lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add escape to date

Browse Source
This commit is contained in:
jpb 2021-04-19 14:02:46 +02:00
parent a30c15c81d
commit 2c4e6da36a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/multicurrency/multicurrency_rate.php
View File

@ -299,7 +299,7 @@ $sql .= ' FROM '.MAIN_DB_PREFIX.'multicurrency_rate as cr ';
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."multicurrency AS m ON cr.fk_multicurrency = m.rowid";
if ($sall) $sql .= natural_search(array_keys($fieldstosearchall), $sall);
if ($search_date_sync && $search_date_sync_end ) {
$sql .= " AND (cr.date_sync BETWEEN '".$db->idate($search_date_sync)."' AND '".$db->idate($search_date_sync_end)."')";
$sql .= " AND (cr.date_sync BETWEEN '".$db->escape($db->idate($search_date_sync))."' AND '".$db->escape($db->idate($search_date_sync_end))."')";
} elseif ($search_date_sync && !$search_date_sync_end) {
$sql .= natural_search('cr.date_sync', $db->idate($search_date_sync));
}