From 94487cf411e094780f299ba4302a2edf34544215 Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Mon, 8 Aug 2016 13:43:44 +0200 Subject: [PATCH 1/9] FIX #5594 --- htdocs/core/class/extrafields.class.php | 39 ++++++++++++++----------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index d63c2536476..cf35dd1ee5c 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -675,7 +675,7 @@ class ExtraFields if ($showsize > 48) $showsize=48; } } - + if (in_array($type,array('date','datetime'))) { $tmp=explode(',',$size); @@ -812,7 +812,7 @@ class ExtraFields if (strpos($InfoFieldList[4], '$SEL$')!==false) { $InfoFieldList[4]=str_replace('$SEL$','SELECT',$InfoFieldList[4]); } - + // current object id can be use into filter if (strpos($InfoFieldList[4], '$ID$')!==false && !empty($objectid)) { $InfoFieldList[4]=str_replace('$ID$',$objectid,$InfoFieldList[4]); @@ -830,14 +830,14 @@ class ExtraFields $sqlwhere.= ' WHERE '.$InfoFieldList[4]; } } - else + else { $sqlwhere.= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. - if (in_array($InfoFieldList[0],array('tablewithentity'))) + if (in_array($InfoFieldList[0],array('tablewithentity'))) { - $sqlwhere.= ' AND entity = '.$conf->entity; + $sqlwhere.= ' AND entity = '.$conf->entity; } $sql.=$sqlwhere; //print $sql; @@ -996,19 +996,19 @@ class ExtraFields $sql = 'SELECT ' . $keyList; $sql .= ' FROM ' . MAIN_DB_PREFIX . $InfoFieldList[0]; if (! empty($InfoFieldList[4])) { - + // can use SELECT request if (strpos($InfoFieldList[4], '$SEL$')!==false) { $InfoFieldList[4]=str_replace('$SEL$','SELECT',$InfoFieldList[4]); } - + // current object id can be use into filter if (strpos($InfoFieldList[4], '$ID$')!==false && !empty($objectid)) { $InfoFieldList[4]=str_replace('$ID$',$objectid,$InfoFieldList[4]); } else { $InfoFieldList[4]=str_replace('$ID$','0',$InfoFieldList[4]); } - + // We have to join on extrafield table if (strpos($InfoFieldList[4], 'extra') !== false) { $sql .= ' as main, ' . MAIN_DB_PREFIX . $InfoFieldList[0] . '_extrafields as extra'; @@ -1020,13 +1020,13 @@ class ExtraFields $sqlwhere .= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. - if (in_array($InfoFieldList[0], array ('tablewithentity'))) + if (in_array($InfoFieldList[0], array ('tablewithentity'))) { $sqlwhere .= ' AND entity = ' . $conf->entity; } // $sql.=preg_replace('/^ AND /','',$sqlwhere); // print $sql; - + $sql .= $sqlwhere; dol_syslog(get_class($this) . '::showInputField type=chkbxlst',LOG_DEBUG); $resql = $this->db->query($sql); @@ -1232,7 +1232,12 @@ class ExtraFields { $sql.= ' as main'; } - $sql.= " WHERE ".$selectkey."='".$this->db->escape($value)."'"; + if ($selectkey=='rowid') { + $sql.= " WHERE ".$selectkey."=".$this->db->escape($value); + } else { + $sql.= " WHERE ".$selectkey."='".$this->db->escape($value)."'"; + } + //$sql.= ' AND entity = '.$conf->entity; dol_syslog(get_class($this).':showOutputField:$type=sellist', LOG_DEBUG); @@ -1391,10 +1396,10 @@ class ExtraFields $showsize=round($size); if ($showsize > 48) $showsize=48; } - + //print $type.'-'.$size; $out=$value; - + return $out; } @@ -1411,7 +1416,7 @@ class ExtraFields $type=$this->attribute_type[$key]; $align=''; - + if ($type == 'date') { $align="center"; @@ -1440,10 +1445,10 @@ class ExtraFields { $align="center"; } - + return $align; } - + /** * Return HTML string to print separator extrafield * @@ -1523,7 +1528,7 @@ class ExtraFields return 0; } } - + /** * return array_options array for object by extrafields value (using for data send by forms) * From 15f187c466f4ab64576fb11cc1c16e57580043dd Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Mon, 8 Aug 2016 13:54:03 +0200 Subject: [PATCH 2/9] better test --- htdocs/core/class/extrafields.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index cf35dd1ee5c..237f1a36b81 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1232,7 +1232,7 @@ class ExtraFields { $sql.= ' as main'; } - if ($selectkey=='rowid') { + if ($selectkey=='rowid' && is_int($value)) { $sql.= " WHERE ".$selectkey."=".$this->db->escape($value); } else { $sql.= " WHERE ".$selectkey."='".