Fix: compatibility with pgsql, replace all addslashes in particular files
This commit is contained in:
Regis Houssin
parent
aba9bb9acd
commit
669fef0014
@ -1652,8 +1652,8 @@ else
|
||||
$pageprev = $page - 1;
|
||||
$pagenext = $page + 1;
|
||||
|
||||
$viewstatut=addslashes($_GET['viewstatut']);
|
||||
$object_statut = addslashes($_GET['propal_statut']);
|
||||
$viewstatut=$db->escape($_GET['viewstatut']);
|
||||
$object_statut = $db->escape($_GET['propal_statut']);
|
||||
if($object_statut != '')
|
||||
$viewstatut=$object_statut;
|
||||
|
||||
@ -1679,17 +1679,17 @@ else
|
||||
}
|
||||
if (!empty($_GET['search_ref']))
|
||||
{
|
||||
$sql.= " AND p.ref LIKE '%".addslashes($_GET['search_ref'])."%'";
|
||||
$sql.= " AND p.ref LIKE '%".$db->escape($_GET['search_ref'])."%'";
|
||||
}
|
||||
if (!empty($_GET['search_societe']))
|
||||
{
|
||||
$sql.= " AND s.nom LIKE '%".addslashes($_GET['search_societe'])."%'";
|
||||
$sql.= " AND s.nom LIKE '%".$db->escape($_GET['search_societe'])."%'";
|
||||
}
|
||||
if (!empty($_GET['search_montant_ht']))
|
||||
{
|
||||
$sql.= " AND p.total_ht='".addslashes($_GET['search_montant_ht'])."'";
|
||||
$sql.= " AND p.total_ht='".$db->escape($_GET['search_montant_ht'])."'";
|
||||
}
|
||||
if ($sall) $sql.= " AND (s.nom like '%".addslashes($sall)."%' OR p.note like '%".addslashes($sall)."%' OR pd.description like '%".addslashes($sall)."%')";
|
||||
if ($sall) $sql.= " AND (s.nom like '%".$db->escape($sall)."%' OR p.note like '%".$db->escape($sall)."%' OR pd.description like '%".$db->escape($sall)."%')";
|
||||
if ($socid) $sql.= ' AND s.rowid = '.$socid;
|
||||
if ($viewstatut <> '')
|
||||
{
|
||||
@ -1708,7 +1708,7 @@ else
|
||||
}
|
||||
if (dol_strlen($_POST['sf_ref']) > 0)
|
||||
{
|
||||
$sql.= " AND p.ref like '%".addslashes($_POST["sf_ref"]) . "%'";
|
||||
$sql.= " AND p.ref like '%".$db->escape($_POST["sf_ref"]) . "%'";
|
||||
}
|
||||
|
||||
$sql.= ' ORDER BY '.$sortfield.' '.$sortorder.', p.ref DESC';
|
||||
|
||||
@ -58,12 +58,13 @@ class mailing_fraise extends MailingTargets
|
||||
function getSqlArrayForStats()
|
||||
{
|
||||
global $langs;
|
||||
|
||||
$langs->load("members");
|
||||
|
||||
// Array for requests for statistics board
|
||||
$statssql=array();
|
||||
|
||||
$statssql[0] ="SELECT '".addslashes($langs->trans("FundationMembers"))."' as label, count(*) as nb";
|
||||
$statssql[0] ="SELECT '".$this->db->escape($langs->trans("FundationMembers"))."' as label, count(*) as nb";
|
||||
$statssql[0].=" FROM ".MAIN_DB_PREFIX."adherent where statut = 1";
|
||||
|
||||
return $statssql;
|
||||
|
||||
@ -46,7 +46,7 @@ if (! empty($_SERVER['DOL_TUNING']))
|
||||
// Forcing parameter setting magic_quotes_gpc and cleaning parameters
|
||||
// (Otherwise he would have for each position, condition
|
||||
// Reading stripslashes variable according to state get_magic_quotes_gpc).
|
||||
// Off mode (recommended, you just do addslashes when an insert / update.
|
||||
// Off mode (recommended, you just do $db->escape when an insert / update.
|
||||
function stripslashes_deep($value)
|
||||
{
|
||||
return (is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value));
|
||||
|
||||
Loading…
Reference in New Issue
Block a user