use double quotes to compose SQL requests

htdocs/compta/facture/class/facture.class.php

@@ -5138,11 +5138,11 @@ class Facture extends CommonInvoice
 	public function willBeLastOfSameType()
 	{
 		// get date of last validated invoices of same type
-		$sql  = 'SELECT datef';
-		$sql .= ' FROM '.MAIN_DB_PREFIX.'facture';
-		$sql .= ' WHERE type = ' . (int) $this->type ;
-		$sql .= ' AND date_valid IS NOT NULL';
-		$sql .= ' ORDER BY datef DESC LIMIT 1';
+		$sql  = "SELECT datef";
+		$sql .= " FROM ".MAIN_DB_PREFIX."facture";
+		$sql .= " WHERE type = " . (int) $this->type ;
+		$sql .= " AND date_valid IS NOT NULL";
+		$sql .= " ORDER BY datef DESC LIMIT 1";
 
 		$result = $this->db->query($sql);
 		if ($result) {

htdocs/core/actions_massactions.inc.php

@@ -1212,9 +1212,9 @@ if (!$error && $massaction == 'validate' && $permissiontoadd) {
 	if ($objecttmp->element == 'facture') {
 		if (!empty($toselect) && !empty($conf->global->INVOICE_CHECK_POSTERIOR_DATE)) {
 			// order $toselect by date
-			$sql  = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'facture';
-			$sql .= ' WHERE rowid IN ('.$db->sanitize(implode(',', $toselect)).')';
-			$sql .= ' ORDER BY datef';
+			$sql  = "SELECT rowid FROM ".MAIN_DB_PREFIX."facture";
+			$sql .= " WHERE rowid IN (".$db->sanitize(implode(",", $toselect)).")";
+			$sql .= " ORDER BY datef";
 
 			$resql = $db->query($sql);
 			if ($resql) {