FIX #yogosha5746 - next step (work in progress)

htdocs/accountancy/admin/account.php

@@ -218,7 +218,7 @@ if ($db->type == 'pgsql') {
 } else {
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = aa.account_parent AND a2.entity = ".$conf->entity;
 }
-$sql .= " WHERE asy.rowid = ".$pcgver;
+$sql .= " WHERE asy.rowid = ".((int) $pcgver);
 //print $sql;
 if (strlen(trim($search_account))) {
 	$lengthpaddingaccount = 0;

htdocs/accountancy/bookkeeping/list.php

@@ -520,7 +520,7 @@ if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->ex
 					$sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping";
 					$sql .= " SET date_export = '".$db->idate($now)."'";
 					$sql .= " , date_validated = '".$db->idate($now)."'";
-					$sql .= " WHERE rowid = ".$movement->id;
+					$sql .= " WHERE rowid = ".((int) $movement->id);
 
 					dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported sql=".$sql, LOG_DEBUG);
 					$result = $db->query($sql);

htdocs/accountancy/class/accountancycategory.class.php

@@ -428,7 +428,7 @@ class AccountancyCategory // extends CommonObject
 		global $conf;
 		$sql = "SELECT t.rowid, t.account_number, t.label";
 		$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t";
-		$sql .= " WHERE t.fk_accounting_category = ".$id;
+		$sql .= " WHERE t.fk_accounting_category = ".((int) $id);
 		$sql .= " AND t.entity = ".$conf->entity;
 
 		$this->lines_display = array();

htdocs/accountancy/closure/index.php

@@ -91,9 +91,9 @@ if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting-
 
 				$sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping";
 				$sql .= " SET date_validated = '".$db->idate($now)."'";
-				$sql .= " WHERE rowid = ".$movement->id;
-				$sql .= " AND doc_date >= '" . dol_print_date($date_start, 'dayrfc') . "'";
-				$sql .= " AND doc_date <= '" . dol_print_date($date_end, 'dayrfc') . "'";
+				$sql .= " WHERE rowid = ".((int) $movement->id);
+				$sql .= " AND doc_date >= '" . $db->idate($date_start) . "'";
+				$sql .= " AND doc_date <= '" . $db->idate($date_end) . "'";
 
 				dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated sql=".$sql, LOG_DEBUG);
 				$result = $db->query($sql);

htdocs/accountancy/customer/index.php

@@ -208,7 +208,7 @@ if ($action == 'validatehistory') {
 			if ($objp->aarowid_suggest > 0) {
 				$sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facturedet";
 				$sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest);
-				$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid;
+				$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid);
 
 				$resqlupdate = $db->query($sqlupdate);
 				if (!$resqlupdate) {

htdocs/accountancy/expensereport/list.php

@@ -154,7 +154,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) {
 			} else {
 				$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det";
 				$sql .= " SET fk_code_ventilation = ".((int) $monCompte);
-				$sql .= " WHERE rowid = ".$monId;
+				$sql .= " WHERE rowid = ".((int) $monId);
 
 				$accountventilated = new AccountingAccount($db);
 				$accountventilated->fetch($monCompte, '', 1);

htdocs/accountancy/supplier/index.php

@@ -194,7 +194,7 @@ if ($action == 'validatehistory') {
 			if ($objp->aarowid_suggest > 0) {
 				$sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
 				$sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest);
-				$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid;
+				$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid);
 
 				$resqlupdate = $db->query($sqlupdate);
 				if (!$resqlupdate) {

htdocs/accountancy/supplier/list.php

@@ -178,7 +178,7 @@ if ($massaction == 'ventil') {
 			} else {
 				$sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
 				$sql .= " SET fk_code_ventilation = ".((int) $monCompte);
-				$sql .= " WHERE rowid = ".$monId;
+				$sql .= " WHERE rowid = ".((int) $monId);
 
 				$accountventilated = new AccountingAccount($db);
 				$accountventilated->fetch($monCompte, '', 1);

htdocs/adherents/canvas/actions_adherentcard_common.class.php

@@ -273,7 +273,7 @@ abstract class ActionsAdherentCardCommon
 
 		// We set country_id, and country_code label of the chosen country
 		if ($this->object->country_id) {
-			$sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id;
+			$sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id);
 			$resql = $this->db->query($sql);
 			if ($resql) {
 				$obj = $this->db->fetch_object($resql);

htdocs/adherents/class/adherent.class.php

@@ -692,7 +692,7 @@ class Adherent extends CommonObject
 			$sql .= ", datevalid = '".$this->db->idate($this->datevalid)."'"; // Must be modified only when validating a member
 		}
 		$sql .= ", fk_user_mod = ".($user->id > 0 ? $user->id : 'null'); // Can be null because member can be create by a guest
-		$sql .= " WHERE rowid = ".$this->id;
+		$sql .= " WHERE rowid = ".((int) $this->id);
 
 		// If we change the type of membership, we set also label of new type
 		if (!empty($this->oldcopy) && $this->typeid != $this->oldcopy->typeid) {
@@ -964,7 +964,7 @@ class Adherent extends CommonObject
 		}
 
 		// Remove category
-		$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".$rowid;
+		$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".((int) $rowid);
 		dol_syslog(get_class($this)."::delete", LOG_DEBUG);
 		$resql = $this->db->query($sql);
 		if (!$resql) {
@@ -975,7 +975,7 @@ class Adherent extends CommonObject
 
 		// Remove subscription
 		if (!$error) {
-			$sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".$rowid;
+			$sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".((int) $rowid);
 			dol_syslog(get_class($this)."::delete", LOG_DEBUG);
 			$resql = $this->db->query($sql);
 			if (!$resql) {
@@ -1007,7 +1007,7 @@ class Adherent extends CommonObject
 
 		// Remove adherent
 		if (!$error) {
-			$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".$rowid;
+			$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".((int) $rowid);
 			dol_syslog(get_class($this)."::delete", LOG_DEBUG);
 			$resql = $this->db->query($sql);
 			if (!$resql) {
@@ -1154,7 +1154,7 @@ class Adherent extends CommonObject
 		// Set link to user
 		if ($userid > 0) {
 			$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id);
-			$sql .= " WHERE rowid = ".$userid;
+			$sql .= " WHERE rowid = ".((int) $userid);
 			dol_syslog(get_class($this)."::setUserId", LOG_DEBUG);
 			$resql = $this->db->query($sql);
 			if (!$resql) {

htdocs/adherents/class/adherent_type.class.php

@@ -425,7 +425,7 @@ class AdherentType extends CommonObject
 		$error = 0;
 
 		$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent_type";
-		$sql .= " WHERE rowid = ".$this->id;
+		$sql .= " WHERE rowid = ".((int) $this->id);
 
 		$resql = $this->db->query($sql);
 		if ($resql) {

htdocs/adherents/class/adherentstats.class.php

@@ -72,7 +72,7 @@ class AdherentStats extends Stats
 		$this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")";
 		//if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
 		if ($this->memberid) {
-			$this->where .= " AND m.rowid = ".$this->memberid;
+			$this->where .= " AND m.rowid = ".((int) $this->memberid);
 		}
 		//if ($this->userid > 0) $this->where.=' AND fk_user_author = '.$this->userid;
 	}

htdocs/admin/boxes.php

@@ -93,7 +93,7 @@ if ($action == 'add') {
 						$arrayofexistingboxid = array();
 						$nbboxonleft = $nbboxonright = 0;
 						$sql = "SELECT box_id, box_order FROM ".MAIN_DB_PREFIX."boxes";
-						$sql .= " WHERE position = ".$pos." AND fk_user = ".$fk_user." AND entity = ".$conf->entity;
+						$sql .= " WHERE position = ".((int) $pos)." AND fk_user = ".((int) $fk_user)." AND entity = ".((int) $conf->entity);
 						dol_syslog("boxes.php activate box", LOG_DEBUG);
 						$resql = $db->query($sql);
 						if ($resql) {

htdocs/admin/external_rss.php

@@ -140,7 +140,7 @@ if (GETPOST("delete")) {
 				$resql = $db->query($sql);
 
