From b1cb32c743e19873fd65eaa3c8f4bb10a6839201 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 15 Sep 2021 20:03:38 +0200 Subject: [PATCH] Fix some sql --- htdocs/bom/class/bom.class.php | 8 ++++---- htdocs/core/tpl/card_presend.tpl.php | 2 +- .../eventorganization/class/conferenceorbooth.class.php | 2 +- .../class/conferenceorboothattendee.class.php | 2 +- .../knowledgemanagement/class/knowledgerecord.class.php | 2 +- htdocs/modulebuilder/template/class/myobject.class.php | 2 +- htdocs/mrp/class/mo.class.php | 2 +- htdocs/partnership/class/partnership.class.php | 2 +- htdocs/product/class/productfournisseurprice.class.php | 6 +++--- htdocs/recruitment/class/recruitmentcandidature.class.php | 2 +- htdocs/workstation/class/workstation.class.php | 2 +- 11 files changed, 16 insertions(+), 16 deletions(-) diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index 3996b5e49bd..19938a049a9 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -431,13 +431,13 @@ class BOM extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key.' = '.((int) $value); } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } @@ -946,7 +946,7 @@ class BOM extends CommonObject $this->lines = array(); $objectline = new BOMLine($this->db); - $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_bom = '.$this->id)); + $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_bom = '.((int) $this->id))); if (is_numeric($result)) { $this->error = $this->error; diff --git a/htdocs/core/tpl/card_presend.tpl.php b/htdocs/core/tpl/card_presend.tpl.php index c741fb213c2..cbc7a8a688b 100644 --- a/htdocs/core/tpl/card_presend.tpl.php +++ b/htdocs/core/tpl/card_presend.tpl.php @@ -177,7 +177,7 @@ if ($action == 'presend') { $listeuser = array(); $fuserdest = new User($db); - $result = $fuserdest->fetchAll('ASC', 't.lastname', 0, 0, array('customsql'=>'t.statut=1 AND t.employee=1 AND t.email IS NOT NULL AND t.email<>\'\''), 'AND', true); + $result = $fuserdest->fetchAll('ASC', 't.lastname', 0, 0, array('customsql'=>"t.statut=1 AND t.employee=1 AND t.email IS NOT NULL AND t.email <> ''"), 'AND', true); if ($result > 0 && is_array($fuserdest->users) && count($fuserdest->users) > 0) { foreach ($fuserdest->users as $uuserdest) { $listeuser[$uuserdest->id] = $uuserdest->user_get_property($uuserdest->id, 'email'); diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php index ea2bf2eb87f..e1af900371d 100644 --- a/htdocs/eventorganization/class/conferenceorbooth.class.php +++ b/htdocs/eventorganization/class/conferenceorbooth.class.php @@ -749,7 +749,7 @@ class ConferenceOrBooth extends ActionComm $this->lines = array(); $objectline = new ConferenceOrBoothLine($this->db); - $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_conferenceorbooth = '.$this->id)); + $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_conferenceorbooth = '.((int) $this->id))); if (is_numeric($result)) { $this->error = $this->error; diff --git a/htdocs/eventorganization/class/conferenceorboothattendee.class.php b/htdocs/eventorganization/class/conferenceorboothattendee.class.php index 7d6de3b3713..f619b5459c3 100644 --- a/htdocs/eventorganization/class/conferenceorboothattendee.class.php +++ b/htdocs/eventorganization/class/conferenceorboothattendee.class.php @@ -951,7 +951,7 @@ class ConferenceOrBoothAttendee extends CommonObject $this->lines = array(); $objectline = new ConferenceOrBoothAttendeeLine($this->db); - $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_conferenceorboothattendee = '.$this->id)); + $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_conferenceorboothattendee = '.((int) $this->id))); if (is_numeric($result)) { $this->error = $this->error; diff --git a/htdocs/knowledgemanagement/class/knowledgerecord.class.php b/htdocs/knowledgemanagement/class/knowledgerecord.class.php index dacdf57d3a8..f7af4a4559f 100644 --- a/htdocs/knowledgemanagement/class/knowledgerecord.class.php +++ b/htdocs/knowledgemanagement/class/knowledgerecord.class.php @@ -899,7 +899,7 @@ class KnowledgeRecord extends CommonObject $this->lines = array(); $objectline = new KnowledgeRecordLine($this->db); - $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_knowledgerecord = '.