);
+ $sql .= " AND entity = ".((int) $conf->entity);
$sql .= " AND fk_statut = 0";
dol_syslog(get_class($this)."::setValid", LOG_DEBUG);
@@ -975,7 +975,7 @@ class Fichinter extends CommonObject
if (!$error) {
$main = MAIN_DB_PREFIX.'fichinterdet';
$ef = $main."_extrafields";
- $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_fichinter = ".$this->id.")";
+ $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_fichinter = ".((int) $this->id).")";
$resql = $this->db->query($sql);
if (!$resql) {
@@ -985,7 +985,7 @@ class Fichinter extends CommonObject
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet";
- $sql .= " WHERE fk_fichinter = ".$this->id;
+ $sql .= " WHERE fk_fichinter = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
@@ -1322,7 +1322,7 @@ class Fichinter extends CommonObject
$sql = 'SELECT rowid, fk_fichinter, description, duree, date, rang';
$sql .= ' FROM '.MAIN_DB_PREFIX.'fichinterdet';
- $sql .= ' WHERE fk_fichinter = '.$this->id.' ORDER BY rang ASC, date ASC';
+ $sql .= ' WHERE fk_fichinter = '.((int) $this->id).' ORDER BY rang ASC, date ASC';
dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -1568,7 +1568,7 @@ class FichinterLigne extends CommonObjectLine
$sql .= ",date='".$this->db->idate($this->datei)."'";
$sql .= ",duree=".$this->duration;
$sql .= ",rang='".$this->db->escape($this->rang)."'";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog("FichinterLigne::update", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -1680,7 +1680,7 @@ class FichinterLigne extends CommonObjectLine
return -1;
}
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet WHERE rowid = ".$this->id;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
diff --git a/htdocs/fichinter/index.php b/htdocs/fichinter/index.php
index 2d69046b4ba..8513238b385 100644
--- a/htdocs/fichinter/index.php
+++ b/htdocs/fichinter/index.php
@@ -83,7 +83,7 @@ if ($user->socid) {
$sql .= ' AND f.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY f.fk_statut";
$resql = $db->query($sql);
@@ -199,10 +199,10 @@ if (!empty($conf->ficheinter->enabled)) {
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.fk_statut = 0";
if ($socid) {
- $sql .= " AND f.fk_soc = ".$socid;
+ $sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $db->query($sql);
@@ -249,10 +249,10 @@ $sql .= " WHERE f.entity IN (".getEntity('intervention').")";
$sql .= " AND f.fk_soc = s.rowid";
//$sql.= " AND c.fk_statut > 2";
if ($socid) {
- $sql .= " AND f.fk_soc = ".$socid;
+ $sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY f.tms DESC";
$sql .= $db->plimit($max, 0);
@@ -322,10 +322,10 @@ if (!empty($conf->ficheinter->enabled)) {
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.fk_statut = 1";
if ($socid) {
- $sql .= " AND f.fk_soc = ".$socid;
+ $sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY f.rowid DESC";
diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php
index 3f86fc18795..508eb984307 100644
--- a/htdocs/fichinter/list.php
+++ b/htdocs/fichinter/list.php
@@ -286,7 +286,7 @@ if ($search_status != '' && $search_status >= 0) {
$sql .= ' AND f.fk_statut = '.urlencode($search_status);
}
if (!$user->rights->societe->client->voir && empty($socid)) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
diff --git a/htdocs/fourn/class/fournisseur.class.php b/htdocs/fourn/class/fournisseur.class.php
index 1ab1095a191..121e699757c 100644
--- a/htdocs/fourn/class/fournisseur.class.php
+++ b/htdocs/fourn/class/fournisseur.class.php
@@ -86,7 +86,7 @@ class Fournisseur extends Societe
$sql = "SELECT count(pfp.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
$sql .= " WHERE pfp.entity = ".$conf->entity;
- $sql .= " AND pfp.fk_soc = ".$this->id;
+ $sql .= " AND pfp.fk_soc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@@ -115,7 +115,7 @@ class Fournisseur extends Societe
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
- $sql .= " WHERE sc.fk_user = ".$user->id;
