lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

escape sql string for my Travais friend

Browse Source
This commit is contained in:
Christophe Battarel 2022-04-29 10:12:53 +02:00
parent fb076a9282
commit a11b5b4399
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/takepos/ajax/ajax.php
View File

@ -235,7 +235,7 @@ if ($action == 'getProducts') {
$sql .= $hookmanager->resPrint;
// load only one page of products
$sql.= ' LIMIT '. $search_start . ',' . $search_limit;
$sql.= ' LIMIT '. $db->escape($search_start) . ',' . $db->escape($search_limit);
$resql = $db->query($sql);
if ($resql) {