diff --git a/htdocs/soc.php b/htdocs/soc.php index 122aa8e2acd..23e4f364f06 100644 --- a/htdocs/soc.php +++ b/htdocs/soc.php @@ -56,39 +56,39 @@ $soc = new Societe($db); /* * Actions */ -if ($_POST["action"] == 'add' or $_POST["action"] == 'update') +if ($_POST["action"] == 'add' || $_POST["action"] == 'update') { - $soc->nom = stripslashes($_POST["nom"]); - $soc->adresse = stripslashes($_POST["adresse"]); - $soc->cp = stripslashes($_POST["cp"]); - $soc->ville = stripslashes($_POST["ville"]); - $soc->pays_id = stripslashes($_POST["pays_id"]); - $soc->departement_id = stripslashes($_POST["departement_id"]); - $soc->tel = stripslashes($_POST["tel"]); - $soc->fax = stripslashes($_POST["fax"]); + $soc->nom = $_POST["nom"]; + $soc->adresse = $_POST["adresse"]; + $soc->cp = $_POST["cp"]; + $soc->ville = $_POST["ville"]; + $soc->pays_id = $_POST["pays_id"]; + $soc->departement_id = $_POST["departement_id"]; + $soc->tel = $_POST["tel"]; + $soc->fax = $_POST["fax"]; $soc->url = ereg_replace( "http://", "", $_POST["url"] ); - $soc->siren = stripslashes($_POST["siren"]); - $soc->siret = stripslashes($_POST["siret"]); - $soc->ape = stripslashes($_POST["ape"]); - $soc->prefix_comm = stripslashes($_POST["prefix_comm"]); - $soc->code_client = stripslashes($_POST["code_client"]); - $soc->code_fournisseur = stripslashes($_POST["code_fournisseur"]); - $soc->codeclient_modifiable = stripslashes($_POST["codeclient_modifiable"]); - $soc->codefournisseur_modifiable = stripslashes($_POST["codefournisseur_modifiable"]); - $soc->capital = stripslashes($_POST["capital"]); - $soc->tva_intra_code = stripslashes($_POST["tva_intra_code"]); - $soc->tva_intra_num = stripslashes($_POST["tva_intra_num"]); - $soc->tva_intra = stripslashes($_POST["tva_intra_code"] . $_POST["tva_intra_num"]); - $soc->forme_juridique_code = stripslashes($_POST["forme_juridique_code"]); - $soc->effectif_id = stripslashes($_POST["effectif_id"]); - $soc->typent_id = stripslashes($_POST["typent_id"]); - $soc->client = stripslashes($_POST["client"]); - $soc->fournisseur = stripslashes($_POST["fournisseur"]); + $soc->siren = $_POST["siren"]; + $soc->siret = $_POST["siret"]; + $soc->ape = $_POST["ape"]; + $soc->prefix_comm = $_POST["prefix_comm"]; + $soc->code_client = $_POST["code_client"]; + $soc->code_fournisseur = $_POST["code_fournisseur"]; + $soc->codeclient_modifiable = $_POST["codeclient_modifiable"]; + $soc->codefournisseur_modifiable = $_POST["codefournisseur_modifiable"]; + $soc->capital = $_POST["capital"]; + $soc->tva_intra_code = $_POST["tva_intra_code"]; + $soc->tva_intra_num = $_POST["tva_intra_num"]; + $soc->tva_intra = $_POST["tva_intra_code"] . $_POST["tva_intra_num"]; + $soc->forme_juridique_code = $_POST["forme_juridique_code"]; + $soc->effectif_id = $_POST["effectif_id"]; + $soc->typent_id = $_POST["typent_id"]; + $soc->client = $_POST["client"]; + $soc->fournisseur = $_POST["fournisseur"]; if ($_POST["action"] == 'update') { $result = $soc->update($_GET["socid"],$user); - if ($result <> 0) + if ($result <= 0) { $soc->id = $_GET["socid"]; // doublon sur le prefix comm @@ -108,7 +108,7 @@ if ($_POST["action"] == 'add' or $_POST["action"] == 'update') { $result = $soc->create($user); - if ($result == 0) + if ($result >= 0) { Header("Location: soc.php?socid=".$soc->id); exit; diff --git a/htdocs/societe.class.php b/htdocs/societe.class.php index 4743d039d13..54911c38c1d 100644 --- a/htdocs/societe.class.php +++ b/htdocs/societe.class.php @@ -312,16 +312,16 @@ class Societe { $sql .= ",fk_departement = '" . ($this->departement_id?$this->departement_id:'0') ."'"; $sql .= ",fk_pays = '" . ($this->pays_id?$this->pays_id:'0') ."'"; - $sql .= ",tel = ".($this->tel?"'".$this->tel."'":"null"); - $sql .= ",fax = ".($this->fax?"'".$this->fax."'":"null"); - $sql .= ",url = ".($this->url?"'".$this->url."'":"null"); + $sql .= ",tel = ".($this->tel?"'".addslashes($this->tel)."'":"null"); + $sql .= ",fax = ".($this->fax?"'".addslashes($this->fax)."'":"null"); + $sql .= ",url = ".($this->url?"'".addslashes($this->url)."'":"null"); - $sql .= ",siren = '". $this->siren ."'"; - $sql .= ",siret = '". $this->siret ."'"; - $sql .= ",ape = '". $this->ape ."'"; + $sql .= ",siren = '". addslashes($this->siren) ."'"; + $sql .= ",siret = '". addslashes($this->siret) ."'"; + $sql .= ",ape = '". addslashes($this->ape) ."'"; - $sql .= ",tva_intra = '" . $this->tva_intra ."'"; - $sql .= ",capital = '" . $this->capital ."'"; + $sql .= ",tva_intra = '" . addslashes($this->tva_intra) ."'"; + $sql .= ",capital = '" . addslashes($this->capital) ."'"; if ($this->prefix_comm) $sql .= ",prefix_comm = '" . $this->prefix_comm ."'"; @@ -367,14 +367,11 @@ class Societe { $sql .= ", code_compta_fournisseur = ".($this->code_compta_fournisseur?"'".$this->code_compta_fournisseur."'":"null"); } - - - if ($user) $sql .= ",fk_user_modif = '".$user->id."'"; - $sql .= " WHERE idp = '" . $id ."'"; - if ($this->db->query($sql)) + $resql=$this->db->query($sql); + if ($resql) { if ($call_trigger) { @@ -385,7 +382,7 @@ class Societe { // Fin appel triggers } - $result = 0; + $result = 1; } else { @@ -397,6 +394,8 @@ class Societe { } else { + + $this->error = $langs->trans("Error sql=$sql"); dolibarr_syslog("Societe::Update echec sql=$sql"); $result = -2; }