lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

db escape

Browse Source
This commit is contained in:
Frédéric FRANCE 2019-10-02 08:31:46 +02:00
parent 13eb76a5b7
commit 802236f583
No known key found for this signature in database
GPG Key ID: 06809324E4B2ABC1
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/menus/standard/eldy.lib.php
View File

@ -958,7 +958,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM
$newmenu->add("/fichinter/index.php?leftmenu=ficheinter", $langs->trans("Interventions"), 0, $user->rights->ficheinter->lire, '', $mainmenu, 'ficheinter', 2200);
$newmenu->add("/fichinter/card.php?action=create&leftmenu=ficheinter", $langs->trans("NewIntervention"), 1, $user->rights->ficheinter->creer, '', '', '', 201);
$newmenu->add("/fichinter/list.php?leftmenu=ficheinter", $langs->trans("List"), 1, $user->rights->ficheinter->lire, '', '', '', 202);
if ($conf->global->MAIN_FEATURES_LEVEL >= 2) $newmenu->add("/fichinter/card-rec.php?leftmenu=ficheinter", $langs->trans("ModelList"), 1, $user->rights->ficheinter->lire, '', '', '', 203);
if ($conf->global->MAIN_FEATURES_LEVEL >= 2) $newmenu->add("/fichinter/card-rec.php?leftmenu=ficheinter", $langs->trans("ListOfTemplates"), 1, $user->rights->ficheinter->lire, '', '', '', 203);
$newmenu->add("/fichinter/stats/index.php?leftmenu=ficheinter", $langs->trans("Statistics"), 1, $user->rights->fournisseur->commande->lire);
}
}

13
htdocs/fichinter/class/fichinterrec.class.php
View File

@ -171,7 +171,7 @@ class FichinterRec extends Fichinter
$sql.= ", ".(! empty($fichintsrc->modelpdf)?"'".$this->db->escape($fichintsrc->modelpdf)."'":"''");
// récurrence
$sql.= ", ".(! empty($this->frequency)? $this->frequency:"null");
$sql.= ", ".(! empty($this->frequency)?$this->frequency:"null");
$sql.= ", '".$this->db->escape($this->unit_frequency)."'";
$sql.= ", ".(!empty($this->date_when)?"'".$this->db->idate($this->date_when)."'":'null');
$sql.= ", ".(!empty($this->date_last_gen)?"'".$this->db->idate($this->date_last_gen)."'":'null');
@ -516,7 +516,7 @@ class FichinterRec extends Fichinter
//$sql.= ", special_code";
$sql.= ", fk_unit";
$sql.= ") VALUES (";
$sql.= $this->id;
$sql.= (int) $this->id;
$sql.= ", ".(! empty($label)?"'".$this->db->escape($label)."'":"null");
$sql.= ", ".(! empty($desc)?"'".$this->db->escape($desc)."'":"null");
$sql.= ", ".(! empty($datei)?"'".$this->db->idate($datei)."'":"null");
@ -532,7 +532,7 @@ class FichinterRec extends Fichinter
$sql.= ", '".price2num($total_ht)."'";
$sql.= ", '".price2num($total_tva)."'";
$sql.= ", '".price2num($total_ttc)."'";
$sql.= ", ".$rang;
$sql.= ", ".(int) $rang;
//$sql.= ", ".$special_code;
$sql.= ", ".(! empty($fk_unit) ? $fk_unit :"null");
$sql.= ")";
@ -562,14 +562,15 @@ class FichinterRec extends Fichinter
// phpcs:enable
if ($user->rights->fichinter->creer) {
$sql = "UPDATE ".MAIN_DB_PREFIX."fichinter_rec ";
$sql .= " SET frequency = '".$this->db->escape($freq)."', last_gen='".$this->db-escape($courant)."'";
$sql .= " SET frequency='".$this->db->escape($freq)."'";
$sql .= ", last_gen='".$this->db-escape($courant)."'";
$sql .= " WHERE rowid = ".$this->id;
$resql = $this->db->query($sql);
if ($resql) {
$this->frequency = $freq;
$this->last_gen = $courant;
$this->frequency = $freq;
$this->last_gen = $courant;
return 0;
} else {
dol_print_error($this->db);