lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

No need for db->escape when cast on int exists

Browse Source
This commit is contained in:
Laurent Destailleur 2023-03-23 14:26:19 +01:00
parent dcc04ca018
commit 69799d9ea1
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/public/stripe/ipn.php
View File

@ -457,11 +457,11 @@ if ($event->type == 'payout.created') {
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_demande as dp";
$sql .= " JOIN ".MAIN_DB_PREFIX."prelevement_bons as pb"; // Here we join to prevent modification of a prelevement bon already credited
$sql .= " ON pb.rowid = dp.fk_prelevement_bons";
$sql .= " WHERE dp.fk_facture = ".(int) $db->escape($invoice_id);
$sql .= " WHERE dp.fk_facture = ".((int) $invoice_id);
$sql .= " AND dp.sourcetype = 'facture'";
$sql .= " AND dp.ext_payment_id = '".$db->escape($TRANSACTIONID)."'";
$sql .= " AND dp.traite = 1";
$sql .= " AND statut = ".(int) $db->escape($bon::STATUS_TRANSFERED); // To be sure that it's not already credited
$sql .= " AND statut = ".((int) $bon::STATUS_TRANSFERED); // To be sure that it's not already credited
$result = $db->query($sql);
if ($result) {
if ($db->num_rows($result)) {
@ -479,12 +479,12 @@ if ($event->type == 'payout.created') {
if (!$error && !empty($idbon)) {
$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons";
$sql .= " SET fk_user_credit = ".(int) $db->escape($user->id);
$sql .= ", statut = ".(int) $db->escape($bon::STATUS_CREDITED);
$sql .= " SET fk_user_credit = ".((int) $user->id);
$sql .= ", statut = ".((int) $bon::STATUS_CREDITED);
$sql .= ", date_credit = '".$db->idate($now)."'";
$sql .= ", credite = 1";
$sql .= " WHERE rowid = ".(int) $db->escape($idbon);
$sql .= " AND statut = ".(int) $db->escape($bon::STATUS_TRANSFERED);
$sql .= " WHERE rowid = ".((int) $idbon);
$sql .= " AND statut = ".((int) $bon::STATUS_TRANSFERED);
$result = $db->query($sql);
if (!$result) {
@ -497,7 +497,7 @@ if ($event->type == 'payout.created') {
if (!$error && !empty($idbon)) {
$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_lignes";
$sql .= " SET statut = 2";
$sql .= " WHERE fk_prelevement_bons = ".(int) $db->escape($idbon);
$sql .= " WHERE fk_prelevement_bons = ".((int) $idbon);
$result = $db->query($sql);
if (!$result) {
$postactionmessages[] = $db->lasterror();