lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix escaping

Browse Source
This commit is contained in:
Laurent Destailleur 2018-02-21 11:09:17 +01:00
parent 72c1357c9b
commit aac59f3e21
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/accountancy/class/accountancycategory.class.php
View File

@ -92,7 +92,7 @@ class AccountancyCategory // extends CommonObject
// Insert request
$sql = "INSERT INTO ".MAIN_DB_PREFIX."c_accounting_category(";
$sql.= "rowid,";
if ($this->rowid > 0) $sql.= "rowid,";
$sql.= "code,";
$sql.= "label,";
$sql.= "range_account,";
@ -103,16 +103,16 @@ class AccountancyCategory // extends CommonObject
$sql.= "fk_country,";
$sql.= "active";
$sql.= ") VALUES (";
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->rowid."'").",";
if ($this->rowid > 0) $sql.= " ".$this->rowid.",";
$sql.= " ".(! isset($this->code)?'NULL':"'".$this->db->escape($this->code)."'").",";
$sql.= " ".(! isset($this->label)?'NULL':"'".$this->db->escape($this->label)."'").",";
$sql.= " ".(! isset($this->range_account)?'NULL':"'".$this->db->escape($this->range_account)."'").",";
$sql.= " ".(! isset($this->sens)?'NULL':"'".$this->sens."'").",";
$sql.= " ".(! isset($this->category_type)?'NULL':"'".$this->category_type."'").",";
$sql.= " ".(! isset($this->sens)?'NULL':"'".$this->db->escape($this->sens)."'").",";
$sql.= " ".(! isset($this->category_type)?'NULL':"'".$this->db->escape($this->category_type)."'").",";
$sql.= " ".(! isset($this->formula)?'NULL':"'".$this->db->escape($this->formula)."'").",";
$sql.= " ".(! isset($this->position)?'NULL':"'".$this->position."'").",";
$sql.= " ".(! isset($this->fk_country)?'NULL':"'".$this->fk_country."'").",";
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->active."'")."";
$sql.= " ".(! isset($this->position)?'NULL':$this->db->escape($this->position)).",";
$sql.= " ".(! isset($this->fk_country)?'NULL':$this->db->escape($this->fk_country)).",";
$sql.= " ".(! isset($this->active)?'NULL':$this->db->escape($this->active));
$sql.= ")";
$this->db->begin();