+ $sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." s.fournisseur = 1";
@@ -184,7 +184,7 @@ class Fournisseur extends Societe
$sql .= " WHERE s.fournisseur = 1";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $this->db->query($sql);
diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php
index ff84e67122c..3d71fd46b11 100644
--- a/htdocs/fourn/class/fournisseur.commande.class.php
+++ b/htdocs/fourn/class/fournisseur.commande.class.php
@@ -471,7 +471,7 @@ class CommandeFournisseur extends CommonOrder
$sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as l";
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid';
if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) {
- $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON l.fk_product = pfp.fk_product and l.ref = pfp.ref_fourn AND pfp.fk_soc = ".$this->socid;
+ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON l.fk_product = pfp.fk_product and l.ref = pfp.ref_fourn AND pfp.fk_soc = ".((int) $this->socid);
}
$sql .= " WHERE l.fk_commande = ".$this->id;
if ($only_product) {
@@ -601,8 +601,8 @@ class CommandeFournisseur extends CommonOrder
$sql .= " SET ref='".$this->db->escape($num)."',";
$sql .= " fk_statut = ".self::STATUS_VALIDATED.",";
$sql .= " date_valid='".$this->db->idate(dol_now())."',";
- $sql .= " fk_user_valid = ".$user->id;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " fk_user_valid = ".((int) $user->id);
+ $sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND fk_statut = ".self::STATUS_DRAFT;
$resql = $this->db->query($sql);
@@ -1011,7 +1011,7 @@ class CommandeFournisseur extends CommonOrder
} else // request a second level approval
{
$sql .= " date_approve2='".$this->db->idate($now)."',";
- $sql .= " fk_user_approve2 = ".$user->id;
+ $sql .= " fk_user_approve2 = ".((int) $user->id);
if (empty($this->user_approve_id)) {
$movetoapprovestatus = false; // first level approval not done
}
@@ -1023,7 +1023,7 @@ class CommandeFournisseur extends CommonOrder
} else {
$sql .= ", fk_statut = ".self::STATUS_VALIDATED;
}
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND fk_statut = ".self::STATUS_VALIDATED;
if ($this->db->query($sql)) {
@@ -1121,7 +1121,7 @@ class CommandeFournisseur extends CommonOrder
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur SET fk_statut = ".self::STATUS_REFUSED;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
if ($this->db->query($sql)) {
$result = 0;
@@ -1173,7 +1173,7 @@ class CommandeFournisseur extends CommonOrder
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur SET fk_statut = ".((int) $statut);
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::cancel", LOG_DEBUG);
if ($this->db->query($sql)) {
$result = 0;
@@ -2099,7 +2099,7 @@ class CommandeFournisseur extends CommonOrder
$main = MAIN_DB_PREFIX.'commande_fournisseurdet';
$ef = $main."_extrafields";
- $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_commande = ".$this->id.")";
+ $sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_commande = ".((int) $this->id).")";
dol_syslog(get_class($this)."::delete extrafields lines", LOG_DEBUG);
if (!$this->db->query($sql)) {
$this->error = $this->db->lasterror();
@@ -2107,7 +2107,7 @@ class CommandeFournisseur extends CommonOrder
$error++;
}
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseurdet WHERE fk_commande =".$this->id;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseurdet WHERE fk_commande =".((int) $this->id);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
if (!$this->db->query($sql)) {
$this->error = $this->db->lasterror();
@@ -2115,7 +2115,7 @@ class CommandeFournisseur extends CommonOrder
$error++;
}
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseur WHERE rowid =".$this->id;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."commande_fournisseur WHERE rowid =".((int) $this->id);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
if ($resql = $this->db->query($sql)) {
if ($this->db->affected_rows($resql) < 1) {
