From a6c7c04654cc475b44d619a43fabc66e379d7339 Mon Sep 17 00:00:00 2001
From: Andre Cianfarani <acianfa@free.fr>
Date: Sun, 12 Feb 2006 05:25:48 +0000
Subject: [PATCH] fix : syntaxe sql (stock) pouvait provoquer bogue selon
 contexte

---
 htdocs/product.class.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/htdocs/product.class.php b/htdocs/product.class.php
index 4a7c5845f5d..07491c3fe8e 100644
--- a/htdocs/product.class.php
+++ b/htdocs/product.class.php
@@ -540,7 +540,7 @@ class Product
         $sql = "SELECT rowid, ref, label, description, note, price, tva_tx, envente,";
         $sql.= " nbvente, fk_product_type, duration, seuil_stock_alerte";
         $sql.= " FROM ".MAIN_DB_PREFIX."product";
-        if ($id) $sql.= " WHERE rowid = ".$id;
+        if ($id) $sql.= " WHERE rowid = '".$id."'";
         if ($ref) $sql.= " WHERE ref = '".addslashes($ref)."'";
     
         $result = $this->db->query($sql) ;
@@ -603,8 +603,8 @@ class Product
 						$sql= "SELECT price, tva_tx, envente ";
 						$sql.= "FROM ".MAIN_DB_PREFIX."product_price ";
 						$sql.= "where price_level=".$i." and ";
-						if ($id) $sql.= "fk_product = ".$id." ";
-						if ($ref) $sql.= "fk_product = ".$prodid." ";
+						if ($id) $sql.= "fk_product = '".$id."' ";
+						if ($ref) $sql.= "fk_product = '".$prodid."' ";
 						$sql.= "order by date_price DESC limit 1";
 					    $result = $this->db->query($sql) ;
 						if ( $result )
@@ -626,7 +626,7 @@ class Product
 			
 			
             $sql = "SELECT reel, fk_entrepot";
-            $sql .= " FROM ".MAIN_DB_PREFIX."product_stock WHERE fk_product = ".$this->id;
+            $sql .= " FROM ".MAIN_DB_PREFIX."product_stock WHERE fk_product = '".$this->id."'";
             $result = $this->db->query($sql) ;
             if ($result)
             {