$this->id)); + $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_knowledgerecord = '.((int) $this->id))); if (is_numeric($result)) { $this->error = $this->error; diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php index 65af15cffa8..c93d5dd48e6 100644 --- a/htdocs/modulebuilder/template/class/myobject.class.php +++ b/htdocs/modulebuilder/template/class/myobject.class.php @@ -958,7 +958,7 @@ class MyObject extends CommonObject $this->lines = array(); $objectline = new MyObjectLine($this->db); - $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_myobject = '.$this->id)); + $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_myobject = '.((int) $this->id))); if (is_numeric($result)) { $this->error = $this->error; diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php index df5dcba60ad..d4abe482a88 100644 --- a/htdocs/mrp/class/mo.class.php +++ b/htdocs/mrp/class/mo.class.php @@ -1188,7 +1188,7 @@ class Mo extends CommonObject $this->lines = array(); $objectline = new MoLine($this->db); - $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_mo = '.$this->id)); + $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_mo = '.((int) $this->id))); if (is_numeric($result)) { $this->error = $this->error; diff --git a/htdocs/partnership/class/partnership.class.php b/htdocs/partnership/class/partnership.class.php index feef3c7e81f..8b8642c9f0c 100644 --- a/htdocs/partnership/class/partnership.class.php +++ b/htdocs/partnership/class/partnership.class.php @@ -1157,7 +1157,7 @@ class Partnership extends CommonObject $this->lines = array(); $objectline = new PartnershipLine($this->db); - $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_partnership = '.$this->id)); + $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_partnership = '.((int) $this->id))); if (is_numeric($result)) { $this->error = $this->error; diff --git a/htdocs/product/class/productfournisseurprice.class.php b/htdocs/product/class/productfournisseurprice.class.php index 41e1d2d0f6b..ce04df8f56f 100644 --- a/htdocs/product/class/productfournisseurprice.class.php +++ b/htdocs/product/class/productfournisseurprice.class.php @@ -326,15 +326,15 @@ class ProductFournisseurPrice extends CommonObject if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key.' = '.((int) $value); } elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; + $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (strpos($value, '%') === false) { $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; } else { - $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; + $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; } } } diff --git a/htdocs/recruitment/class/recruitmentcandidature.class.php b/htdocs/recruitment/class/recruitmentcandidature.class.php index 0069ce2d30f..985b207dd60 100644 --- a/htdocs/recruitment/class/recruitmentcandidature.class.php +++ b/htdocs/recruitment/class/recruitmentcandidature.class.php @@ -893,7 +893,7 @@ class RecruitmentCandidature extends CommonObject $this->lines = array(); $objectline = new RecruitmentCandidatureLine($this->db); - $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_recruitmentcandidature = '.$this->id)); + $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_recruitmentcandidature = '.((int) $this->id))); if (is_numeric($result)) { $this->error = $this->error; diff --git a/htdocs/workstation/class/workstation.class.php b/htdocs/workstation/class/workstation.class.php index 5cb6baf3565..2ce05fd2976 100755 --- a/htdocs/workstation/class/workstation.class.php +++ b/htdocs/workstation/class/workstation.class.php @@ -928,7 +928,7 @@ class Workstation extends CommonObject $this->lines = array(); $objectline = new WorkstationLine($this->db); - $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_workstation = '.$this->id)); + $result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_workstation = '.((int) $this->id))); if (is_numeric($result)) { $this->error = $this->error;