Fix sql injection

htdocs/categories/viewcat.php

@@ -40,7 +40,7 @@ $type = GETPOST('type', 'az09');
 $action=GETPOST('action', 'aZ09');
 $confirm    = GETPOST('confirm', 'alpha');
 $removeelem = GETPOST('removeelem', 'int');
-$elemid     = GETPOST('elemid', 'alpha');
+$elemid     = GETPOST('elemid', 'int');
 
 if ($id == "" && $label == "")
 {

htdocs/product/class/product.class.php

@@ -284,14 +284,14 @@ class Product extends CommonObject
      * @var int
      */
     public $barcode_type;
-    
+
     /**
      * Main Barcode type code
      *
      * @var string
      */
     public $barcode_type_code;
-    
+
     /**
      * Additional barcodes (Some products have different barcodes according to the country of origin of manufacture)
      *
@@ -2052,7 +2052,7 @@ class Product extends CommonObject
         $sql.= " fk_price_expression, price_autogen";
         $sql.= " FROM ".MAIN_DB_PREFIX."product";
         if ($id) {
-            $sql.= " WHERE rowid = ".$this->db->escape($id);
+            $sql.= " WHERE rowid = ".(int) $id;
         } else {
             $sql.= " WHERE entity IN (".getEntity($this->element).")";
             if ($ref) {