@@ -2239,7 +2239,7 @@ class CommandeFournisseur extends CommonOrder
$sql .= " WHERE cfd.fk_commande = ".$this->id;
$sql .= " AND cfd.fk_product = p.rowid";
if ($status >= 0) {
- $sql .= " AND cfd.status = ".$status;
+ $sql .= " AND cfd.status = ".((int) $status);
}
$sql .= " ORDER BY cfd.rowid ASC";
@@ -2335,7 +2335,7 @@ class CommandeFournisseur extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur";
$sql .= " SET fk_statut = ".((int) $statut);
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND fk_statut IN (".self::STATUS_ORDERSENT.",".self::STATUS_RECEIVED_PARTIALLY.")"; // Process running or Partially received
dol_syslog(get_class($this)."::Livraison", LOG_DEBUG);
@@ -2409,7 +2409,7 @@ class CommandeFournisseur extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur";
$sql .= " SET date_livraison = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null');
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -2468,7 +2468,7 @@ class CommandeFournisseur extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur";
$sql .= " SET fk_projet = ".($id_projet > 0 ? (int) $id_projet : 'null');
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -2961,10 +2961,10 @@ class CommandeFournisseur extends CommonOrder
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
- $sql .= " WHERE sc.fk_user = ".$user->id;
+ $sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
- $sql .= " ".$clause." co.entity = ".$conf->entity;
+ $sql .= " ".$clause." co.entity IN (".getEntity('supplier_order').")";
$resql = $this->db->query($sql);
if ($resql) {
@@ -2999,7 +2999,7 @@ class CommandeFournisseur extends CommonOrder
$sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as c";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc";
- $sql .= " WHERE sc.fk_user = ".$user->id;
+ $sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." c.entity = ".$conf->entity;
@@ -3009,7 +3009,7 @@ class CommandeFournisseur extends CommonOrder
$sql .= " AND c.fk_statut IN (".self::STATUS_VALIDATED.", ".self::STATUS_ACCEPTED.")";
}
if ($user->socid) {
- $sql .= " AND c.fk_soc = ".$user->socid;
+ $sql .= " AND c.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@@ -3790,7 +3790,7 @@ class CommandeFournisseurLigne extends CommonOrderLine
$sql .= ", multicurrency_total_tva=".price2num($this->multicurrency_total_tva)."";
$sql .= ", multicurrency_total_ttc=".price2num($this->multicurrency_total_ttc)."";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::updateline", LOG_DEBUG);
$result = $this->db->query($sql);
diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php
index 049bcf89c8b..abb5b01fb2c 100644
--- a/htdocs/fourn/class/fournisseur.facture.class.php
+++ b/htdocs/fourn/class/fournisseur.facture.class.php
@@ -2314,7 +2314,7 @@ class FactureFournisseur extends CommonInvoice
$sql .= " AND pf.fk_paiementfourn IS NULL"; // Aucun paiement deja fait
$sql .= " AND ff.fk_statut IS NULL"; // Renvoi vrai si pas facture de remplacement
if ($socid > 0) {
- $sql .= " AND f.fk_soc = ".$socid;
+ $sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " ORDER BY f.ref";
@@ -2362,7 +2362,7 @@ class FactureFournisseur extends CommonInvoice
$sql .= " AND ff.type=".self::TYPE_REPLACEMENT.")";
$sql .= " AND f.type != ".self::TYPE_CREDIT_NOTE; // Type non 2 si facture non avoir
if ($socid > 0) {
- $sql .= " AND f.fk_soc = ".$socid;
+ $sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " ORDER BY f.ref";
@@ -2414,7 +2414,7 @@ class FactureFournisseur extends CommonInvoice
$sql .= ' AND ff.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$user->socid) {
- $sql .= " AND ff.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND ff.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $this->db->query($sql);
@@ -2761,7 +2761,7 @@ class FactureFournisseur extends CommonInvoice
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
- $sql .= " WHERE sc.fk_user = ".$user->id;
