Fix: add escape

2012-10-09 20:23:02 +02:00 · 2012-10-09 20:23:02 +02:00 · 62f170d3d7
commit 62f170d3d7
parent edb6195cc2
1 changed files with 1 additions and 1 deletions
--- a/htdocs/societe/class/societe.class.php
+++ b/htdocs/societe/class/societe.class.php
@ -878,7 +878,7 @@ class Societe extends CommonObject
    		if ($similar)
    		{
    			// For test similitude
-    			$sql.= "(LOCATE('".$name."', nom) > 0 OR LOCATE(nom, '".$name."') > 0)";
+    			$sql.= "(LOCATE('".$this->db->escape($name)."', nom) > 0 OR LOCATE(nom, '".$this->db->escape($name)."') > 0)";
    		}
    		else
    		{