From 73eee33f8ac5f85db498745627ba206d4aa0299a Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Tue, 19 Jan 2021 09:24:15 +0100 Subject: [PATCH] redo of pull request with sql updated --- htdocs/user/class/user.class.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 043879d723c..0bb8d6c6930 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1417,13 +1417,13 @@ class User extends CommonObject // Create user and set $this->id. Trigger is disabled because executed later. $result = $this->create($user, 1); if ($result > 0) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.'user'; - $sql .= ' SET fk_socpeople='.$contact->id; - $sql .= ', civility="'.$contact->civility_code.'"'; + $sql = "UPDATE ".MAIN_DB_PREFIX."user"; + $sql .= " SET fk_socpeople=".$contact->id; + $sql .= ", civility='".$this->db->escape($contact->civility_code)."'"; if ($contact->socid) { - $sql .= ', fk_soc='.$contact->socid; + $sql .= ", fk_soc=".$contact->socid; } - $sql .= ' WHERE rowid='.$this->id; + $sql .= " WHERE rowid=".$this->id; print var_dump($sql); $resql = $this->db->query($sql);