diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index 3d5749169ad..396695aa98d 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -1797,8 +1797,16 @@ class Product extends CommonObject
*/
function add_sousproduit($id_pere, $id_fils,$qty)
{
- $sql = 'DELETE from '.MAIN_DB_PREFIX.'product_association';
- $sql .= ' WHERE fk_product_pere = "'.$id_pere.'" AND fk_product_fils = "'.$id_fils.'"';
+ // Clean parameters
+ if (! is_numeric($id_pere)) $id_pere=0;
+ if (! is_numeric($id_fils)) $id_fils=0;
+
+ $result=$this->del_sousproduit($id_pere, $id_fils);
+ if ($result < 0) return $result;
+
+ // Check not already father of id_pere (to avoid father -> child -> father links)
+ $sql = 'SELECT fk_product_pere from '.MAIN_DB_PREFIX.'product_association';
+ $sql .= ' WHERE fk_product_pere = '.$id_fils.' AND fk_product_fils = '.$id_pere;
if (! $this->db->query($sql))
{
dol_print_error($this->db);
@@ -1806,37 +1814,27 @@ class Product extends CommonObject
}
else
{
- $sql = 'SELECT fk_product_pere from '.MAIN_DB_PREFIX.'product_association';
- $sql .= ' WHERE fk_product_pere = "'.$id_fils.'" AND fk_product_fils = "'.$id_pere.'"';
- if (! $this->db->query($sql))
+ $result = $this->db->query($sql);
+ if ($result)
{
- dol_print_error($this->db);
- return -1;
- }
- else
- {
- $result = $this->db->query($sql);
- if ($result)
+ $num = $this->db->num_rows($result);
+ if($num > 0)
{
- $num = $this->db->num_rows($result);
- if($num > 0)
+ $this->error="isFatherOfThis";
+ return -1;
+ }
+ else
+ {
+ $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'product_association(fk_product_pere,fk_product_fils,qty)';
+ $sql .= ' VALUES ('.$id_pere.', '.$id_fils.', '.$qty.')';
+ if (! $this->db->query($sql))
{
- $this->error="isFatherOfThis";
+ dol_print_error($this->db);
return -1;
}
else
{
- $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'product_association(fk_product_pere,fk_product_fils,qty)';
- $sql .= ' VALUES ("'.$id_pere.'","'.$id_fils.'","'.$qty.'")';
- if (! $this->db->query($sql))
- {
- dol_print_error($this->db);
- return -1;
- }
- else
- {
- return 1;
- }
+ return 1;
}
}
}
@@ -1848,14 +1846,18 @@ class Product extends CommonObject
*
* @param int $fk_parent Id du produit auquel ne sera plus lie le produit lie
* @param int $fk_child Id du produit a ne plus lie
- * @return int < 0 si erreur, > 0 si ok
+ * @return int < 0 if KO, > 0 if OK
*/
function del_sousproduit($fk_parent, $fk_child)
{
+ if (! is_numeric($fk_parent)) $fk_parent=0;
+ if (! is_numeric($fk_child)) $fk_child=0;
+
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_association";
- $sql.= " WHERE fk_product_pere = '".$fk_parent."'";
- $sql.= " AND fk_product_fils = '".$fk_child."'";
-
+ $sql.= " WHERE fk_product_pere = ".$fk_parent;
+ $sql.= " AND fk_product_fils = ".$fk_child;
+
+ dol_syslog(get_class($this).'::del_sousproduit sql='.$sql);
if (! $this->db->query($sql))
{
dol_print_error($this->db);
diff --git a/htdocs/product/composition/fiche.php b/htdocs/product/composition/fiche.php
index 804759afe3a..395275a9911 100644
--- a/htdocs/product/composition/fiche.php
+++ b/htdocs/product/composition/fiche.php
@@ -72,8 +72,8 @@ $cancel <> $langs->trans("Cancel") &&
$error=0;
for($i=0;$i<$_POST["max_prod"];$i++)
{
- // print "
: ".$_POST["prod_id_chk".$i];
- if($_POST["prod_id_chk".$i] != "")
+ print "
: ".$_POST["prod_id_chk".$i];
+ if ($_POST["prod_id_chk".$i] > 0)
{
if($product->add_sousproduit($id, $_POST["prod_id_".$i],$_POST["prod_qty_".$i]) > 0)
{