From d090788caac937d794ca3eddbcae4397dd858993 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 8 Aug 2012 14:07:04 +0200
Subject: [PATCH] Fix: Do not run request if param is empty

---
 htdocs/core/lib/company.lib.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php
index f8bf5d4530b..7f545386104 100644
--- a/htdocs/core/lib/company.lib.php
+++ b/htdocs/core/lib/company.lib.php
@@ -222,12 +222,18 @@ function getCountry($id,$withcode='',$dbtouse=0,$outputlangs='',$entconv=1)
 {
     global $db,$langs;
 
+    // Check parameters
+    if (empty($id))
+    {
+    	if ($withcode === 'all') return array('id'=>'','code'=>'','label'=>'');
+    	else return '';
+    }
     if (! is_object($dbtouse)) $dbtouse=$db;
     if (! is_object($outputlangs)) $outputlangs=$langs;
 
     $sql = "SELECT rowid, code, libelle FROM ".MAIN_DB_PREFIX."c_pays";
     if (is_numeric($id)) $sql.= " WHERE rowid=".$id;
-    else $sql.= " WHERE code='".$id."'";
+    else $sql.= " WHERE code='".$db->escape($id)."'";
 
     dol_syslog("Company.lib::getCountry sql=".$sql);
     $resql=$dbtouse->query($sql);
@@ -251,10 +257,11 @@ function getCountry($id,$withcode='',$dbtouse=0,$outputlangs='',$entconv=1)
         }
         else
         {
-            return "NotDefined";
+            return 'NotDefined';
         }
     }
     else dol_print_error($dbtouse,'');
+    return 'Error';
 }
 
 /**