$this->db->escape($value)."'"; From 90cb71f34185c60f76fac15767d06dcab12fc542 Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Mon, 8 Aug 2016 13:54:51 +0200 Subject: [PATCH 3/9] revert better fix --- htdocs/core/class/extrafields.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 237f1a36b81..cf35dd1ee5c 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1232,7 +1232,7 @@ class ExtraFields { $sql.= ' as main'; } - if ($selectkey=='rowid' && is_int($value)) { + if ($selectkey=='rowid') { $sql.= " WHERE ".$selectkey."=".$this->db->escape($value); } else { $sql.= " WHERE ".$selectkey."='".$this->db->escape($value)."'"; From 321814fae3e53af149627e6d381e9e94ffab81bf Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Tue, 9 Aug 2016 15:17:19 +0200 Subject: [PATCH 4/9] better fix for #5594 --- htdocs/core/class/extrafields.class.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index cf35dd1ee5c..52c3b2f5cb9 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1232,9 +1232,11 @@ class ExtraFields { $sql.= ' as main'; } - if ($selectkey=='rowid') { + if ($selectkey=='rowid' && empty($value)) { + $sql.= " WHERE ".$selectkey."=0"; + } elseif ($selectkey=='rowid') { $sql.= " WHERE ".$selectkey."=".$this->db->escape($value); - } else { + }else { $sql.= " WHERE ".$selectkey."='".$this->db->escape($value)."'"; } From 3932a32399270553f48e285e35c5fff5f00a2f1c Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Tue, 16 Aug 2016 09:00:52 +0200 Subject: [PATCH 5/9] FIX : #5629 PgSQL Interger string stylish error --- htdocs/core/class/commonobject.class.php | 152 ++++++++++++----------- 1 file changed, 79 insertions(+), 73 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index c3140118745..3279d372a0e 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -448,7 +448,7 @@ abstract class CommonObject global $conf, $langs; $countriesusingstate=array('AU','US','IN','GB','ES','UK','TR'); // See also option MAIN_FORCE_STATE_INTO_ADDRESS - + $contactid=0; $thirdpartyid=0; if ($this->element == 'societe') @@ -465,12 +465,12 @@ abstract class CommonObject $contactid=$this->contact_id; $thirdpartyid=$object->fk_soc; } - + $out=''; - + $outdone=0; $coords = $this->getFullAddress(1,', '); - if ($coords) + if ($coords) { if (! empty($conf->use_javascript_ajax)) { @@ -485,7 +485,7 @@ abstract class CommonObject } if (! in_array($this->country_code,$countriesusingstate) && empty($conf->global->MAIN_FORCE_STATE_INTO_ADDRESS) // If MAIN_FORCE_STATE_INTO_ADDRESS is on, state is already returned previously with getFullAddress - && empty($conf->global->SOCIETE_DISABLE_STATE) && $this->state) + && empty($conf->global->SOCIETE_DISABLE_STATE) && $this->state) { $out.=($outdone?' - ':'').$this->state; $outdone++; @@ -516,15 +516,15 @@ abstract class CommonObject if (! empty($this->office_fax)) { $out.=dol_print_phone($this->fax,$this->country_code,$contactid,$thirdpartyid,'AC_FAX',' ','fax',$langs->trans("Fax")); $outdone++; } - + $out.='
'; $outdone=0; - if (! empty($this->email)) + if (! empty($this->email)) { $out.=dol_print_email($this->email,$this->id,$object->id,'AC_EMAIL',0,0,1); $outdone++; } - if (! empty($this->url)) + if (! empty($this->url)) { $out.=dol_print_url($this->url,'',0,1); $outdone++; @@ -535,12 +535,12 @@ abstract class CommonObject if ($this->skype) $out.=dol_print_skype($this->skype,$this->id,$object->id,'AC_SKYPE'); $outdone++; } - + $out.=''; - + return $out; } - + /** * Add a link between element $this->element and a contact * @@ -595,50 +595,56 @@ abstract class CommonObject } } - $datecreate = dol_now(); - - $this->db->begin(); - // Insertion dans la base - $sql = "INSERT INTO ".MAIN_DB_PREFIX."element_contact"; - $sql.= " (element_id, fk_socpeople, datecreate, statut, fk_c_type_contact) "; - $sql.= " VALUES (".$this->id.", ".$fk_socpeople." , " ; - $sql.= "'".$this->db->idate($datecreate)."'"; - $sql.= ", 4, '". $id_type_contact . "' "; - $sql.= ")"; - dol_syslog(get_class($this)."::add_contact", LOG_DEBUG); - $resql=$this->db->query($sql); - if ($resql) - { - if (! $notrigger) - { - $result=$this->call_trigger(strtoupper($this->element).'_ADD_CONTACT', $user); - if ($result < 0) - { - $this->db->rollback(); + if(! empty($id_type_contact)) { + + $datecreate = dol_now(); + + $this->db->begin(); + + // Insertion dans la base + $sql = "INSERT INTO ".MAIN_DB_PREFIX."element_contact"; + $sql.