lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

prevent SQLi

Browse Source
This commit is contained in:
appchecker 2016-07-07 20:25:15 +03:00 committed by GitHub
parent 9895084627
commit 2c297bbcc8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/compta/bank/ligne.php
View File

@ -83,13 +83,13 @@ if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->ban
if ($user->rights->banque->modifier && $action == 'class')
{
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".$_POST["cat1"];
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".intval($_POST["cat1"]);
if (! $db->query($sql))
{
dol_print_error($db);
}
$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".$_POST["cat1"].")";
$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".intval($_POST["cat1"]).")";
if (! $db->query($sql))
{
dol_print_error($db);