 				$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def";
-				$sql .= " WHERE rowid = ".$obj->rowid;
+				$sql .= " WHERE rowid = ".((int) $obj->rowid);
 				$resql = $db->query($sql);
 
 				if (!$resql) {

htdocs/admin/menus/index.php

@@ -162,13 +162,13 @@ if ($action == 'up') {
 	}
 
 	$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m";
-	$sql .= " SET m.position = ".($current['order'] != $next['order'] ? $next['order'] : $current['order'] + 1); // Down the selected entry
-	$sql .= " WHERE m.rowid = ".$current['rowid'];
+	$sql .= " SET m.position = ".((int) ($current['order'] != $next['order'] ? $next['order'] : $current['order'] + 1)); // Down the selected entry
+	$sql .= " WHERE m.rowid = ".((int) $current['rowid']);
 	dol_syslog("admin/menus/index.php ".$sql);
 	$db->query($sql);
 	$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m"; // Up the next entry
-	$sql .= " SET m.position = ".$current['order'];
-	$sql .= " WHERE m.rowid = ".$next['rowid'];
+	$sql .= " SET m.position = ".((int) $current['order']);
+	$sql .= " WHERE m.rowid = ".((int) $next['rowid']);
 	dol_syslog("admin/menus/index.php ".$sql);
 	$db->query($sql);
 } elseif ($action == 'confirm_delete' && $confirm == 'yes') {

htdocs/admin/translation.php

@@ -168,7 +168,7 @@ if ($action == 'add') {
 
 // Delete line from delete picto
 if ($action == 'delete') {
-	$sql = "DELETE FROM ".MAIN_DB_PREFIX."overwrite_trans WHERE rowid = ".$db->escape($id);
+	$sql = "DELETE FROM ".MAIN_DB_PREFIX."overwrite_trans WHERE rowid = ".((int) $id);
 	$result = $db->query($sql);
 	if ($result >= 0) {
 		setEventMessages($langs->trans("RecordDeleted"), null, 'mesgs');

htdocs/api/class/api_setup.class.php

@@ -73,7 +73,7 @@ class Setup extends DolibarrApi
 
 		$sql = "SELECT rowid, code, libelle as label, module";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_input_method as t";
-		$sql .= " WHERE t.active = ".$active;
+		$sql .= " WHERE t.active = ".((int) $active);
 		// Add sql filters
 		if ($sqlfilters) {
 			if (!DolibarrApi::_checkFilters($sqlfilters)) {
@@ -136,7 +136,7 @@ class Setup extends DolibarrApi
 
 		$sql = "SELECT rowid, code, label, module";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_input_reason as t";
-		$sql .= " WHERE t.active = ".$active;
+		$sql .= " WHERE t.active = ".((int) $active);
 		// Add sql filters
 		if ($sqlfilters) {
 			if (!DolibarrApi::_checkFilters($sqlfilters)) {
@@ -539,7 +539,7 @@ class Setup extends DolibarrApi
 
 		$sql = "SELECT rowid, code, label";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_availability as t";
-		$sql .= " WHERE t.active = ".$active;
+		$sql .= " WHERE t.active = ".((int) $active);
 		// Add sql filters
 		if ($sqlfilters) {
 			if (!DolibarrApi::_checkFilters($sqlfilters)) {
@@ -648,7 +648,7 @@ class Setup extends DolibarrApi
 
 		$sql = "SELECT id, code, type, libelle as label, module";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_actioncomm as t";
-		$sql .= " WHERE t.active = ".$active;
+		$sql .= " WHERE t.active = ".((int) $active);
 		if ($type) {
 			$sql .= " AND t.type LIKE '%".$this->db->escape($type)."%'";
 		}
@@ -714,7 +714,7 @@ class Setup extends DolibarrApi
 
 		$sql = "SELECT id, code, label, accountancy_code, active, module, position";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees as t";
-		$sql .= " WHERE t.active = ".$active;
+		$sql .= " WHERE t.active = ".((int) $active);
 		if ($module) {
 			$sql .= " AND t.module LIKE '%".$this->db->escape($module)."%'";
 		}
@@ -778,7 +778,7 @@ class Setup extends DolibarrApi
 
 		$sql = "SELECT rowid, code, element as type, libelle as label, source, module, position";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_type_contact as t";
-		$sql .= " WHERE t.active = ".$active;
+		$sql .= " WHERE t.active = ".((int) $active);
 		if ($type) {
 			$sql .= " AND type LIKE '%".$this->db->escape($type)."%'";
 		}
@@ -843,7 +843,7 @@ class Setup extends DolibarrApi
 
 		$sql = "SELECT rowid, code, label, module";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_civility as t";
-		$sql .= " WHERE t.active = ".$active;
+		$sql .= " WHERE t.active = ".((int) $active);
 		if ($module) {
 			$sql .= " AND t.module LIKE '%".$this->db->escape($module)."%'";
 		}
@@ -911,7 +911,7 @@ class Setup extends DolibarrApi
 			$sql .= " JOIN ".MAIN_DB_PREFIX."multicurrency as m ON m.code=t.code_iso";
 			$sql .= " JOIN ".MAIN_DB_PREFIX."multicurrency_rate as cr ON (m.rowid = cr.fk_multicurrency)";
 		}
-		$sql .= " WHERE t.active = ".$active;
+		$sql .= " WHERE t.active = ".((int) $active);
 		if (!empty($multicurrency)) {
 			$sql .= " AND m.entity IN (".getEntity('multicurrency').")";
 			if (!empty($multicurrency) && $multicurrency != 2) {
@@ -1242,7 +1242,7 @@ class Setup extends DolibarrApi
 		//TODO link with multicurrency module
 		$sql = "SELECT t.rowid, t.code, t.label,t.short_label, t.active, t.scale, t.unit_type";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_units as t";
-		$sql .= " WHERE t.active = ".$active;
+		$sql .= " WHERE t.active = ".((int) $active);
 		// Add sql filters
 		if ($sqlfilters) {
 			if (!DolibarrApi::_checkFilters($sqlfilters)) {
@@ -1365,7 +1365,7 @@ class Setup extends DolibarrApi
 
 		$sql = "SELECT rowid, code, pos,  label, use_default, description";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_category as t";
-		$sql .= " WHERE t.active = ".$active;
+		$sql .= " WHERE t.active = ".((int) $active);
 		// Add sql filters
 		if ($sqlfilters) {
 			if (!DolibarrApi::_checkFilters($sqlfilters)) {
@@ -1423,7 +1423,7 @@ class Setup extends DolibarrApi
 
 		$sql = "SELECT rowid, code, pos,  label, use_default, color, description";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_severity as t";
-		$sql .= " WHERE t.active = ".$active;
+		$sql .= " WHERE t.active = ".((int) $active);
 		// Add sql filters
 		if ($sqlfilters) {
 			if (!DolibarrApi::_checkFilters($sqlfilters)) {

htdocs/asset/class/asset_type.class.php

@@ -238,7 +238,7 @@ class AssetType extends CommonObject
 		$error = 0;
 
