Fix: problème d'apostrophe

prévoir la création d'une classe pour séparer les requêtes sql
2007-09-20 19:26:55 +00:00 · 2007-09-20 19:26:55 +00:00 · 89c17d1875
commit 89c17d1875
parent c037b87f58
1 changed files with 1 additions and 1 deletions
--- a/htdocs/compta/bank/ligne.php
+++ b/htdocs/compta/bank/ligne.php
@ -100,7 +100,7 @@ if ($_POST["action"] == "update")
    $dateop = $_POST["dateoyear"].'-'.$_POST["dateomonth"].'-'.$_POST["dateoday"];
    $dateval= $_POST["datevyear"].'-'.$_POST["datevmonth"].'-'.$_POST["datevday"];
    $sql = "UPDATE ".MAIN_DB_PREFIX."bank";
-    $sql.= " SET label='".$_POST["label"]."',";
+    $sql.= " SET label='".addslashes($_POST["label"])."',"; // Todo: crÃ©er une classe pour sÃ©parer les requÃªtes sql
    if (isset($_POST['amount'])) $sql.=" amount='$amount',";
    $sql.= " dateo = '".$dateop."', datev = '".$dateval."',";
    $sql.= " fk_account = ".$_POST['accountid'];