lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX : sql db escape missing

Browse Source
This commit is contained in:
Gauthier PC portable 024 2021-01-25 10:22:31 +01:00
parent f3e7adad18
commit 42e28941d0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/compta/tva/class/tva.class.php
View File

@ -470,7 +470,7 @@ class Tva extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f";
if ($year)
{
$sql .= " WHERE f.datef >= '".$year."-01-01' AND f.datef <= '".$year."-12-31' ";
$sql .= " WHERE f.datef >= '".$this->db->escape($year)."-01-01' AND f.datef <= '".$this->db->escape($year)."-12-31' ";
}
$result = $this->db->query($sql);