From b96782c22c36d0a21caa21210175a8d3dbd36bcf Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 16 May 2008 18:34:37 +0000 Subject: [PATCH] Fix: 22757 Another way to fix this bug because first fix was using not portable code. --- htdocs/fourn/facture/paiement.php | 2 +- htdocs/fourn/facture/paiementfourn.class.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php index bdc37ec7f75..b7fa25f6d16 100644 --- a/htdocs/fourn/facture/paiement.php +++ b/htdocs/fourn/facture/paiement.php @@ -112,7 +112,7 @@ if ($action == 'add_paiement') $paiement->amounts = $amounts; // Array of amounts $paiement->paiementid = $_POST['paiementid']; $paiement->num_paiement = $_POST['num_paiement']; - $paiement->note = mysql_real_escape_string($_POST['comment']); + $paiement->note = $_POST['comment']; $paiement_id = $paiement->create($user); if ($paiement_id > 0) diff --git a/htdocs/fourn/facture/paiementfourn.class.php b/htdocs/fourn/facture/paiementfourn.class.php index 1234817cde8..6d6a63049ac 100644 --- a/htdocs/fourn/facture/paiementfourn.class.php +++ b/htdocs/fourn/facture/paiementfourn.class.php @@ -122,7 +122,7 @@ class PaiementFourn $error = 0; - // Nettoyage parametres + // Clean parameters $this->total = 0; foreach ($this->amounts as $key => $value) { @@ -141,7 +141,7 @@ class PaiementFourn $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'paiementfourn ('; $sql.= 'datec, datep, amount, fk_paiement, num_paiement, note, fk_user_author, fk_bank)'; $sql.= ' VALUES (now(),'; - $sql.= ' '.$this->db->idate($this->datepaye).', \''.$this->total.'\', '.$this->paiementid.', \''.$this->num_paiement.'\', \''.$this->note.'\', '.$user->id.', 0)'; + $sql.= " ".$this->db->idate($this->datepaye).", '".$this->total."', ".$this->paiementid.", '".$this->num_paiement."', '".addslashes($this->note)."', ".$user->id.", 0)"; dolibarr_syslog("PaiementFourn::create sql=".$sql); $resql = $this->db->query($sql);