Add more robust php unit to detect not escaped sql. Fix not escaped sql

htdocs/accountancy/class/accountancysystem.class.php

@@ -107,7 +107,7 @@ class AccountancySystem
 
 		$sql = "INSERT INTO " . MAIN_DB_PREFIX . "accounting_system";
 		$sql .= " (date_creation, fk_user_author, numero, label)";
-		$sql .= " VALUES ('" . $this->db->idate($now) . "'," . $user->id . ",'" . $this->numero . "','" . $this->label . "')";
+		$sql .= " VALUES ('" . $this->db->idate($now) . "'," . $user->id . ",'" . $this->db->escape($this->numero) . "','" . $this->db->escape($this->label) . "')";
 
 		dol_syslog(get_class($this) . "::create sql=" . $sql, LOG_DEBUG);
 		$resql = $this->db->query($sql);

htdocs/accountancy/class/accountingaccount.class.php

@@ -47,7 +47,7 @@ class AccountingAccount extends CommonObject
 	var $fk_user_modif;
 	var $active;       // duplicate with status
 	var $status;
-	
+
 	/**
 	 * Constructor
 	 *
@@ -56,7 +56,7 @@ class AccountingAccount extends CommonObject
 	function __construct($db) {
 		$this->db = $db;
 	}
-	
+
 	/**
 	 * Load record in memory
 	 *
@@ -67,7 +67,7 @@ class AccountingAccount extends CommonObject
 	 */
 	function fetch($rowid = null, $account_number = null, $limittocurrentchart = 0) {
 		global $conf;
-		
+
 		if ($rowid || $account_number) {
 			$sql  = "SELECT a.rowid as rowid, a.datec, a.tms, a.fk_pcg_version, a.pcg_type, a.pcg_subtype, a.account_number, a.account_parent, a.label, a.fk_accounting_category, a.fk_user_author, a.fk_user_modif, a.active";
 			$sql .= ", ca.label as category_label";
@@ -87,7 +87,7 @@ class AccountingAccount extends CommonObject
 			$result = $this->db->query($sql);
 			if ($result) {
 				$obj = $this->db->fetch_object($result);
-				
+
 				if ($obj) {
 					$this->id = $obj->rowid;
 					$this->rowid = $obj->rowid;
@@ -105,7 +105,7 @@ class AccountingAccount extends CommonObject
 					$this->fk_user_modif = $obj->fk_user_modif;
 					$this->active = $obj->active;
 					$this->status = $obj->active;
-					
+
 					return $this->id;
 				} else {
 					return 0;
@@ -117,7 +117,7 @@ class AccountingAccount extends CommonObject
 		}
 		return - 1;
 	}
-	
+
 	/**
 	 * Insert new accounting account in chart of accounts
 	 *
@@ -129,7 +129,7 @@ class AccountingAccount extends CommonObject
 		global $conf;
 		$error = 0;
 		$now = dol_now();
-		
+
 		// Clean parameters
 		if (isset($this->fk_pcg_version))
 			$this->fk_pcg_version = trim($this->fk_pcg_version);
@@ -149,7 +149,7 @@ class AccountingAccount extends CommonObject
 			$this->fk_user_author = trim($this->fk_user_author);
 		if (isset($this->active))
 			$this->active = trim($this->active);
-			
+
 		if (empty($this->pcg_type) || $this->pcg_type == '-1')
 		{
 		    $this->pcg_type = 'XXXXXX';
@@ -160,7 +160,7 @@ class AccountingAccount extends CommonObject
 		}
 		// Check parameters
 		// Put here code to add control on parameters values
-			
+
 		// Insert request
 		$sql = "INSERT INTO " . MAIN_DB_PREFIX . "accounting_account(";
 		$sql .= "datec";
@@ -179,31 +179,31 @@ class AccountingAccount extends CommonObject
 		$sql .= ", " . $conf->entity;
 		$sql .= ", " . (empty($this->fk_pcg_version) ? 'NULL' : "'" . $this->db->escape($this->fk_pcg_version) . "'");
 		$sql .= ", " . (empty($this->pcg_type) ? 'NULL' : "'" . $this->db->escape($this->pcg_type) . "'");
-		$sql .= ", " . (empty($this->pcg_subtype) ? 'NULL' : "'" . $this->pcg_subtype . "'");
-		$sql .= ", " . (empty($this->account_number) ? 'NULL' : "'" . $this->account_number . "'");
+		$sql .= ", " . (empty($this->pcg_subtype) ? 'NULL' : "'" . $this->db->escape($this->pcg_subtype) . "'");
+		$sql .= ", " . (empty($this->account_number) ? 'NULL' : "'" . $this->db->escape($this->account_number) . "'");
 		$sql .= ", " . (empty($this->account_parent) ? 'NULL' : "'" . $this->db->escape($this->account_parent) . "'");
 		$sql .= ", " . (empty($this->label) ? 'NULL' : "'" . $this->db->escape($this->label) . "'");
 		$sql .= ", " . (empty($this->account_category) ? 'NULL' : "'" . $this->db->escape($this->account_category) . "'");
 		$sql .= ", " . $user->id;
 		$sql .= ", " . (! isset($this->active) ? 'NULL' : $this->db->escape($this->active));
 		$sql .= ")";
-		
+
 		$this->db->begin();
-		
+
 		dol_syslog(get_class($this) . "::create sql=" . $sql, LOG_DEBUG);
 		$resql = $this->db->query($sql);
 		if (! $resql) {
 			$error ++;
 			$this->errors[] = "Error " . $this->db->lasterror();
 		}
-		
+
 		if (! $error) {
 			$this->id = $this->db->last_insert_id(MAIN_DB_PREFIX . "accounting_account");