 		$sql = "DELETE FROM ".MAIN_DB_PREFIX."asset_type";
-		$sql .= " WHERE rowid = ".$this->id;
+		$sql .= " WHERE rowid = ".((int) $this->id);
 
 		$resql = $this->db->query($sql);
 		if ($resql) {

htdocs/categories/class/categorie.class.php

@@ -869,7 +869,7 @@ class Categorie extends CommonObject
 	public function containsObject($type, $object_id)
 	{
 		$sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]);
-		$sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".$object_id;
+		$sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id);
 		dol_syslog(get_class($this)."::containsObject", LOG_DEBUG);
 		$resql = $this->db->query($sql);
 		if ($resql) {

htdocs/comm/mailing/card.php

@@ -149,7 +149,7 @@ if (empty($reshook)) {
 			// or sent in error (statut=-1)
 			$sql = "SELECT mc.rowid, mc.fk_mailing, mc.lastname, mc.firstname, mc.email, mc.other, mc.source_url, mc.source_id, mc.source_type, mc.tag";
 			$sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc";
-			$sql .= " WHERE mc.statut < 1 AND mc.fk_mailing = ".$object->id;
+			$sql .= " WHERE mc.statut < 1 AND mc.fk_mailing = ".((int) $object->id);
 			$sql .= " ORDER BY mc.statut DESC"; // first status 0, then status -1
 
 			dol_syslog("card.php: select targets", LOG_DEBUG);

htdocs/comm/mailing/class/advtargetemailing.class.php

@@ -284,9 +284,9 @@ class AdvanceTargetingMailing extends CommonObject
 
 		$sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t";
 		if (!empty($id)) {
-			$sql .= " WHERE t.fk_element = ".$id." AND type_element='mailing'";
+			$sql .= " WHERE t.fk_element = ".((int) $id)." AND type_element = 'mailing'";
 		} else {
-			$sql .= " WHERE t.fk_element = ".$this->fk_element."  AND type_element='mailing'";
+			$sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = 'mailing'";
 		}
 
 		dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);
@@ -347,9 +347,9 @@ class AdvanceTargetingMailing extends CommonObject
 
 		$sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t";
 		if (!empty($id)) {
-			$sql .= " WHERE t.fk_element = ".$id." AND type_element='$type_element'";
+			$sql .= " WHERE t.fk_element = ".((int) $id)." AND type_element = '".$this->db->escape($type_element)."'";
 		} else {
-			$sql .= " WHERE t.fk_element = ".$this->fk_element."  AND type_element='$type_element'";
+			$sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = '".$this->db->escape($type_element)."'";
 		}
 
 		dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);

htdocs/comm/mailing/class/mailing.class.php

@@ -427,7 +427,7 @@ class Mailing extends CommonObject
 				$sql .= " source_id ,";
 				$sql .= " source_type";
 				$sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles";
-				$sql .= " WHERE fk_mailing = ".$fromid;
+				$sql .= " WHERE fk_mailing = ".((int) $fromid);
 
 				$result = $this->db->query($sql);
 				if ($result) {
@@ -499,7 +499,7 @@ class Mailing extends CommonObject
 	public function delete($rowid)
 	{
 		$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing";
-		$sql .= " WHERE rowid = ".$rowid;
+		$sql .= " WHERE rowid = ".((int) $rowid);
 
 		dol_syslog("Mailing::delete", LOG_DEBUG);
 		$resql = $this->db->query($sql);

htdocs/comm/propal/class/propal.class.php

@@ -2886,7 +2886,7 @@ class Propal extends CommonObject
 		// Delete extrafields of lines and lines
 		if (!$error && !empty($this->table_element_line)) {
 			$tabletodelete = $this->table_element_line;
-			$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")";
+			$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")";
 			$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id;
 			if (!$this->db->query($sqlef) || !$this->db->query($sql)) {
 				$error++;

htdocs/commande/card.php

@@ -423,7 +423,7 @@ if (empty($reshook)) {
 								$originidforcontact=$srcobject->origin_id;
 							}
 							$sqlcontact = "SELECT code, fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
-							$sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'";
+							$sqlcontact.= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'";
 
 							$resqlcontact = $db->query($sqlcontact);
 							if ($resqlcontact)

htdocs/commande/class/commande.class.php

@@ -1113,7 +1113,7 @@ class Commande extends CommonOrder
 						}
 
 						$sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
-						$sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
+						$sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
 
 						$resqlcontact = $this->db->query($sqlcontact);
 						if ($resqlcontact) {
@@ -2331,7 +2331,7 @@ class Commande extends CommonOrder
 
 			$sql = "SELECT fk_product, qty";
 			$sql .= " FROM ".MAIN_DB_PREFIX."commandedet";
-			$sql .= " WHERE rowid = ".$lineid;
+			$sql .= " WHERE rowid = ".((int) $lineid);
 
 			$result = $this->db->query($sql);
 			if ($result) {

htdocs/compta/bank/class/account.class.php

@@ -451,9 +451,9 @@ class Account extends CommonObject
 		$sql = "SELECT fk_bank, url_id, url, label, type";
 		$sql .= " FROM ".MAIN_DB_PREFIX."bank_url";
 		if ($fk_bank > 0) {
-			$sql .= " WHERE fk_bank = ".$fk_bank;
+			$sql .= " WHERE fk_bank = ".((int) $fk_bank);
 		} else {
-			$sql .= " WHERE url_id = ".$url_id." AND type = '".$this->db->escape($type)."'";
+			$sql .= " WHERE url_id = ".((int) $url_id)." AND type = '".$this->db->escape($type)."'";
 		}
 		$sql .= " ORDER BY type, label";
 
@@ -2435,7 +2435,7 @@ class AccountLine extends CommonObject
 
 		$type = 'bank';
 
-		$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id;
+		$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id);
 		$resql = $this->db->query($sql);
 		if ($resql) {
 			$obj = $this->db->fetch_object($resql);

htdocs/compta/bank/class/api_bankaccounts.class.php

@@ -425,7 +425,7 @@ class BankAccounts extends DolibarrApi
 		}
 
 		$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."bank ";
-		$sql .= " WHERE fk_account = ".$id;
+		$sql .= " WHERE fk_account = ".((int) $id);
 
 		// Add sql filters
 		if ($sqlfilters) {

htdocs/compta/bank/class/paymentvarious.class.php

@@ -783,7 +783,7 @@ class PaymentVarious extends CommonObject
 
 		$type = 'bank';
 
-		$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$banklineid;
+		$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $banklineid);
 		$resql = $this->db->query($sql);
 		if ($resql) {
 			$obj = $this->db->fetch_object($resql);

htdocs/compta/bank/line.php

@@ -107,7 +107,7 @@ if ($user->rights->banque->consolidate && $action == 'donext') {
 if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->banque->modifier) {
 	$cat1 = GETPOST("cat1", 'int');
 	if (!empty($rowid) && !empty($cat1)) {
-		$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".$cat1;
+		$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".((int) $rowid)." AND fk_categ = ".((int) $cat1);
 		if (!$db->query($sql)) {
 			dol_print_error($db);
 		}
@@ -174,7 +174,7 @@ if ($user->rights->banque->modifier && $action == "update") {
 			}
 		}
 		$sql .= " fk_account = ".$actarget->id;
-		$sql .= " WHERE rowid = ".$acline->id;
+		$sql .= " WHERE rowid = ".((int) $acline->id);
 
