From 744b84cb09f53f4856b0e707492b42cb0f983ba5 Mon Sep 17 00:00:00 2001
From: Eric Seigne <eric.seigne@cap-rel.fr>
Date: Fri, 4 Mar 2022 15:20:50 +0100
Subject: [PATCH 1/2] fix #20270 : use product_id in sql only if product_id is
 defined

---
 htdocs/product/class/product.class.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index e4724eb051c..dc9a08a24c7 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -1803,7 +1803,9 @@ class Product extends CommonObject
                 $sql .= " ,pfp.multicurrency_price, pfp.multicurrency_unitprice, pfp.multicurrency_tx, pfp.fk_multicurrency, pfp.multicurrency_code";
 				if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) $sql .= ", pfp.packaging";
                 $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
-                $sql .= " WHERE pfp.fk_product = ".$product_id;
+                $sql .= " WHERE 1=1";
+                if ($product_id != 0) { $sql .= " AND pfp.fk_product = '".$product_id."'";
+                }
                 if ($fourn_ref != 'none') { $sql .= " AND pfp.ref_fourn = '".$fourn_ref."'";
                 }
                 if ($fk_soc > 0) { $sql .= " AND pfp.fk_soc = ".$fk_soc;

From e13038dc3058b2a4b00c8938cbf5eee18096a95c Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 7 Mar 2022 14:06:54 +0100
Subject: [PATCH 2/2] Update product.class.php

---
 htdocs/product/class/product.class.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index dc9a08a24c7..b08ccb139ba 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -1803,8 +1803,9 @@ class Product extends CommonObject
                 $sql .= " ,pfp.multicurrency_price, pfp.multicurrency_unitprice, pfp.multicurrency_tx, pfp.fk_multicurrency, pfp.multicurrency_code";
 				if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) $sql .= ", pfp.packaging";
                 $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
-                $sql .= " WHERE 1=1";
-                if ($product_id != 0) { $sql .= " AND pfp.fk_product = '".$product_id."'";
+                $sql .= " WHERE 1 = 1";
+                if ($product_id > 0) { 
+					$sql .= " AND pfp.fk_product = ".((int) $product_id);
                 }
                 if ($fourn_ref != 'none') { $sql .= " AND pfp.ref_fourn = '".$fourn_ref."'";
                 }