From 43e754761196c4e9794233105ef53750cdd20da0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Mar 2022 11:49:14 +0100 Subject: [PATCH] Fix sql errors --- htdocs/product/class/api_products.class.php | 14 ++++++++++---- htdocs/variants/class/ProductAttribute.class.php | 15 ++++++++++----- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php index d42a8c00759..ad590e0f83c 100644 --- a/htdocs/product/class/api_products.class.php +++ b/htdocs/product/class/api_products.class.php @@ -1122,7 +1122,9 @@ class Products extends DolibarrApi throw new RestException(401); } - $sql = "SELECT rowid, ref, ref_ext, label, rang, entity FROM ".$this->db->prefix()."product_attribute WHERE ref LIKE '".trim($ref)."' AND entity IN (".getEntity('product').")"; + $ref = trim($ref); + + $sql = "SELECT rowid, ref, ref_ext, label, position, entity FROM ".$this->db->prefix()."product_attribute WHERE ref LIKE '".$this->db->escape($ref)."' AND entity IN (".getEntity('product').")"; $query = $this->db->query($sql); @@ -1137,7 +1139,8 @@ class Products extends DolibarrApi $attr['ref'] = $result->ref; $attr['ref_ext'] = $result->ref_ext; $attr['label'] = $result->label; - $attr['rang'] = $result->rang; + $attr['rang'] = $result->position; + $attr['position'] = $result->position; $attr['entity'] = $result->entity; $sql = "SELECT COUNT(*) as nb FROM ".$this->db->prefix()."product_attribute_combination2val as pac2v"; @@ -1169,7 +1172,9 @@ class Products extends DolibarrApi throw new RestException(401); } - $sql = "SELECT rowid, ref, ref_ext, label, rang, entity FROM ".$this->db->prefix()."product_attribute WHERE ref_ext LIKE '".trim($ref_ext)."' AND entity IN (".getEntity('product').")"; + $ref_ext = trim($ref_ext); + + $sql = "SELECT rowid, ref, ref_ext, label, position, entity FROM ".$this->db->prefix()."product_attribute WHERE ref_ext LIKE '".$this->db->escape($ref_ext)."' AND entity IN (".getEntity('product').")"; $query = $this->db->query($sql); @@ -1184,7 +1189,8 @@ class Products extends DolibarrApi $attr['ref'] = $result->ref; $attr['ref_ext'] = $result->ref_ext; $attr['label'] = $result->label; - $attr['rang'] = $result->rang; + $attr['rang'] = $result->position; + $attr['position'] = $result->position; $attr['entity'] = $result->entity; $sql = "SELECT COUNT(*) as nb FROM ".$this->db->prefix()."product_attribute_combination2val as pac2v"; diff --git a/htdocs/variants/class/ProductAttribute.class.php b/htdocs/variants/class/ProductAttribute.class.php index 1e7f44bb936..1ba43a3f964 100644 --- a/htdocs/variants/class/ProductAttribute.class.php +++ b/htdocs/variants/class/ProductAttribute.class.php @@ -60,6 +60,9 @@ class ProductAttribute extends CommonObject */ public $rang; + public $position; + + /** * Constructor * @@ -85,7 +88,7 @@ class ProductAttribute extends CommonObject return -1; } - $sql = "SELECT rowid, ref, ref_ext, label, rang FROM ".MAIN_DB_PREFIX."product_attribute WHERE rowid = ".((int) $id)." AND entity IN (".getEntity('product').")"; + $sql = "SELECT rowid, ref, ref_ext, label, position FROM ".MAIN_DB_PREFIX."product_attribute WHERE rowid = ".((int) $id)." AND entity IN (".getEntity('product').")"; $query = $this->db->query($sql); @@ -99,7 +102,8 @@ class ProductAttribute extends CommonObject $this->ref = $obj->ref; $this->ref_ext = $obj->ref_ext; $this->label = $obj->label; - $this->rang = $obj->rang; + $this->rang = $obj->position; + $this->position = $obj->position; return 1; } @@ -113,8 +117,8 @@ class ProductAttribute extends CommonObject { $return = array(); - $sql = 'SELECT rowid, ref, ref_ext, label, rang FROM '.MAIN_DB_PREFIX."product_attribute WHERE entity IN (".getEntity('product').')'; - $sql .= $this->db->order('rang', 'asc'); + $sql = 'SELECT rowid, ref, ref_ext, label, position FROM '.MAIN_DB_PREFIX."product_attribute WHERE entity IN (".getEntity('product').')'; + $sql .= $this->db->order('position', 'asc'); $query = $this->db->query($sql); if ($query) { while ($result = $this->db->fetch_object($query)) { @@ -123,7 +127,8 @@ class ProductAttribute extends CommonObject $tmp->ref = $result->ref; $tmp->ref_ext = $result->ref_ext; $tmp->label = $result->label; - $tmp->rang = $result->rang; + $tmp->rang = $result->position; + $tmp->position = $result->position; $return[] = $tmp; }