lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: sql where on an int must not contains '

Browse Source
This commit is contained in:
Laurent Destailleur 2013-12-10 17:21:48 +01:00
parent ce3047203f
commit aa4ae60826
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/product/class/product.class.php
View File

@ -1151,7 +1151,7 @@ class Product extends CommonObject
$sql.= " accountancy_code_buy, accountancy_code_sell, stock, pmp,";
$sql.= " datec, tms, import_key, entity, desiredstock";
$sql.= " FROM ".MAIN_DB_PREFIX."product";
if ($id) $sql.= " WHERE rowid = '".$id."'";
if ($id) $sql.= " WHERE rowid = ".$this->db->escape($id);
else
{
$sql.= " WHERE entity IN (".getEntity($this->element, 1).")";