From ccba895e70bd38258a24f719dcc256f4a2e2203b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 10 Dec 2013 17:21:48 +0100 Subject: [PATCH] Fix: sql where on an int must not contains ' --- htdocs/product/class/product.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index c406ec10baf..40b6a2cfdd0 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1151,7 +1151,7 @@ class Product extends CommonObject $sql.= " accountancy_code_buy, accountancy_code_sell, stock, pmp,"; $sql.= " datec, tms, import_key, entity, desiredstock"; $sql.= " FROM ".MAIN_DB_PREFIX."product"; - if ($id) $sql.= " WHERE rowid = '".$id."'"; + if ($id) $sql.= " WHERE rowid = ".$this->db->escape($id); else { $sql.= " WHERE entity IN (".getEntity($this->element, 1).")";