From 875167d5937368627c5b053a8369c9a92279c526 Mon Sep 17 00:00:00 2001
From: jpb <jean-pascal.boudet@atm-consulting>
Date: Tue, 20 Jul 2021 16:17:17 +0200
Subject: [PATCH] add escape to sql

---
 htdocs/product/class/product.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index f9b046e341c..18413b89c30 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -747,7 +747,7 @@ class Product extends CommonObject
 					$sql .= ", ".((empty($this->status_batch) || $this->status_batch < 0) ? '0' : $this->status_batch);
 					$sql .= ", '".$this->db->escape($this->batch_mask)."'";
 					$sql .= ", ".(!$this->fk_unit ? 'NULL' : $this->fk_unit);
-					$sql .= ", '".$this->mandatory_period."'";
+					$sql .= ", '".$this->db->escape($this->mandatory_period)."'";
 					$sql .= ")";
 
 					dol_syslog(get_class($this)."::Create", LOG_DEBUG);