+ $sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." f.entity = ".$conf->entity;
diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php
index 1ea5db20b59..866063382bb 100644
--- a/htdocs/fourn/commande/index.php
+++ b/htdocs/fourn/commande/index.php
@@ -76,7 +76,7 @@ if ($user->socid) {
$sql .= ' AND cf.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY cf.fk_statut";
@@ -186,7 +186,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $db->query($sql);
@@ -287,13 +287,13 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
-$sql .= " AND c.entity = ".$conf->entity;
+$sql .= " AND c.entity IN (".getEntity('supplier_order').")";
//$sql.= " AND c.fk_statut > 2";
if (!empty($socid)) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.tms DESC";
$sql .= $db->plimit($max, 0);
@@ -350,17 +350,17 @@ if ($resql) {
/*
* Orders to process
-*/
+ */
/*
$sql = "SELECT c.rowid, c.ref, c.fk_statut, s.nom as name, s.rowid as socid";
$sql.=" FROM ".MAIN_DB_PREFIX."commande_fournisseur as c";
$sql.= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE c.fk_soc = s.rowid";
-$sql.= " AND c.entity = ".$conf->entity;
+$sql.= " AND c.entity IN (".getEntity("supplier_order").")";
$sql.= " AND c.fk_statut = 1";
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
-if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
$sql.= " ORDER BY c.rowid DESC";
$resql=$db->query($sql);
diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php
index d1946cc9b4c..5d16f779090 100644
--- a/htdocs/fourn/commande/list.php
+++ b/htdocs/fourn/commande/list.php
@@ -654,7 +654,7 @@ if ($socid > 0) {
$sql .= " AND s.rowid = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_ref) {
$sql .= natural_search('cf.ref', $search_ref);
@@ -708,7 +708,7 @@ if ($search_sale > 0) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale);
}
if ($search_user > 0) {
- $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='supplier_order' AND tc.source='internal' AND ec.element_id = cf.rowid AND ec.fk_socpeople = ".$db->escape($search_user);
+ $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='supplier_order' AND tc.source='internal' AND ec.element_id = cf.rowid AND ec.fk_socpeople = ".((int) $search_user);
}
if ($search_total_ht != '') {
$sql .= natural_search('cf.total_ht', $search_total_ht, 1);
diff --git a/htdocs/fourn/contact.php b/htdocs/fourn/contact.php
index 3196ffed7ac..9fd4dd30b26 100644
--- a/htdocs/fourn/contact.php
+++ b/htdocs/fourn/contact.php
@@ -76,7 +76,7 @@ $sql .= " AND s.fournisseur = 1";
$sql .= " AND s.rowid = p.fk_soc";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (dol_strlen($stcomm)) {
diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php
index 5e4cc3fc05e..d92cdd8ce05 100644
--- a/htdocs/fourn/facture/list.php
+++ b/htdocs/fourn/facture/list.php
@@ -475,7 +475,7 @@ $sql .= $hookmanager->resPrint;
$sql .= ' WHERE f.fk_soc = s.rowid';
$sql .= ' AND f.entity IN ('.getEntity('facture_fourn').')';
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".((int) $search_product_category);
@@ -594,7 +594,7 @@ if ($search_label) {
$sql .= natural_search('f.libelle', $search_label);
}
if ($search_categ_sup > 0) {
- $sql .= " AND cs.fk_categorie = ".$db->escape($search_categ_sup);
+ $sql .= " AND cs.fk_categorie = ".((int) $search_categ_sup);
}
if ($search_categ_sup == -2) {
$sql .= " AND cs.fk_categorie IS NULL";
@@ -606,14 +606,14 @@ if ($filter && $filter != -1) {
$aFilter = explode(',', $filter);
foreach ($aFilter as $fil) {
$filt = explode(':', $fil);
- $sql .= ' AND '.$db->escape(trim($filt[0])).' = '.$db->escape(trim($filt[1]));
+ $sql .= ' AND '.$db->escape(trim($filt[0]))." = '".$db->escape(trim($filt[1]))."'";
}
}
if ($search_sale > 0) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale);
}
if ($search_user > 0) {
- $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='invoice_supplier' AND tc.source='internal' AND ec.element_id = f.rowid AND ec.fk_socpeople = ".$search_user;
