lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix:add escape function to query in updatefield function

Browse Source
This commit is contained in:
abb 2016-04-21 14:49:46 +01:00
parent 4406cfcbb8
commit a0f57e6a91
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/class/commonobject.class.php
View File

@ -4295,7 +4295,7 @@ abstract class CommonObject
}
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element."_extrafields SET $key='".$this->array_options["options_$key"]."'";
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element."_extrafields SET $key='".$this->db->escape($this->array_options["options_$key"])."'";
$sql .= " WHERE fk_object = ".$this->id;
$resql = $this->db->query($sql);
if (! $resql)