 		$result = $db->query($sql);
 		if (!$result) {
@@ -183,14 +183,14 @@ if ($user->rights->banque->modifier && $action == "update") {
 
 		if (!$error) {
 			$arrayofcategs = GETPOST('custcats', 'array');
-			$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid;
+			$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".((int) $rowid);
 			if (!$db->query($sql)) {
 				$error++;
 				dol_print_error($db);
 			}
 			if (count($arrayofcategs)) {
 				foreach ($arrayofcategs as $val) {
-					$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".$val.")";
+					$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".((int) $rowid).", ".((int) $val).")";
 					if (!$db->query($sql)) {
 						$error++;
 						dol_print_error($db);
@@ -229,9 +229,9 @@ if ($user->rights->banque->consolidate && ($action == 'num_releve' || $action ==
 		if (empty($num_rel)) {
 			$sql .= ", rappro = 0";
 		} else {
-			$sql .= ", rappro = ".$rappro;
+			$sql .= ", rappro = ".((int) $rappro);
 		}
-		$sql .= " WHERE rowid = ".$rowid;
+		$sql .= " WHERE rowid = ".((int) $rowid);
 
 		dol_syslog("line.php", LOG_DEBUG);
 		$result = $db->query($sql);

htdocs/compta/bank/releve.php

@@ -232,7 +232,7 @@ if (empty($numref)) {
 	// List of all standing receipts
 	$sql = "SELECT DISTINCT(b.num_releve) as numr";
 	$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
-	$sql .= " WHERE b.fk_account = ".$object->id;
+	$sql .= " WHERE b.fk_account = ".((int) $object->id);
 	$sql .= $db->order($sortfield, $sortorder);
 
 	// Count total nb of records

htdocs/compta/cashcontrol/cashcontrol_card.php

@@ -304,7 +304,7 @@ if ($action == "create" || $action == "start" || $action == 'close') {
 
 			if ($bankid > 0) {
 				$sql = "SELECT SUM(amount) as total FROM ".MAIN_DB_PREFIX."bank";
-				$sql .= " WHERE fk_account = ".$bankid;
+				$sql .= " WHERE fk_account = ".((int) $bankid);
 				if ($syear && !$smonth) {
 					$sql .= " AND dateo < '".$db->idate(dol_get_first_day($syear, 1))."'";
 				} elseif ($syear && $smonth && !$sday) {

htdocs/compta/charges/index.php

@@ -405,7 +405,7 @@ while ($j < $numlt) {
 
 	$sql = "SELECT pv.rowid, pv.amount, pv.label, pv.datev as dm, pv.datep as dp";
 	$sql .= " FROM ".MAIN_DB_PREFIX."localtax as pv";
-	$sql .= " WHERE pv.entity = ".$conf->entity." AND localtaxtype = ".$j;
+	$sql .= " WHERE pv.entity = ".$conf->entity." AND localtaxtype = ".((int) $j);
 	if ($year > 0) {
 		// Si period renseignee on l'utilise comme critere de date, sinon on prend date echeance,
 		// ceci afin d'etre compatible avec les cas ou la periode n'etait pas obligatoire

htdocs/compta/deplacement/class/deplacement.class.php

@@ -441,7 +441,7 @@ class Deplacement extends CommonObject
 
 		$sql = "SELECT id, code, label";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees";
-		$sql .= " WHERE active = ".$active;
+		$sql .= " WHERE active = ".((int) $active);
 
 		dol_syslog(get_class($this)."::listOfTypes", LOG_DEBUG);
 		$result = $this->db->query($sql);

htdocs/compta/deplacement/class/deplacementstats.class.php

@@ -102,7 +102,7 @@ class DeplacementStats extends Stats
 	{
 		$sql = "SELECT MONTH(dated) as dm, count(*)";
 		$sql .= " FROM ".$this->from;
-		$sql .= " WHERE YEAR(dated) = ".$year;
+		$sql .= " WHERE YEAR(dated) = ".((int) $year);
 		$sql .= " AND ".$this->where;
 		$sql .= " GROUP BY dm";
 		$sql .= $this->db->order('dm', 'DESC');

htdocs/compta/facture/card.php

@@ -1743,7 +1743,7 @@ if (empty($reshook)) {
 								$originidforcontact=$srcobject->origin_id;
 							}
 							$sqlcontact = "SELECT code, fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
-							$sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'";
+							$sqlcontact.= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'";
 
 							$resqlcontact = $db->query($sqlcontact);
 							if ($resqlcontact)

htdocs/compta/facture/class/api_invoices.class.php

@@ -1142,7 +1142,7 @@ class Invoices extends DolibarrApi
 				$sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,";
 				$sql .= " re.description, re.fk_facture_source";
 				$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re";
-				$sql .= " WHERE fk_facture = ".$this->invoice->id;
+				$sql .= " WHERE fk_facture = ".((int) $this->invoice->id);
 				$resql = $this->db->query($sql);
 				if (!empty($resql)) {
 					while ($obj = $this->db->fetch_object($resql)) {

htdocs/compta/facture/class/facture-rec.class.php

@@ -762,12 +762,12 @@ class FactureRec extends CommonInvoice
 
 		$main = MAIN_DB_PREFIX.'facturedet_rec';
 		$ef = $main."_extrafields";
-		$sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_facture = $rowid)";
+		$sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid);
 		dol_syslog($sqlef);
-		$sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet_rec WHERE fk_facture = ".$rowid;
+		$sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet_rec WHERE fk_facture = ".((int) $rowid);
 		dol_syslog($sql);
 		if ($this->db->query($sqlef) && $this->db->query($sql)) {
-			$sql = "DELETE FROM ".MAIN_DB_PREFIX."facture_rec WHERE rowid = ".$rowid;
+			$sql = "DELETE FROM ".MAIN_DB_PREFIX."facture_rec WHERE rowid = ".((int) $rowid);
 			dol_syslog($sql);
 			if ($this->db->query($sql)) {
 				// Delete linked object
@@ -1151,7 +1151,7 @@ class FactureRec extends CommonInvoice
 			$sql .= ', multicurrency_total_ht = '.$multicurrency_total_ht;
 			$sql .= ', multicurrency_total_tva = '.$multicurrency_total_tva;
 			$sql .= ', multicurrency_total_ttc = '.$multicurrency_total_ttc;
-			$sql .= " WHERE rowid = ".$rowid;
+			$sql .= " WHERE rowid = ".((int) $rowid);
 
 			dol_syslog(get_class($this)."::updateline", LOG_DEBUG);
 			if ($this->db->query($sql)) {

htdocs/compta/facture/class/facture.class.php

@@ -751,7 +751,7 @@ class Facture extends CommonInvoice
 				}
 
 				$sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
-				$sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
+				$sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
 
 				$resqlcontact = $this->db->query($sqlcontact);
 				if ($resqlcontact) {

htdocs/compta/facture/list.php

@@ -382,7 +382,7 @@ if ($massaction == 'makepayment') {
 				$rsql .= " , u.rowid as user_id, u.lastname, u.firstname, u.login";
 				$rsql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd";
 				$rsql .= " , ".MAIN_DB_PREFIX."user as u";
-				$rsql .= " WHERE fk_facture = ".$objecttmp->id;
+				$rsql .= " WHERE fk_facture = ".((int) $objecttmp->id);
 				$rsql .= " AND pfd.fk_user_demande = u.rowid";
 				$rsql .= " AND pfd.traite = 0";
 				$rsql .= " ORDER BY pfd.date_demande DESC";

htdocs/compta/localtax/list.php

@@ -54,7 +54,7 @@ print load_fiche_titre($langs->transcountry($ltt == 2 ? "LT2Payments" : "LT1Paym
 
 $sql = "SELECT rowid, amount, label, f.datev, f.datep";
 $sql .= " FROM ".MAIN_DB_PREFIX."localtax as f ";
-$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype = ".$db->escape($ltt);
+$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype = ".((int) $ltt);
 $sql .= " ORDER BY datev DESC";
 