+ $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='invoice_supplier' AND tc.source='internal' AND ec.element_id = f.rowid AND ec.fk_socpeople = ".((int) $search_user);
}
// Add where from extra fields
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php';
diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php
index c7a2149c441..f0967453701 100644
--- a/htdocs/fourn/facture/paiement.php
+++ b/htdocs/fourn/facture/paiement.php
@@ -371,7 +371,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
$sql .= ' WHERE f.fk_soc = s.rowid';
$sql .= ' AND f.rowid = '.((int) $facid);
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $db->query($sql);
if ($resql) {
diff --git a/htdocs/fourn/index.php b/htdocs/fourn/index.php
index 8d124f46350..2b3017708dc 100644
--- a/htdocs/fourn/index.php
+++ b/htdocs/fourn/index.php
@@ -65,7 +65,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
}
$sql .= " WHERE cf.fk_soc = s.rowid ";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND sc.fk_user = ".$user->id;
+ $sql .= " AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND cf.entity = ".$conf->entity;
$sql .= " GROUP BY cf.fk_statut";
@@ -111,12 +111,12 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
}
$sql .= " WHERE cf.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND sc.fk_user = ".$user->id;
+ $sql .= " AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND cf.entity = ".$conf->entity;
$sql .= " AND cf.fk_statut = 0";
if ($socid) {
- $sql .= " AND cf.fk_soc = ".$socid;
+ $sql .= " AND cf.fk_soc = ".((int) $socid);
}
$resql = $db->query($sql);
@@ -167,7 +167,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S
}
$sql .= " WHERE s.rowid = ff.fk_soc";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND sc.fk_user = ".$user->id;
+ $sql .= " AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND ff.entity = ".$conf->entity;
$sql .= " AND ff.fk_statut = 0";
@@ -240,7 +240,7 @@ $sql .= " WHERE s.fk_stcomm = st.id";
$sql .= " AND s.fournisseur = 1";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
diff --git a/htdocs/hrm/index.php b/htdocs/hrm/index.php
index 8a294a47e2c..68bcd78636b 100644
--- a/htdocs/hrm/index.php
+++ b/htdocs/hrm/index.php
@@ -189,7 +189,7 @@ if (!empty($conf->holiday->enabled) && $user->rights->holiday->read) {
if (empty($user->rights->holiday->readall)) {
$sql .= ' AND x.fk_user IN ('.$db->sanitize(join(',', $childids)).')';
}
- //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+ //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
//if (!empty($socid)) $sql.= " AND x.fk_soc = ".((int) $socid);
$sql .= $db->order("x.tms", "DESC");
$sql .= $db->plimit($max, 0);
@@ -270,7 +270,7 @@ if (!empty($conf->expensereport->enabled) && $user->rights->expensereport->lire)
if (empty($user->rights->expensereport->readall) && empty($user->rights->expensereport->lire_tous)) {
$sql .= ' AND x.fk_user_author IN ('.$db->sanitize(join(',', $childids)).')';
}
- //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+ //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
//if (!empty($socid)) $sql.= " AND x.fk_soc = ".((int) $socid);
$sql .= $db->order("x.tms", "DESC");
$sql .= $db->plimit($max, 0);
@@ -344,7 +344,7 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme
}
$sql .= " WHERE rc.entity IN (".getEntity($staticrecruitmentcandidature->element).")";
if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND rp.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND rp.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND rp.fk_soc = $socid";
diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php
index ed4fb8dab13..5cfe9f66846 100644
--- a/htdocs/install/repair.php
+++ b/htdocs/install/repair.php
@@ -366,20 +366,20 @@ if ($ok && GETPOST('standard', 'alpha')) {
$sql2 = "SELECT COUNT(*) as nb";
$sql2 .= " FROM ".MAIN_DB_PREFIX."const as c";
$sql2 .= " WHERE name = 'MAIN_MODULE_".$name."'";
- $sql2 .= " AND entity = ".$obj->entity;
+ $sql2 .= " AND entity = ".((int) $obj->entity);
