lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

replace addslashes by $db->escape for postgresql compatibility

Browse Source
This commit is contained in:
Philippe Grand 2011-02-15 12:46:32 +00:00
parent 1dba8e0465
commit 88d69fe5b0
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/comm/clients.php
View File

@ -99,9 +99,9 @@ if (!$user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc
if ($socid) $sql.= " AND s.rowid = ".$socid;
if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
if ($search_categ) $sql.= " AND s.rowid = cs.fk_societe"; // Join for the needed table to filter by categ
if ($search_nom) $sql.= " AND s.nom like '%".addslashes(strtolower($search_nom))."%'";
if ($search_ville) $sql.= " AND s.ville like '%".addslashes(strtolower($search_ville))."%'";
if ($search_code) $sql.= " AND s.code_client like '%".addslashes(strtolower($search_code))."%'";
if ($search_nom) $sql.= " AND s.nom like '%".$db->escape(strtolower($search_nom))."%'";
if ($search_ville) $sql.= " AND s.ville like '%".$db->escape(strtolower($search_ville))."%'";
if ($search_code) $sql.= " AND s.code_client like '%".$db->escape(strtolower($search_code))."%'";
// Insert sale filter
if ($search_sale)
{
@ -114,7 +114,7 @@ if ($search_categ)
}
if ($socname)
{
$sql.= " AND s.nom like '%".addslashes(strtolower($socname))."%'";
$sql.= " AND s.nom like '%".$db->escape(strtolower($socname))."%'";
$sortfield = "s.nom";
$sortorder = "ASC";
}