= " (element_id, fk_socpeople, datecreate, statut, fk_c_type_contact) "; + $sql.= " VALUES (".$this->id.", ".$fk_socpeople." , " ; + $sql.= "'".$this->db->idate($datecreate)."'"; + $sql.= ", 4, ". $id_type_contact . " "; + $sql.= ")"; + dol_syslog(get_class($this)."::add_contact", LOG_DEBUG); + + $resql=$this->db->query($sql); + if ($resql) + { + if (! $notrigger) + { + $result=$this->call_trigger(strtoupper($this->element).'_ADD_CONTACT', $user); + if ($result < 0) + { + $this->db->rollback(); + return -1; + } + } + + $this->db->commit(); + return 1; + } + else + { + if ($this->db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') + { + $this->error=$this->db->errno(); + $this->db->rollback(); + return -2; + } + else + { + $this->error=$this->db->error(); + $this->db->rollback(); return -1; } - } - - $this->db->commit(); - return 1; - } - else - { - if ($this->db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') - { - $this->error=$this->db->errno(); - $this->db->rollback(); - return -2; - } - else - { - $this->error=$this->db->error(); - $this->db->rollback(); - return -1; - } + } } + return 1; } /** @@ -1196,7 +1202,7 @@ abstract class CommonObject if (!empty($id) && !empty($field) && !empty($table)) { $sql = "SELECT ".$field." FROM ".MAIN_DB_PREFIX.$table; $sql.= " WHERE rowid = ".$id; - + dol_syslog(get_class($this).'::getValueFrom', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) @@ -2275,8 +2281,8 @@ abstract class CommonObject * - all parameters empty -> we look all link to current object (current object can be source or target) * - one couple id+type is provided -> this will set $justsource or $justtarget * - one couple id+type is provided and other type is provided -> this will set $justsource or $justtarget + criteria on other type - * - * + * + * * @param int $sourceid Object source id (if not defined, id of object) * @param string $sourcetype Object source type (if not defined, element name of object) * @param int $targetid Object target id (if not defined, id of object) @@ -3223,7 +3229,7 @@ abstract class CommonObject $text.= ' - '.(! empty($line->label)?$line->label:$label); $description.=(! empty($conf->global->PRODUIT_DESC_IN_FORM)?'':dol_htmlentitiesbr($line->description)); // Description is what to show on popup. We shown nothing if already into desc. } - + $line->pu_ttc = price2num($line->subprice * (1 + ($line->tva_tx/100)), 'MU'); // Output template part (modules that overwrite templates must declare this into descriptor) @@ -3662,7 +3668,7 @@ abstract class CommonObject return -1; } } - + // We save charset_output to restore it because write_file can change it if needed for // output format that does not support UTF8. $sav_charset_output=$outputlangs->charset_output; @@ -3726,13 +3732,13 @@ abstract class CommonObject /* For default values */ /** - * Return the default value to use for a field when showing the create form of object. + * Return the default value to use for a field when showing the create form of object. * Return values in this order: * 1) If parameter is available into POST, we return it first. * 2) If not but an alternate value was provided as parameter of function, we return it. - * 3) If not but a constant $conf->global->OBJECTELEMENT_FIELDNAME is set, we return it (It is better to use the dedicated table). + * 3) If not but a constant $conf->global->OBJECTELEMENT_FIELDNAME is set, we return it (It is better to use the dedicated table). * 4) Return value found into database (TODO No yet implemented) - * + * * @param string $fieldname Name of field * @param string $alternatevalue Alternate value to use * @return string Default value @@ -3743,27 +3749,27 @@ abstract class CommonObject // If param is has been posted with use this value first. if (isset($_POST[$fieldname])) return GETPOST($fieldname, 2); - + if (isset($alternatevalue)) return $alternatevalue; - + $newelement=$this->element; if ($newelement == 'facture') $newelement='invoice'; if ($newelement == 'commande') $newelement='order'; - if (empty($newelement)) + if (empty($newelement)) { dol_syslog("Ask a default value using common method getDefaultCreateValueForField on an object with no property ->element defined. Return empty string.", LOG_WARNING); return ''; } - + $keyforfieldname=strtoupper($newelement.'