$resql2 = $db->query($sql2);
if ($resql2) {
$obj2 = $db->fetch_object($resql2);
if ($obj2 && $obj2->nb == 0) {
// Module not found, so we can remove entry
- $sqldelete = "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = '".$db->escape($obj->name)."' AND entity = ".$obj->entity;
+ $sqldelete = "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = '".$db->escape($obj->name)."' AND entity = ".((int) $obj->entity);
if (GETPOST('standard', 'alpha') == 'confirmed') {
$db->query($sqldelete);
- print '
Widget '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module '.$name.' not enabled in entity '.$obj->entity.', we delete record
';
+ print '
Widget '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module '.$name.' not enabled in entity '.((int) $obj->entity).', we delete record
';
} else {
- print '
Widget '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module '.$name.' not enabled in entity '.$obj->entity.', we should delete record (not done, mode test)
';
+ print '
Widget '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module '.$name.' not enabled in entity '.((int) $obj->entity).', we should delete record (not done, mode test)
';
}
} else {
//print '
Constant '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module found in entity '.$obj->entity.', we keep record
';
@@ -424,23 +424,23 @@ if ($ok && GETPOST('standard', 'alpha')) {
$sql2 = "SELECT COUNT(*) as nb";
$sql2 .= " FROM ".MAIN_DB_PREFIX."const as c";
$sql2 .= " WHERE name = 'MAIN_MODULE_".strtoupper($module)."'";
- $sql2 .= " AND entity = ".$obj->entity;
+ $sql2 .= " AND entity = ".((int) $obj->entity);
$sql2 .= " AND value <> 0";
$resql2 = $db->query($sql2);
if ($resql2) {
$obj2 = $db->fetch_object($resql2);
if ($obj2 && $obj2->nb == 0) {
// Module not found, so we canremove entry
- $sqldeletea = "DELETE FROM ".MAIN_DB_PREFIX."boxes WHERE entity = ".$obj->entity." AND box_id IN (SELECT rowid FROM ".MAIN_DB_PREFIX."boxes_def WHERE file = '".$db->escape($obj->file)."' AND entity = ".$obj->entity.")";
- $sqldeleteb = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def WHERE file = '".$db->escape($obj->file)."' AND entity = ".$obj->entity;
+ $sqldeletea = "DELETE FROM ".MAIN_DB_PREFIX."boxes WHERE entity = ".((int) $obj->entity)." AND box_id IN (SELECT rowid FROM ".MAIN_DB_PREFIX."boxes_def WHERE file = '".$db->escape($obj->file)."' AND entity = ".((int) $obj->entity).")";
+ $sqldeleteb = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def WHERE file = '".$db->escape($obj->file)."' AND entity = ".((int) $obj->entity);
if (GETPOST('standard', 'alpha') == 'confirmed') {
$db->query($sqldeletea);
$db->query($sqldeleteb);
- print '
Constant '.$obj->file.' set in boxes_def for entity '.$obj->entity.' but MAIN_MODULE_'.strtoupper($module).' not defined in entity '.$obj->entity.', we delete record
';
+ print '
Constant '.$obj->file.' set in boxes_def for entity '.$obj->entity.' but MAIN_MODULE_'.strtoupper($module).' not defined in entity '.((int) $obj->entity).', we delete record
';
} else {
- print '
Constant '.$obj->file.' set in boxes_def for entity '.$obj->entity.' but MAIN_MODULE_'.strtoupper($module).' not defined in entity '.$obj->entity.', we should delete record (not done, mode test)
';
+ print '
Constant '.$obj->file.' set in boxes_def for entity '.$obj->entity.' but MAIN_MODULE_'.strtoupper($module).' not defined in entity '.((int) $obj->entity).', we should delete record (not done, mode test)
';
}
} else {
//print '
Constant '.$obj->name.' set in entity '.$obj->entity.' with value '.$obj->value.' -> Module found in entity '.$obj->entity.', we keep record
';
diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php
index 62822bec9ee..de34a38e82c 100644
--- a/htdocs/install/upgrade2.php
+++ b/htdocs/install/upgrade2.php
@@ -790,7 +790,7 @@ function migrate_paiements_orphelins_1($db, $langs, $conf)
// On cherche facture sans lien paiement et du meme montant et pour meme societe.