 $result = $db->query($sql);

htdocs/compta/paiement_charge.php

@@ -193,7 +193,7 @@ if ($action == 'create') {
 
 	$sql = "SELECT sum(p.amount) as total";
 	$sql .= " FROM ".MAIN_DB_PREFIX."paiementcharge as p";
-	$sql .= " WHERE p.fk_charge = ".$chid;
+	$sql .= " WHERE p.fk_charge = ".((int) $chid);
 	$resql = $db->query($sql);
 	if ($resql) {
 		$obj = $db->fetch_object($resql);

htdocs/compta/paiement_vat.php

@@ -189,7 +189,7 @@ if ($action == 'create') {
 
 	$sql = "SELECT sum(p.amount) as total";
 	$sql .= " FROM ".MAIN_DB_PREFIX."payment_vat as p";
-	$sql .= " WHERE p.fk_tva = ".$chid;
+	$sql .= " WHERE p.fk_tva = ".((int) $chid);
 	$resql = $db->query($sql);
 	if ($resql) {
 		$obj = $db->fetch_object($resql);

htdocs/compta/prelevement/class/bonprelevement.class.php

@@ -1076,7 +1076,7 @@ class BonPrelevement extends CommonObject
 						$sql .= " SET traite = 1";
 						$sql .= ", date_traite = '".$this->db->idate($now)."'";
 						$sql .= ", fk_prelevement_bons = ".$this->id;
-						$sql .= " WHERE rowid = ".$fac[1];
+						$sql .= " WHERE rowid = ".((int) $fac[1]);
 
 						$resql = $this->db->query($sql);
 						if (!$resql) {
@@ -1139,7 +1139,7 @@ class BonPrelevement extends CommonObject
 			if (!$error) {
 				$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons";
 				$sql .= " SET amount = ".price2num($this->total);
-				$sql .= " WHERE rowid = ".$this->id;
+				$sql .= " WHERE rowid = ".((int) $this->id);
 				$sql .= " AND entity = ".$conf->entity;
 
 				$resql = $this->db->query($sql);
@@ -2107,7 +2107,7 @@ class BonPrelevement extends CommonObject
 		$sql = "SELECT rowid, ref";
 		$sql .= " FROM";
 		$sql .= " ".MAIN_DB_PREFIX."prelevement_bons as pb";
-		$sql .= " WHERE pb.rowid = ".$this->id;
+		$sql .= " WHERE pb.rowid = ".((int) $this->id);
 
 		$resql = $this->db->query($sql);
 		if ($resql) {

htdocs/compta/prelevement/fiche-stat.php

@@ -162,7 +162,7 @@ if ($prev_id > 0 || $ref) {
 
 	$sql = "SELECT sum(pl.amount), pl.statut";
 	$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes as pl";
-	$sql .= " WHERE pl.fk_prelevement_bons = ".$object->id;
+	$sql .= " WHERE pl.fk_prelevement_bons = ".((int) $object->id);
 	$sql .= " GROUP BY pl.statut";
 
 	$resql = $db->query($sql);

htdocs/compta/recap-compta.php

@@ -139,7 +139,7 @@ if ($id > 0) {
 		$sql .= " f.paye as paye, f.fk_statut as statut, f.rowid as facid,";
 		$sql .= " u.login, u.rowid as userid";
 		$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f,".MAIN_DB_PREFIX."user as u";
-		$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id;
+		$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id);
 		$sql .= " AND f.entity IN (".getEntity('invoice').")";
 		$sql .= " AND f.fk_user_valid = u.rowid";
 		$sql .= $db->order($sortfield, $sortorder);

htdocs/compta/sociales/card.php

@@ -613,7 +613,7 @@ if ($id > 0) {
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid';
 		$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepaiement = c.id";
 		$sql .= ", ".MAIN_DB_PREFIX."chargesociales as cs";
-		$sql .= " WHERE p.fk_charge = ".$id;
+		$sql .= " WHERE p.fk_charge = ".((int) $id);
 		$sql .= " AND p.fk_charge = cs.rowid";
 		$sql .= " AND cs.entity IN (".getEntity('tax').")";
 		$sql .= " ORDER BY dp DESC";

htdocs/compta/sociales/class/paymentsocialcontribution.class.php

@@ -636,7 +636,7 @@ class PaymentSocialContribution extends CommonObject
 	public function update_fk_bank($id_bank)
 	{
 		// phpcs:enable
-		$sql = "UPDATE ".MAIN_DB_PREFIX."paiementcharge SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".$this->id;
+		$sql = "UPDATE ".MAIN_DB_PREFIX."paiementcharge SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id);
 
 		dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG);
 		$result = $this->db->query($sql);

htdocs/compta/tva/card.php

@@ -618,7 +618,7 @@ if ($id) {
 	$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid';
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepaiement = c.id";
 	$sql .= ", ".MAIN_DB_PREFIX."tva as tva";
-	$sql .= " WHERE p.fk_tva = ".$id;
+	$sql .= " WHERE p.fk_tva = ".((int) $id);
 	$sql .= " AND p.fk_tva = tva.rowid";
 	$sql .= " AND tva.entity IN (".getEntity('tax').")";
 	$sql .= " ORDER BY dp DESC";

htdocs/contact/canvas/actions_contactcard_common.class.php

@@ -308,7 +308,7 @@ abstract class ActionsContactCardCommon
 
 		// We set country_id, and country_code label of the chosen country
 		if ($this->object->country_id) {
-			$sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id;
+			$sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id);
 			$resql = $this->db->query($sql);
 			if ($resql) {
 				$obj = $this->db->fetch_object($resql);

htdocs/contact/class/contact.class.php

@@ -1652,7 +1652,7 @@ class Contact extends CommonObject
 		// Desactive utilisateur
 		$sql = "UPDATE ".MAIN_DB_PREFIX."socpeople";
 		$sql .= " SET statut = ".((int) $this->statut);
-		$sql .= " WHERE rowid = ".$this->id;
+		$sql .= " WHERE rowid = ".((int) $this->id);
 		$result = $this->db->query($sql);
 
 		dol_syslog(get_class($this)."::setstatus", LOG_DEBUG);
@@ -1882,7 +1882,7 @@ class Contact extends CommonObject
 
 		$sql = "SELECT id, code, libelle as label, picto FROM ".MAIN_DB_PREFIX."c_stcommcontact";
 		if ($active >= 0) {
-			$sql .= " WHERE active = ".$active;
+			$sql .= " WHERE active = ".((int) $active);
 		}
 		$resql = $this->db->query($sql);
 		$num = $this->db->num_rows($resql);

htdocs/contact/consumption.php

@@ -258,7 +258,7 @@ if ($type_element == 'fichinter') { 	// Customer : show products from invoices
 	//    $documentstatic=new SupplierProposal($db);
 	//    $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, ';
 	//    $tables_from = MAIN_DB_PREFIX."supplier_proposal as c,".MAIN_DB_PREFIX."supplier_proposaldet as d";
-	//    $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid;
+	//    $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
 	//    $where.= " AND d.fk_supplier_proposal = c.rowid";
 	//    $where.= " AND c.entity = ".$conf->entity;
 	//    $dateprint = 'c.date_valid';

htdocs/contrat/class/contrat.class.php

@@ -1057,7 +1057,7 @@ class Contrat extends CommonObject
 					}
 
 					$sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
-					$sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
+					$sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
 
