From 706545081cac9ff42cc4dce138d4abfe03b78112 Mon Sep 17 00:00:00 2001
From: WimpyMan <12594973+WimpyMan@users.noreply.github.com>
Date: Mon, 3 May 2021 18:23:31 +0200
Subject: [PATCH 1/2] FIX #17476 releve.php: Fix SQL statement

Single quotes `'` should be uses instead of double quotes `"` for
string values.
---
 htdocs/compta/bank/releve.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php
index 9a534b76320..a58c85469b8 100644
--- a/htdocs/compta/bank/releve.php
+++ b/htdocs/compta/bank/releve.php
@@ -177,7 +177,7 @@ $sqlrequestforbankline = $sql;
 if ($action == 'confirm_editbankreceipt' && !empty($oldbankreceipt) && !empty($newbankreceipt))
 {
 	// TODO Add a test to check newbankreceipt does not exists yet
-	$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.$id;
+	$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank SET num_releve = \''.$db->escape($newbankreceipt).'\' WHERE num_releve = \''.$db->escape($oldbankreceipt).'\' AND fk_account = '.$id;
 	$result = $db->query($sqlupdate);
 	if ($result < 0) dol_print_error($db);
 

From 1d2f8b09d96c398faf7c1c15bab6c53859b21e48 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 3 May 2021 18:55:25 +0200
Subject: [PATCH 2/2] Update releve.php

---
 htdocs/compta/bank/releve.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php
index a58c85469b8..d0812ae4ea9 100644
--- a/htdocs/compta/bank/releve.php
+++ b/htdocs/compta/bank/releve.php
@@ -177,7 +177,7 @@ $sqlrequestforbankline = $sql;
 if ($action == 'confirm_editbankreceipt' && !empty($oldbankreceipt) && !empty($newbankreceipt))
 {
 	// TODO Add a test to check newbankreceipt does not exists yet
-	$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank SET num_releve = \''.$db->escape($newbankreceipt).'\' WHERE num_releve = \''.$db->escape($oldbankreceipt).'\' AND fk_account = '.$id;
+	$sqlupdate = "UPDATE ".MAIN_DB_PREFIX."bank SET num_releve = '".$db->escape($newbankreceipt)."' WHERE num_releve = '".$db->escape($oldbankreceipt)."' AND fk_account = ".((int) $id);
 	$result = $db->query($sqlupdate);
 	if ($result < 0) dol_print_error($db);