$sql = " SELECT distinct f.rowid from ".MAIN_DB_PREFIX."facture as f";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON f.rowid = pf.fk_facture";
- $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".$row[$i]['socid']." AND total_ttc = ".$row[$i]['pamount'];
+ $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".((int) $row[$i]['socid'])." AND total_ttc = ".((float) $row[$i]['pamount']);
$sql .= " AND pf.fk_facture IS NULL";
$sql .= " ORDER BY f.fk_statut";
//print $sql.' ';
@@ -803,7 +803,7 @@ function migrate_paiements_orphelins_1($db, $langs, $conf)
$facid = $obj->rowid;
$sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement_facture (fk_facture, fk_paiement, amount)";
- $sql .= " VALUES (".$facid.",".$row[$i]['paymentid'].",".$row[$i]['pamount'].")";
+ $sql .= " VALUES (".((int) $facid).",".((int) $row[$i]['paymentid']).",".$row[$i]['pamount'].")";
$res += $db->query($sql);
@@ -895,13 +895,13 @@ function migrate_paiements_orphelins_2($db, $langs, $conf)
$res = 0;
for ($i = 0; $i < $num; $i++) {
if ($conf->global->MAIN_FEATURES_LEVEL == 2) {
- print '* '.$row[$i]['datec'].' paymentid='.$row[$i]['paymentid'].' '.$row[$i]['pamount'].' fk_bank='.$row[$i]['fk_bank'].' '.$row[$i]['bamount'].' socid='.$row[$i]['socid'].' ';
+ print '* '.$row[$i]['datec'].' paymentid='.$row[$i]['paymentid'].' pamount='.$row[$i]['pamount'].' fk_bank='.$row[$i]['fk_bank'].' '.$row[$i]['bamount'].' socid='.$row[$i]['socid'].' ';
}
// On cherche facture sans lien paiement et du meme montant et pour meme societe.
$sql = " SELECT distinct f.rowid from ".MAIN_DB_PREFIX."facture as f";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON f.rowid = pf.fk_facture";
- $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".$row[$i]['socid']." AND total_ttc = ".$row[$i]['pamount'];
+ $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".((int) $row[$i]['socid'])." AND total_ttc = ".((float) $row[$i]['pamount']);
$sql .= " AND pf.fk_facture IS NULL";
$sql .= " ORDER BY f.fk_statut";
//print $sql.' ';
@@ -914,7 +914,8 @@ function migrate_paiements_orphelins_2($db, $langs, $conf)
$facid = $obj->rowid;
$sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement_facture (fk_facture, fk_paiement, amount)";
- $sql .= " VALUES (".$facid.",".$row[$i]['paymentid'].",".$row[$i]['pamount'].")";
+ $sql .= " VALUES (".((int) $facid).",".((int) $row[$i]['paymentid']).",".$row[$i]['pamount'].")";
+
$res += $db->query($sql);
print $langs->trans('MigrationProcessPaymentUpdate', 'facid='.$facid.'-paymentid='.$row[$i]['paymentid'].'-amount='.$row[$i]['pamount'])." \n";
diff --git a/htdocs/knowledgemanagement/knowledgemanagementindex.php b/htdocs/knowledgemanagement/knowledgemanagementindex.php
index adb7052316f..d9b1f07e6e0 100644
--- a/htdocs/knowledgemanagement/knowledgemanagementindex.php
+++ b/htdocs/knowledgemanagement/knowledgemanagementindex.php
@@ -84,7 +84,7 @@ if (! empty($conf->knowledgemanagement->enabled) && $user->rights->knowledgemana
$sql.= " WHERE c.fk_soc = s.rowid";
$sql.= " AND c.fk_statut = 0";
$sql.= " AND c.entity IN (".getEntity('commande').")";
- if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+ if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
$resql = $db->query($sql);
@@ -158,7 +158,7 @@ if (! empty($conf->knowledgemanagement->enabled) && $user->rights->knowledgemana
$sql.= " FROM ".MAIN_DB_PREFIX."knowledgemanagement_myobject as s";
//if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE s.entity IN (".getEntity($myobjectstatic->element).")";
- //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+ //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
//if ($socid) $sql.= " AND s.rowid = $socid";
$sql .= " ORDER BY s.tms DESC";
$sql .= $db->plimit($max, 0);
diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php
index b5c0ffc0add..91f384703a9 100644
--- a/htdocs/loan/class/loan.class.php
+++ b/htdocs/loan/class/loan.class.php
@@ -307,7 +307,7 @@ class Loan extends CommonObject
// Delete payments
