lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix escape fields

Browse Source
This commit is contained in:
Laurent Destailleur 2020-06-14 21:22:44 +02:00
parent f9da31e658
commit 964f17c507
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
htdocs/compta/facture/class/facture.class.php
View File

@ -4086,10 +4086,10 @@ class Facture extends CommonInvoice
* @param User $fuser User asking the direct debit transfer
* @param float $amount Amount we request direct debit for
* @param string $type 'direct-debit' or 'bank-transfer'
* @param string $source_type Source ('facture' or 'supplier_invoice')
* @param string $sourcetype Source ('facture' or 'supplier_invoice')
* @return int <0 if KO, >0 if OK
*/
public function demande_prelevement($fuser, $amount = 0, $type = 'direct-debit', $source_type = 'facture')
public function demande_prelevement($fuser, $amount = 0, $type = 'direct-debit', $sourcetype = 'facture')
{
// phpcs:enable
@ -4140,16 +4140,16 @@ class Facture extends CommonInvoice
} else {
$sql .= 'fk_facture, ';
}
$sql .= ' amount, date_demande, fk_user_demande, code_banque, code_guichet, number, cle_rib, source_type)';
$sql .= ' amount, date_demande, fk_user_demande, code_banque, code_guichet, number, cle_rib, sourcetype)';
$sql .= ' VALUES ('.$this->id;
$sql .= ",'".price2num($amount)."'";
$sql .= ",'".$this->db->idate($now)."'";
$sql .= ",".$fuser->id;
$sql .= ",'".$bac->code_banque."'";
$sql .= ",'".$bac->code_guichet."'";
$sql .= ",'".$bac->number."'";
$sql .= ",'".$bac->cle_rib."'";
$sql .= ",'".$source_type."'";
$sql .= ",'".$this->db->escape($bac->code_banque)."'";
$sql .= ",'".$this->db->escape($bac->code_guichet)."'";
$sql .= ",'".$this->db->escape($bac->number)."'";
$sql .= ",'".$this->db->escape($bac->cle_rib)."'";
$sql .= ",'".$this->db->escape($sourcetype)."'";
$sql .= ")";
dol_syslog(get_class($this)."::demande_prelevement", LOG_DEBUG);