lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX travis errors sql escape

Browse Source
This commit is contained in:
VESSILLER 2020-03-13 09:01:22 +01:00
parent 04c0332bee
commit 826ed67921
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/core/modules/takepos/mod_takepos_ref_simple.php
View File

@ -92,7 +92,7 @@ class mod_takepos_ref_simple extends ModeleNumRefTakepos
$posindice = 8;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM " . $posindice . ") AS SIGNED)) as max";
$sql .= " FROM " . MAIN_DB_PREFIX . "facture";
$sql .= " WHERE ref LIKE '" . $this->prefix . "____-%'";
$sql .= " WHERE ref LIKE '" . $db->escape($this->prefix) . "____-%'";
$sql .= " AND entity = " . $conf->entity;
$resql = $db->query($sql);
@ -131,7 +131,7 @@ class mod_takepos_ref_simple extends ModeleNumRefTakepos
$posindice = strlen($this->prefix . $pos_source . '-____-') + 1;
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM " . $posindice . ") AS SIGNED)) as max"; // This is standard SQL
$sql .= " FROM " . MAIN_DB_PREFIX . "facture";
$sql .= " WHERE ref LIKE '" . $this->prefix . $pos_source . "-____-%'";
$sql .= " WHERE ref LIKE '" . $db->escape($this->prefix . $pos_source) . "-____-%'";
$sql .= " AND entity IN (".getEntity('invoicenumber', 1, $invoice).")";
$resql = $db->query($sql);
@ -152,7 +152,7 @@ class mod_takepos_ref_simple extends ModeleNumRefTakepos
$ref = '';
$sql = "SELECT ref as ref";
$sql .= " FROM ". MAIN_DB_PREFIX . "facture";
$sql .= " WHERE ref LIKE '" . $this->prefix . $pos_source . "-____-" . $num . "'";
$sql .= " WHERE ref LIKE '" . $db->escape($this->prefix . $pos_source) . "-____-" . $num . "'";
$sql .= " AND entity IN (".getEntity('invoicenumber', 1, $invoice).")";
$sql .= " ORDER BY ref DESC";