if (!$error) {
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_loan where fk_loan=".$this->id;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_loan where fk_loan=".((int) $this->id);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
diff --git a/htdocs/loan/class/paymentloan.class.php b/htdocs/loan/class/paymentloan.class.php
index fd4dbf42081..841ffa7b373 100644
--- a/htdocs/loan/class/paymentloan.class.php
+++ b/htdocs/loan/class/paymentloan.class.php
@@ -332,7 +332,6 @@ class PaymentLoan extends CommonObject
// Update request
$sql = "UPDATE ".MAIN_DB_PREFIX."payment_loan SET";
-
$sql .= " fk_loan=".(isset($this->fk_loan) ? $this->fk_loan : "null").",";
$sql .= " datec=".(dol_strlen($this->datec) != 0 ? "'".$this->db->idate($this->datec)."'" : 'null').",";
$sql .= " tms=".(dol_strlen($this->tms) != 0 ? "'".$this->db->idate($this->tms)."'" : 'null').",";
@@ -347,7 +346,6 @@ class PaymentLoan extends CommonObject
$sql .= " fk_bank=".(isset($this->fk_bank) ? $this->fk_bank : "null").",";
$sql .= " fk_user_creat=".(isset($this->fk_user_creat) ? $this->fk_user_creat : "null").",";
$sql .= " fk_user_modif=".(isset($this->fk_user_modif) ? $this->fk_user_modif : "null")."";
-
$sql .= " WHERE rowid=".((int) $this->id);
$this->db->begin();
@@ -389,7 +387,7 @@ class PaymentLoan extends CommonObject
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_url";
- $sql .= " WHERE type='payment_loan' AND url_id=".$this->id;
+ $sql .= " WHERE type='payment_loan' AND url_id=".((int) $this->id);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
diff --git a/htdocs/margin/customerMargins.php b/htdocs/margin/customerMargins.php
index 7fed219ffcd..6861f67db0d 100644
--- a/htdocs/margin/customerMargins.php
+++ b/htdocs/margin/customerMargins.php
@@ -237,7 +237,7 @@ if ($socid > 0) {
$sql .= ' AND s.rowid = '.((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND f.fk_statut NOT IN (".$db->sanitize(implode(', ', $invoice_status_except_list)).")";
$sql .= ' AND s.entity IN ('.getEntity('societe').')';
diff --git a/htdocs/margin/tabs/productMargins.php b/htdocs/margin/tabs/productMargins.php
index d2c9a1bca76..3b14f1db808 100644
--- a/htdocs/margin/tabs/productMargins.php
+++ b/htdocs/margin/tabs/productMargins.php
@@ -158,7 +158,7 @@ if ($id > 0 || !empty($ref)) {
$sql .= " AND d.fk_facture = f.rowid";
$sql .= " AND d.fk_product = ".((int) $object->id);
if (!$user->rights->societe->client->voir && !$socid) {
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (!empty($socid)) {
$sql .= " AND f.fk_soc = $socid";
diff --git a/htdocs/modulebuilder/template/mymoduleindex.php b/htdocs/modulebuilder/template/mymoduleindex.php
index 990a6d91bfa..c0c98d88e8f 100644
--- a/htdocs/modulebuilder/template/mymoduleindex.php
+++ b/htdocs/modulebuilder/template/mymoduleindex.php
@@ -112,7 +112,7 @@ if (! empty($conf->mymodule->enabled) && $user->rights->mymodule->read)
$sql.= " WHERE c.fk_soc = s.rowid";
$sql.= " AND c.fk_statut = 0";
$sql.= " AND c.entity IN (".getEntity('commande').")";
- if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+ if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
$resql = $db->query($sql);
@@ -187,7 +187,7 @@ if (! empty($conf->mymodule->enabled) && $user->rights->mymodule->read)
$sql.= " FROM ".MAIN_DB_PREFIX."mymodule_myobject as s";
//if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE s.entity IN (".getEntity($myobjectstatic->element).")";
- //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+ //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
//if ($socid) $sql.= " AND s.rowid = $socid";
$sql .= " ORDER BY s.tms DESC";
$sql .= $db->plimit($max, 0);
diff --git a/htdocs/multicurrency/multicurrency_rate.php b/htdocs/multicurrency/multicurrency_rate.php
index 3a8c1be819e..35b7544ccbc 100644
--- a/htdocs/multicurrency/multicurrency_rate.php
+++ b/htdocs/multicurrency/multicurrency_rate.php
@@ -264,7 +264,7 @@ if (!in_array($action, array("updateRate", "deleteRate"))) {
print '';
print '