 					$resqlcontact = $this->db->query($sqlcontact);
 					if ($resqlcontact) {
@@ -1759,7 +1759,7 @@ class Contrat extends CommonObject
 			$sql .= ",date_cloture=null";
 		}
 		$sql .= ", fk_unit=".($fk_unit ? "'".$this->db->escape($fk_unit)."'" : "null");
-		$sql .= " WHERE rowid = ".$rowid;
+		$sql .= " WHERE rowid = ".((int) $rowid);
 
 		dol_syslog(get_class($this)."::updateline", LOG_DEBUG);
 		$result = $this->db->query($sql);

htdocs/core/boxes/box_accountancy_suspense_account.php

@@ -83,7 +83,7 @@ class box_accountancy_suspense_account extends ModeleBoxes
 			if (!empty($suspenseAccount) && $suspenseAccount > 0) {
 				$sql = "SELECT COUNT(*) as nb_suspense_account";
 				$sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as b";
-				$sql .= " WHERE b.numero_compte = ".$suspenseAccount;
+				$sql .= " WHERE b.numero_compte = '".$this->db->escape($suspenseAccount)."'";
 				$sql .= " AND b.entity = ".$conf->entity;
 
 				$result = $this->db->query($sql);

htdocs/core/boxes/box_bookmarks.php

@@ -87,7 +87,7 @@ class box_bookmarks extends ModeleBoxes
 		if ($user->rights->bookmark->lire) {
 			$sql = "SELECT b.title, b.url, b.target, b.favicon";
 			$sql .= " FROM ".MAIN_DB_PREFIX."bookmark as b";
-			$sql .= " WHERE fk_user = ".$user->id;
+			$sql .= " WHERE fk_user = ".((int) $user->id);
 			$sql .= " AND b.entity = ".$conf->entity;
 			$sql .= $this->db->order("position", "ASC");
 			$sql .= $this->db->plimit($max, 0);

htdocs/core/class/comment.class.php

@@ -365,7 +365,7 @@ class Comment extends CommonObject
 			$sql = "SELECT";
 			$sql .= " c.rowid";
 			$sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as c";
-			$sql .= " WHERE c.fk_element = ".$fk_element;
+			$sql .= " WHERE c.fk_element = ".((int) $fk_element);
 			$sql .= " AND c.element_type = '".$this->db->escape($element_type)."'";
 			$sql .= " AND c.entity = ".$conf->entity;
 			$sql .= " ORDER BY c.tms DESC";

htdocs/core/class/commonobject.class.php

@@ -1148,7 +1148,7 @@ abstract class CommonObject
 		if ($fk_socpeople) {
 			$sql .= ", fk_socpeople = ".((int) $fk_socpeople);
 		}
-		$sql .= " where rowid = ".$rowid;
+		$sql .= " where rowid = ".((int) $rowid);
 		$resql = $this->db->query($sql);
 		if ($resql) {
 			return 0;
@@ -1548,7 +1548,7 @@ abstract class CommonObject
 			$sql .= " ".MAIN_DB_PREFIX."socpeople as c,";
 		}
 		$sql .= " ".MAIN_DB_PREFIX."c_type_contact as tc";
-		$sql .= " WHERE ec.element_id = ".$id;
+		$sql .= " WHERE ec.element_id = ".((int) $id);
 		$sql .= " AND ec.fk_socpeople = c.rowid";
 		if ($source == 'internal') {
 			$sql .= " AND c.entity IN (".getEntity('user').")";
@@ -1564,7 +1564,7 @@ abstract class CommonObject
 		}
 		$sql .= " AND tc.active = 1";
 		if ($status) {
-			$sql .= " AND ec.statut = ".$status;
+			$sql .= " AND ec.statut = ".((int) $status);
 		}
 
 		dol_syslog(get_class($this)."::getIdContact", LOG_DEBUG);
@@ -1706,7 +1706,7 @@ abstract class CommonObject
 			if (empty($this->barcode_type) || empty($this->barcode_type_code) || empty($this->barcode_type_label) || empty($this->barcode_type_coder)) {    // If data not already loaded
 				$sql = "SELECT rowid, code, libelle as label, coder";
 				$sql .= " FROM ".MAIN_DB_PREFIX."c_barcode_type";
-				$sql .= " WHERE rowid = ".$idtype;
+				$sql .= " WHERE rowid = ".((int) $idtype);
 				dol_syslog(get_class($this).'::fetch_barcode', LOG_DEBUG);
 				$resql = $this->db->query($sql);
 				if ($resql) {
@@ -1939,7 +1939,7 @@ abstract class CommonObject
 			}
 		}
 
-		$sql .= " WHERE ".$id_field." = ".$id;
+		$sql .= " WHERE ".$id_field." = ".((int) $id);
 
 		dol_syslog(__METHOD__."", LOG_DEBUG);
 		$resql = $this->db->query($sql);
@@ -4263,7 +4263,7 @@ abstract class CommonObject
 			//print $id.'-'.$table.'-'.$elementname.'<br>';
 			// Check if third party can be deleted
 			$sql = "SELECT COUNT(*) as nb from ".MAIN_DB_PREFIX.$table;
-			$sql .= " WHERE ".$this->fk_element." = ".$id;
+			$sql .= " WHERE ".$this->fk_element." = ".((int) $id);
 			$resql = $this->db->query($sql);
 			if ($resql) {
 				$obj = $this->db->fetch_object($resql);
@@ -9267,7 +9267,7 @@ abstract class CommonObject
 			}
 
 			$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files";
-			$sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id;
+			$sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id);
 			$resql = $this->db->query($sql);
 			if (!$resql) {
 				$this->error = $this->db->lasterror();

htdocs/core/class/ctypent.class.php

@@ -163,7 +163,6 @@ class Ctypent // extends CommonObject
 	 */
 	public function fetch($id, $code = '', $label = '')
 	{
-		global $langs;
 		$sql = "SELECT";
 		$sql .= " t.id,";
 		$sql .= " t.code,";
@@ -173,7 +172,7 @@ class Ctypent // extends CommonObject
 		$sql .= " t.module";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_typent as t";
 		if ($id) {
-			$sql .= " WHERE t.id = ".$id;
+			$sql .= " WHERE t.id = ".((int) $id);
 		} elseif ($code) {
 			$sql .= " WHERE t.code = '".$this->db->escape($code)."'";
 		} elseif ($label) {

htdocs/core/class/ctyperesource.class.php

@@ -165,15 +165,12 @@ class Ctyperesource
 
 		$sql = 'SELECT';
 		$sql .= ' t.rowid,';
-
 		$sql .= " t.code,";
 		$sql .= " t.label,";
 		$sql .= " t.active";
-
-
 		$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t';
 		if ($id) {
-			$sql .= " WHERE t.id = ".$id;
+			$sql .= " WHERE t.id = ".((int) $id);
 		} elseif ($code) {
 			$sql .= " WHERE t.code = '".$this->db->escape($code)."'";
 		} elseif ($label) {

htdocs/core/class/discount.class.php

@@ -337,11 +337,11 @@ class DiscountAbsolute
 		// Delete but only if not used
 		$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_remise_except ";
 		if ($this->fk_facture_source) {
-			$sql .= " WHERE fk_facture_source = ".$this->fk_facture_source; // Delete all lines of same serie
+			$sql .= " WHERE fk_facture_source = ".((int) $this->fk_facture_source); // Delete all lines of same serie
 		} elseif ($this->fk_invoice_supplier_source) {
-			$sql .= " WHERE fk_invoice_supplier_source = ".$this->fk_invoice_supplier_source; // Delete all lines of same serie
+			$sql .= " WHERE fk_invoice_supplier_source = ".((int) $this->fk_invoice_supplier_source); // Delete all lines of same serie
 		} else {
-			$sql .= " WHERE rowid = ".$this->id; // Delete only line
+			$sql .= " WHERE rowid = ".((int) $this->id); // Delete only line
 		}
 		$sql .= " AND (fk_facture_line IS NULL"; // Not used as absolute simple discount
 		$sql .= " AND fk_facture IS NULL)"; // Not used as credit note and not used as deposit

