lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #18646 from ksar-ksar/patch-8

Browse Source 
FIX #18591 : Remove double quotes of SQL Queries
This commit is contained in:
Laurent Destailleur 2021-09-09 04:36:48 +02:00 committed by GitHub
commit e20e80fae3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
htdocs/core/class/dolreceiptprinter.class.php
View File

@ -386,9 +386,9 @@ class dolReceiptPrinter extends Printer
{
global $conf;
$error = 0;
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'printer_receipt';
$sql .= ' (name, fk_type, fk_profile, parameter, entity)';
$sql .= ' VALUES ("'.$this->db->escape($name).'", '.$type.', '.$profile.', "'.$this->db->escape($parameter).'", '.$conf->entity.')';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."printer_receipt";
$sql .= " (name, fk_type, fk_profile, parameter, entity)";
$sql .= " VALUES ('".$this->db->escape($name)."', ".$type.", ".$profile.", '".$this->db->escape($parameter)."', ".$conf->entity.")";
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -411,12 +411,12 @@ class dolReceiptPrinter extends Printer
{
global $conf;
$error = 0;
$sql = 'UPDATE '.MAIN_DB_PREFIX.'printer_receipt';
$sql .= ' SET name="'.$this->db->escape($name).'"';
$sql .= ', fk_type='.$type;
$sql .= ', fk_profile='.$profile;
$sql .= ', parameter="'.$this->db->escape($parameter).'"';
$sql .= ' WHERE rowid='.$printerid;
$sql = "UPDATE ".MAIN_DB_PREFIX."printer_receipt";
$sql .= " SET name='".$this->db->escape($name)."'";
$sql .= ", fk_type=".$type;
$sql .= ", fk_profile=".$profile;
$sql .= ", parameter='".$this->db->escape($parameter)."'";
$sql .= " WHERE rowid=".$printerid;
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -456,9 +456,9 @@ class dolReceiptPrinter extends Printer
{
global $conf;
$error = 0;
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'printer_receipt_template';
$sql .= ' (name, template, entity) VALUES ("'.$this->db->escape($name).'"';
$sql .= ', "'.$this->db->escape($template).'", '.$conf->entity.')';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."printer_receipt_template";
$sql .= " (name, template, entity) VALUES ('".$this->db->escape($name)."'";
$sql .= ", '".$this->db->escape($template)."', ".$conf->entity.")";
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -500,10 +500,10 @@ class dolReceiptPrinter extends Printer
{
global $conf;
$error = 0;
$sql = 'UPDATE '.MAIN_DB_PREFIX.'printer_receipt_template';
$sql .= ' SET name="'.$this->db->escape($name).'"';
$sql .= ', template="'.$this->db->escape($template).'"';
$sql .= ' WHERE rowid='.$templateid;
$sql = "UPDATE ".MAIN_DB_PREFIX."printer_receipt_template";
$sql .= " SET name='".$this->db->escape($name)."'";
$sql .= ", template='".$this->db->escape($template)."'";
$sql .= " WHERE rowid=".$templateid;
$resql = $this->db->query($sql);
if (!$resql) {
$error++;