_DEFAULT_'.$fieldname); //var_dump($keyforfieldname); if (isset($conf->global->$keyforfieldname)) return $conf->global->$keyforfieldname; - - // TODO Ad here a scan into table llx_overwrite_default with a filter on $this->element and $fieldname - + + // TODO Ad here a scan into table llx_overwrite_default with a filter on $this->element and $fieldname + } - - + + /* For triggers */ @@ -3963,7 +3969,7 @@ abstract class CommonObject { $res=$object->fetch(0,$value); if ($res > 0) $this->array_options[$key]=$object->id; - else + else { $this->error="Ref '".$value."' for object '".$object->element."' not found"; $this->db->rollback(); @@ -4196,25 +4202,25 @@ abstract class CommonObject return true; } - + /** * define buy price if not defined * set buy price = sell price if ForceBuyingPriceIfNull configured, * else if calculation MARGIN_TYPE = 'pmp' and pmp is calculated, set pmp as buyprice * else set min buy price as buy price - * + * * @param float $unitPrice product unit price * @param float $discountPercent line discount percent * @param int $fk_product product id * * @return float <0 if ko, buyprice if ok */ - public function defineBuyPrice($unitPrice = 0, $discountPercent = 0, $fk_product = 0) + public function defineBuyPrice($unitPrice = 0, $discountPercent = 0, $fk_product = 0) { global $conf; - + $buyPrice = 0; - + if (($unitPrice > 0) && (isset($conf->global->ForceBuyingPriceIfNull) && $conf->global->ForceBuyingPriceIfNull == 1)) { $buyPrice = $unitPrice * (1 - $discountPercent / 100); From c385b86793e2760108eb322625ee56cf224be10b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josep=20Llu=C3=ADs?= Date: Tue, 16 Aug 2016 23:12:02 +0200 Subject: [PATCH 6/9] Bug: delivery date value is not hide with global ORDER_DISABLE_DELIVERY_DATE In title and in filter the delivery date column is well hidden. The error is only in column value, --- htdocs/commande/list.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index cfb8486be6f..401be745957 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -587,10 +587,13 @@ if ($resql) print dol_print_date($db->jdate($objp->date_commande), 'day'); print ''; - // Delivery date - print ''; - print dol_print_date($db->jdate($objp->date_delivery), 'day'); - print ''; + if (empty($conf->global->ORDER_DISABLE_DELIVERY_DATE)) + { + // Delivery date + print ''; + print dol_print_date($db->jdate($objp->date_delivery), 'day'); + print ''; + } // Amount HT print ''.price($objp->total_ht).''; From a1323756a96d78f6ba27cfc21836be69756ad543 Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Wed, 17 Aug 2016 10:23:23 +0200 Subject: [PATCH 7/9] FIX : in PgSQL no quote "word style" is permitted around column name --- htdocs/core/db/pgsql.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index 048ef2d450d..304006402c2 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -1093,7 +1093,7 @@ class DoliDBPgsql extends DoliDB */ function DDLDropField($table,$field_name) { - $sql= "ALTER TABLE ".$table." DROP COLUMN `".$field_name."`"; + $sql= "ALTER TABLE ".$table." DROP COLUMN ".$field_name; dol_syslog($sql,LOG_DEBUG); if (! $this->query($sql)) { From 5c51cb0f29c6aa8e844cd16c575dedc56282dc3b Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Wed, 17 Aug 2016 14:40:05 +0200 Subject: [PATCH 8/9] FIX : PgSQL Module Ressource list crash #5637 --- htdocs/resource/class/resource.class.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/htdocs/resource/class/resource.class.php b/htdocs/resource/class/resource.class.php index c323ad17e69..ea575bc6ce8 100644 --- a/htdocs/resource/class/resource.class.php +++ b/htdocs/resource/class/resource.class.php @@ -393,7 +393,6 @@ class Resource extends CommonObject } } } - $sql.= " GROUP BY t.rowid"; $sql.= $this->db->order($sortfield,$sortorder); $this->num_all = 0; if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) @@ -473,7 +472,6 @@ class Resource extends CommonObject } } } - $sql.= " GROUP BY t.rowid"; $sql.