htdocs/core/class/dolreceiptprinter.class.php

@@ -784,7 +784,7 @@ class dolReceiptPrinter extends Printer
 						$sql .= " cp.code";
 						$sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p";
 						$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id";
-						$sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$object->id;
+						$sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $object->id);
 						$sql .= " ORDER BY p.datep";
 						$resql = $this->db->query($sql);
 						if ($resql) {

htdocs/core/class/fiscalyear.class.php

@@ -196,8 +196,8 @@ class Fiscalyear extends CommonObject
 		$sql .= ", date_start = '".$this->db->idate($this->date_start)."'";
 		$sql .= ", date_end = ".($this->date_end ? "'".$this->db->idate($this->date_end)."'" : "null");
 		$sql .= ", statut = '".$this->db->escape($this->statut ? $this->statut : 0)."'";
-		$sql .= ", fk_user_modif = ".$user->id;
-		$sql .= " WHERE rowid = ".$this->id;
+		$sql .= ", fk_user_modif = ".((int) $user->id);
+		$sql .= " WHERE rowid = ".((int) $this->id);
 
 		dol_syslog(get_class($this)."::update", LOG_DEBUG);
 		$result = $this->db->query($sql);

htdocs/core/class/html.form.class.php

@@ -3530,7 +3530,7 @@ class Form
 		// looking for users
 		$sql = "SELECT a.rowid, a.label";
 		$sql .= " FROM ".MAIN_DB_PREFIX."societe_address as a";
-		$sql .= " WHERE a.fk_soc = ".$socid;
+		$sql .= " WHERE a.fk_soc = ".((int) $socid);
 		$sql .= " ORDER BY a.label ASC";
 
 		dol_syslog(get_class($this)."::select_address", LOG_DEBUG);

htdocs/core/class/html.formexpensereport.class.php

@@ -114,7 +114,7 @@ class FormExpenseReport
 
 		$sql = "SELECT c.id, c.code, c.label as type FROM ".MAIN_DB_PREFIX."c_type_fees as c";
 		if ($active >= 0) {
-			$sql .= " WHERE c.active = ".$active;
+			$sql .= " WHERE c.active = ".((int) $active);
 		}
 		$sql .= " ORDER BY c.label ASC";
 		$resql = $this->db->query($sql);

htdocs/core/class/link.class.php

@@ -234,7 +234,7 @@ class Link extends CommonObject
 		global $conf;
 
 		$sql = "SELECT rowid, entity, datea, url, label, objecttype, objectid FROM ".MAIN_DB_PREFIX."links";
-		$sql .= " WHERE objecttype = '".$this->db->escape($objecttype)."' AND objectid = ".$objectid;
+		$sql .= " WHERE objecttype = '".$this->db->escape($objecttype)."' AND objectid = ".((int) $objectid);
 		if ($conf->entity != 0) {
 			$sql .= " AND entity = ".$conf->entity;
 		}
@@ -284,7 +284,7 @@ class Link extends CommonObject
 		global $conf;
 
 		$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."links";
-		$sql .= " WHERE objecttype = '".$db->escape($objecttype)."' AND objectid = ".$objectid;
+		$sql .= " WHERE objecttype = '".$db->escape($objecttype)."' AND objectid = ".((int) $objectid);
 		if ($conf->entity != 0) {
 			$sql .= " AND entity = ".$conf->entity;
 		}
@@ -314,7 +314,7 @@ class Link extends CommonObject
 		}
 
 		$sql = "SELECT rowid, entity, datea, url, label, objecttype, objectid FROM ".MAIN_DB_PREFIX."links";
-		$sql .= " WHERE rowid = ".$rowid;
+		$sql .= " WHERE rowid = ".((int) $rowid);
 		if ($conf->entity != 0) {
 			$sql .= " AND entity = ".$conf->entity;
 		}

htdocs/core/lib/bank.lib.php

@@ -72,7 +72,7 @@ function bank_prepare_head(Account $object)
 		// List of all standing receipts
 		$sql = "SELECT COUNT(DISTINCT(b.num_releve)) as nb";
 		$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
-		$sql .= " WHERE b.fk_account = ".$object->id;
+		$sql .= " WHERE b.fk_account = ".((int) $object->id);
 
 		$resql = $db->query($sql);
 		if ($resql) {
@@ -83,7 +83,7 @@ function bank_prepare_head(Account $object)
 			$db->free($resql);
 		}
 
-		$head[$h][0] = DOL_URL_ROOT."/compta/bank/releve.php?account=".$object->id;
+		$head[$h][0] = DOL_URL_ROOT."/compta/bank/releve.php?account=".((int) $object->id);
 		$head[$h][1] = $langs->trans("AccountStatements");
 		if (($nbReceipts) > 0) {
 			$head[$h][1] .= '<span class="badge marginleftonlyshort">'.($nbReceipts).'</span>';

htdocs/core/lib/invoice2.lib.php

@@ -96,7 +96,7 @@ function rebuild_merge_pdf($db, $langs, $conf, $diroutputpdf, $newlangid, $filte
 		}
 		if (in_array('bank', $filter)) {
 			$sqlwhere .= " AND p.fk_bank = b.rowid";
-			$sqlwhere .= " AND b.fk_account = ".$paymentbankid;
+			$sqlwhere .= " AND b.fk_account = ".((int) $paymentbankid);
 		}
 		$sqlorder = " ORDER BY p.datep ASC";
 	}

htdocs/core/lib/price.lib.php

@@ -151,8 +151,8 @@ function calcul_price_total($qty, $pu, $remise_percent_ligne, $txtva, $uselocalt
 
 		$sql = "SELECT taux, localtax1, localtax2, localtax1_type, localtax2_type";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_tva as cv";
-		$sql .= " WHERE cv.taux = ".$txtva;
-		$sql .= " AND cv.fk_pays = ".$countryid;
+		$sql .= " WHERE cv.taux = ".((float) $txtva);
+		$sql .= " AND cv.fk_pays = ".((int) $countryid);
 		$resql = $db->query($sql);
 		if ($resql) {
 			$obj = $db->fetch_object($resql);

htdocs/core/lib/website.lib.php

@@ -846,9 +846,9 @@ function getPagesFromSearchCriterias($type, $algo, $searchstring, $max = 25, $so
 		if (is_array($otherfilters) && !empty($otherfilters['category'])) {
 			$sql .= ', '.MAIN_DB_PREFIX.'categorie_website_page as cwp';
 		}
-		$sql .= " WHERE wp.fk_website = ".$website->id;
+		$sql .= " WHERE wp.fk_website = ".((int) $website->id);
 		if ($status >= 0) {
-			$sql .= " AND wp.status = ".$status;
+			$sql .= " AND wp.status = ".((int) $status);
 		}
 		if ($langcode) {
 			$sql .= " AND wp.lang ='".$db->escape($langcode)."'";

htdocs/core/modules/DolibarrModules.class.php

@@ -1696,7 +1696,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
 
 					// Search if perm already present
 					$sql = "SELECT count(*) as nb FROM ".MAIN_DB_PREFIX."rights_def";
-					$sql .= " WHERE id = ".$r_id." AND entity = ".$entity;
+					$sql .= " WHERE id = ".((int) $r_id)." AND entity = ".((int) $entity);
 
