From 05143aed0b264d58725ed5b170c2bf4ce73488e8 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Thu, 21 Dec 2006 20:18:05 +0000
Subject: [PATCH] Fix: Recherche avec '

---
 htdocs/societe.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/htdocs/societe.php b/htdocs/societe.php
index 7962995ede4..8768ed37966 100644
--- a/htdocs/societe.php
+++ b/htdocs/societe.php
@@ -149,7 +149,7 @@ if ($socname)
 }
 
 if (strlen($stcomm)) {
-  $sql .= " AND s.fk_stcomm=$stcomm";
+  $sql .= " AND s.fk_stcomm=".$stcomm;
 }
 
 if (!$user->rights->commercial->client->voir && !$socid) //restriction
@@ -160,15 +160,15 @@ if (!$user->rights->commercial->client->voir && !$socid) //restriction
 if ($search_nom)
 {
 	$sql.= " AND (";
-	$sql.= "s.nom LIKE '%".$search_nom."%'";
-	$sql.= " OR s.code_client LIKE '%".$search_nom."%'";
-	$sql.= " OR s.email like '%".$search_nom."%'";
-	$sql.= " OR s.url like '%".$search_nom."%'";
+	$sql.= "s.nom LIKE '%".addslashes($search_nom)."%'";
+	$sql.= " OR s.code_client LIKE '%".addslashes($search_nom)."%'";
+	$sql.= " OR s.email like '%".addslashes($search_nom)."%'";
+	$sql.= " OR s.url like '%".addslashes($search_nom)."%'";
 	$sql.= ")";
 }
 
 if ($search_ville) {
-  $sql .= " AND s.ville LIKE '%".$search_ville."%'";
+  $sql .= " AND s.ville LIKE '%".addslashes($search_ville)."%'";
 }
 
 if ($_POST["search_siren"]) {