= $this->db->order($sortfield,$sortorder); if ($limit) $sql.= $this->db->plimit($limit+1,$offset); dol_syslog(get_class($this)."::fetch_all", LOG_DEBUG); @@ -559,7 +557,6 @@ class Resource extends CommonObject } } } - $sql.= " GROUP BY t.resource_id"; $sql.= $this->db->order($sortfield,$sortorder); if ($limit) $sql.= $this->db->plimit($limit+1,$offset); dol_syslog(get_class($this)."::fetch_all", LOG_DEBUG); From ddc480b6c90aa10b83c8b6fb5d48eb37ba41bfbc Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Wed, 17 Aug 2016 14:51:25 +0200 Subject: [PATCH 9/9] other fix for PgSQL and style --- htdocs/resource/class/resource.class.php | 37 +++++++++++------------- 1 file changed, 17 insertions(+), 20 deletions(-) diff --git a/htdocs/resource/class/resource.class.php b/htdocs/resource/class/resource.class.php index ea575bc6ce8..0f4809fc1b4 100644 --- a/htdocs/resource/class/resource.class.php +++ b/htdocs/resource/class/resource.class.php @@ -339,7 +339,7 @@ class Resource extends CommonObject if ($this->db->query($sql)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."element_resources"; - $sql.= " WHERE element_type='resource' AND resource_id ='".$this->db->escape($rowid)."'"; + $sql.= " WHERE element_type='resource' AND resource_id =".$this->db->escape($rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); if ($this->db->query($sql)) { @@ -409,10 +409,10 @@ class Resource extends CommonObject $num = $this->db->num_rows($resql); if ($num) { - $i = 0; - while ($i < $num) + $this->lines=array(); + while ($obj = $this->db->fetch_object($resql)) { - $obj = $this->db->fetch_object($resql); + $line = new Resource($this->db); $line->id = $obj->rowid; $line->ref = $obj->ref; @@ -420,8 +420,7 @@ class Resource extends CommonObject $line->fk_code_type_resource = $obj->fk_code_type_resource; $line->type_label = $obj->type_label; - $this->lines[$i] = $line; - $i++; + $this->lines[] = $line; } $this->db->free($resql); } @@ -482,10 +481,9 @@ class Resource extends CommonObject $num = $this->db->num_rows($resql); if ($num) { - $i = 0; - while ($i < $num) + $this->lines=array(); + while ($obj = $this->db->fetch_object($resql)) { - $obj = $this->db->fetch_object($resql); $line = new Resource($this->db); $line->id = $obj->rowid; $line->resource_id = $obj->resource_id; @@ -500,9 +498,8 @@ class Resource extends CommonObject $line->objresource = fetchObjectByElement($obj->resource_id,$obj->resource_type); if($obj->element_id && $obj->element_type) $line->objelement = fetchObjectByElement($obj->element_id,$obj->element_type); - $this->lines[$i] = $line; + $this->lines[] = $line; - $i++; } $this->db->free($resql); } @@ -567,10 +564,9 @@ class Resource extends CommonObject $num = $this->db->num_rows($resql); if ($num) { - $i = 0; - while ($i < $num) + $this->lines=array(); + while ($obj = $this->db->fetch_object($resql)) { - $obj = $this->db->fetch_object($resql); $line = new Resource($this->db); $line->id = $obj->rowid; $line->resource_id = $obj->resource_id; @@ -581,9 +577,7 @@ class Resource extends CommonObject $line->mandatory = $obj->mandatory; $line->fk_user_create = $obj->fk_user_create; - $this->lines[$i] = fetchObjectByElement($obj->resource_id,$obj->resource_type); - - $i++; + $this->lines[] = fetchObjectByElement($obj->resource_id,$obj->resource_type); } $this->db->free($resql); } @@ -754,10 +748,13 @@ class Resource extends CommonObject } - /* + /** * Return an array with resources linked to the element * - * + * @param string $element Element + * @param int $element_id Id + * @param string $resource_type Type + * @return array Aray of resources */ function getElementResources($element,$element_id,$resource_type='') { @@ -765,7 +762,7 @@ class Resource extends CommonObject // Links beetween objects are stored in this table $sql = 'SELECT rowid, resource_id, resource_type, busy, mandatory'; $sql.= ' FROM '.MAIN_DB_PREFIX.'element_resources'; - $sql.= " WHERE element_id='".$element_id."' AND element_type='".$element."'"; + $sql.= " WHERE element_id=".$element_id." AND element_type='".$this->db->escape($element)."'"; if($resource_type) $sql.=" AND resource_type LIKE '%".$resource_type."%'"; $sql .= ' ORDER BY resource_type';