 					$resqlselect = $this->db->query($sql);
 					if ($resqlselect) {

htdocs/core/modules/mailings/modules_mailings.php

@@ -250,7 +250,7 @@ class MailingTargets // This can't be abstract as it is used for some method
 	{
 		// phpcs:enable
 		$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles";
-		$sql .= " WHERE fk_mailing = ".$mailing_id;
+		$sql .= " WHERE fk_mailing = ".((int) $mailing_id);
 
 		if (!$this->db->query($sql)) {
 			dol_syslog($this->db->error());

htdocs/core/modules/modApi.class.php

@@ -245,8 +245,8 @@ class modApi extends DolibarrModules
 	{
 		// Remove old constants with entity fields different of 0
 		$sql = array(
-			"DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = ".$this->db->encrypt('MAIN_MODULE_API', 1),
-			"DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = ".$this->db->encrypt('API_PRODUCTION_MODE', 1)
+			"DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = '".$this->db->escape($this->db->encrypt('MAIN_MODULE_API'))."'",
+			"DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = '".$this->db->escape($this->db->encrypt('API_PRODUCTION_MODE'))."'"
 		);
 
 		return $this->_remove($sql, $options);

htdocs/core/modules/societe/doc/doc_generic_odt.modules.php

@@ -291,7 +291,7 @@ class doc_generic_odt extends ModeleThirdPartyDoc
 
 				$sql = "SELECT p.rowid";
 				$sql .= " FROM ".MAIN_DB_PREFIX."socpeople as p";
-				$sql .= " WHERE p.fk_soc = ".$object->id;
+				$sql .= " WHERE p.fk_soc = ".((int) $object->id);
 
 				$result = $this->db->query($sql);
 				$num = $this->db->num_rows($result);

htdocs/core/modules/supplier_invoice/doc/pdf_canelle.modules.php

@@ -1023,7 +1023,7 @@ class pdf_canelle extends ModelePDFSuppliersInvoices
 		$sql .= " cp.code";
 		$sql .= " FROM ".MAIN_DB_PREFIX."paiementfourn_facturefourn as pf, ".MAIN_DB_PREFIX."paiementfourn as p";
 		$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id";
-		$sql .= " WHERE pf.fk_paiementfourn = p.rowid and pf.fk_facturefourn = ".$object->id;
+		$sql .= " WHERE pf.fk_paiementfourn = p.rowid and pf.fk_facturefourn = ".((int) $object->id);
 		$sql .= " ORDER BY p.datep";
 		$resql = $this->db->query($sql);
 		if ($resql) {

htdocs/core/triggers/interface_80_modStripe_Stripe.class.php

@@ -198,7 +198,7 @@ class InterfaceStripe extends DolibarrTriggers
 			}
 
 			$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account";
-			$sql .= " WHERE site='stripe' AND fk_soc = ".$object->id;
+			$sql .= " WHERE site='stripe' AND fk_soc = ".((int) $object->id);
 			$this->db->query($sql);
 		}
 

htdocs/core/website.inc.php

@@ -93,7 +93,7 @@ if ($_SERVER['PHP_SELF'] != DOL_URL_ROOT.'/website/index.php') {	// If we browsi
 	if (GETPOST('l', 'aZ09')) {
 		$sql = "SELECT wp.rowid, wp.lang, wp.pageurl, wp.fk_page";
 		$sql .= " FROM ".MAIN_DB_PREFIX."website_page as wp";
-		$sql .= " WHERE wp.fk_website = ".$website->id;
+		$sql .= " WHERE wp.fk_website = ".((int) $website->id);
 		$sql .= " AND (wp.fk_page = ".$pageid." OR wp.rowid  = ".$pageid;
 		if (is_object($websitepage) && $websitepage->fk_page > 0) {
 			$sql .= " OR wp.fk_page = ".$websitepage->fk_page." OR wp.rowid = ".$websitepage->fk_page;

htdocs/delivery/class/delivery.class.php

@@ -614,7 +614,7 @@ class Delivery extends CommonObject
 	{
 		if ($this->statut == 0) {
 			$sql = "DELETE FROM ".MAIN_DB_PREFIX."commandedet";
-			$sql .= " WHERE rowid = ".$lineid;
+			$sql .= " WHERE rowid = ".((int) $lineid);
 
 			if ($this->db->query($sql)) {
 				$this->update_price();
@@ -940,7 +940,7 @@ class Delivery extends CommonObject
 		$sqlSourceLine .= ", p.ref, p.label";
 		$sqlSourceLine .= " FROM ".MAIN_DB_PREFIX.$this->linkedObjectsIds[0]['type']."det as st";
 		$sqlSourceLine .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON st.fk_product = p.rowid";
-		$sqlSourceLine .= " WHERE fk_".$this->linked_object[0]['type']." = ".$this->linked_object[0]['linkid'];
+		$sqlSourceLine .= " WHERE fk_".$this->linked_object[0]['type']." = ".((int) $this->linked_object[0]['linkid']);
 
 		$resultSourceLine = $this->db->query($sqlSourceLine);
 		if ($resultSourceLine) {

htdocs/don/class/don.class.php

@@ -759,9 +759,9 @@ class Don extends CommonObject
 	{
 		$sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = 2";
 		if ($modepayment) {
-			$sql .= ", fk_payment=".$modepayment;
+			$sql .= ", fk_payment = ".((int) $modepayment);
 		}
-		$sql .= " WHERE rowid = ".$id." AND fk_statut = 1";
+		$sql .= " WHERE rowid = ".((int) $id)." AND fk_statut = 1";
 
 		$resql = $this->db->query($sql);
 		if ($resql) {
@@ -843,7 +843,7 @@ class Don extends CommonObject
 
 		$sql = "SELECT sum(amount) as total";
 		$sql .= " FROM ".MAIN_DB_PREFIX."don";
-		$sql .= " WHERE fk_statut = ".$param;
+		$sql .= " WHERE fk_statut = ".((int) $param);
 		$sql .= " AND entity = ".$conf->entity;
 
 		$resql = $this->db->query($sql);

htdocs/don/payment/payment.php

@@ -144,7 +144,7 @@ llxHeader();
 
 $sql = "SELECT sum(p.amount) as total";
 $sql .= " FROM ".MAIN_DB_PREFIX."payment_donation as p";
-$sql .= " WHERE p.fk_donation = ".$chid;
+$sql .= " WHERE p.fk_donation = ".((int) $chid);
 $resql = $db->query($sql);
 if ($resql) {
 	$obj = $db->fetch_object($resql);

htdocs/expensereport/class/expensereport.class.php

@@ -663,7 +663,7 @@ class ExpenseReport extends CommonObject
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX."expensereport";
 		$sql .= " SET fk_statut = ".self::STATUS_CLOSED.", paid=1";
-		$sql .= " WHERE rowid = ".$id." AND fk_statut = ".self::STATUS_APPROVED;
+		$sql .= " WHERE rowid = ".((int) $id)." AND fk_statut = ".self::STATUS_APPROVED;
 
 		dol_syslog(get_class($this)."::set_paid sql=".$sql, LOG_DEBUG);
 		$resql = $this->db->query($sql);

htdocs/public/emailing/mailing-read.php

@@ -134,7 +134,7 @@ if (!empty($tag)) {
 
 	//Update status communication of contact prospect
 	if ($obj->source_id > 0 && $obj->source_type == 'contact' && $obj->entity) {
-		$sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '((int) $obj->source_id).')';
+		$sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.((int) $obj->source_id).')';
 		$resql = $db->query($sql);
 	}
 }