-			
+
 			// if (! $notrigger) {
 			// Uncomment this and change MYOBJECT to your own tag if you
 			// want this action calls a trigger.
-			
+
 			// // Call triggers
 			// include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
 			// $interface=new Interfaces($this->db);
@@ -212,7 +212,7 @@ class AccountingAccount extends CommonObject
 			// // End call triggers
 			// }
 		}
-		
+
 		// Commit or rollback
 		if ($error) {
 			foreach ( $this->errors as $errmsg ) {
@@ -226,14 +226,14 @@ class AccountingAccount extends CommonObject
 			return $this->id;
 		}
 	}
-	
+
 	/**
 	 * Update record
 	 *
 	 * @param  User $user      Use making update
 	 * @return int             <0 if KO, >0 if OK
 	 */
-	function update($user) 
+	function update($user)
 	{
 	    // Check parameters
 	    if (empty($this->pcg_type) || $this->pcg_type == '-1')
@@ -244,9 +244,9 @@ class AccountingAccount extends CommonObject
 	    {
 	        $this->pcg_subtype = 'XXXXXX';
 	    }
-	     
+
 	    $this->db->begin();
-		
+
 		$sql = "UPDATE " . MAIN_DB_PREFIX . "accounting_account ";
 		$sql .= " SET fk_pcg_version = " . ($this->fk_pcg_version ? "'" . $this->db->escape($this->fk_pcg_version) . "'" : "null");
 		$sql .= " , pcg_type = " . ($this->pcg_type ? "'" . $this->db->escape($this->pcg_type) . "'" : "null");
@@ -258,7 +258,7 @@ class AccountingAccount extends CommonObject
 		$sql .= " , fk_user_modif = " . $user->id;
 		$sql .= " , active = " . $this->active;
 		$sql .= " WHERE rowid = " . $this->id;
-		
+
 		dol_syslog(get_class($this) . "::update sql=" . $sql, LOG_DEBUG);
 		$result = $this->db->query($sql);
 		if ($result) {
@@ -270,7 +270,7 @@ class AccountingAccount extends CommonObject
 			return - 1;
 		}
 	}
-	
+
 	/**
 	 * Check usage of accounting code
 	 *
@@ -278,16 +278,16 @@ class AccountingAccount extends CommonObject
 	 */
 	function checkUsage() {
 		global $langs;
-		
+
 		$sql = "(SELECT fk_code_ventilation FROM " . MAIN_DB_PREFIX . "facturedet";
 		$sql .= " WHERE  fk_code_ventilation=" . $this->id . ")";
 		$sql .= "UNION";
 		$sql .= "(SELECT fk_code_ventilation FROM " . MAIN_DB_PREFIX . "facture_fourn_det";
 		$sql .= " WHERE  fk_code_ventilation=" . $this->id . ")";
-		
+
 		dol_syslog(get_class($this) . "::checkUsage sql=" . $sql, LOG_DEBUG);
 		$resql = $this->db->query($sql);
-		
+
 		if ($resql) {
 			$num = $this->db->num_rows($resql);
 			if ($num > 0) {
@@ -301,7 +301,7 @@ class AccountingAccount extends CommonObject
 			return - 1;
 		}
 	}
-	
+
 	/**
 	 * Delete object in database
 	 *
@@ -311,18 +311,18 @@ class AccountingAccount extends CommonObject
 	 */
 	function delete($user, $notrigger = 0) {
 		$error = 0;
-		
+
 		$result = $this->checkUsage();
-		
+
 		if ($result > 0) {
-			
+
 			$this->db->begin();
-			
+
 			// if (! $error) {
 			// if (! $notrigger) {
 			// Uncomment this and change MYOBJECT to your own tag if you
 			// want this action calls a trigger.
-			
+
 			// // Call triggers
 			// include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
 			// $interface=new Interfaces($this->db);
@@ -331,11 +331,11 @@ class AccountingAccount extends CommonObject
 			// // End call triggers
 			// }
 			// }
-			
+
 			if (! $error) {
 				$sql = "DELETE FROM " . MAIN_DB_PREFIX . "accounting_account";
 				$sql .= " WHERE rowid=" . $this->id;
-				
+
 				dol_syslog(get_class($this) . "::delete sql=" . $sql);
 				$resql = $this->db->query($sql);
 				if (! $resql) {
@@ -343,7 +343,7 @@ class AccountingAccount extends CommonObject
 					$this->errors[] = "Error " . $this->db->lasterror();
 				}
 			}
-			
+
 			// Commit or rollback
 			if ($error) {
 				foreach ( $this->errors as $errmsg ) {
@@ -360,7 +360,7 @@ class AccountingAccount extends CommonObject
 			return - 1;
 		}
 	}
-	
+
 	/**
 	 * Return clicable name (with picto eventually)
 	 *
@@ -375,7 +375,7 @@ class AccountingAccount extends CommonObject
 	{
 		global $langs, $conf, $user;
 		require_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
-		
+
 		if (! empty($conf->dol_no_mouse_hover)) $notooltip=1;   // Force disable tooltips
 
 		$result = '';
@@ -412,7 +412,7 @@ class AccountingAccount extends CommonObject
 		{
 			$linkstart = '';
 			$linkclose = '';
-			$linkend = '';			
+			$linkend = '';
 		}
 
 		$label_link = length_accountg($this->account_number);
@@ -423,7 +423,7 @@ class AccountingAccount extends CommonObject
 		if ($withpicto != 2) $result.=$linkstart . $label_link . $linkend;
 		return $result;
 	}
-	
+
 	/**
 	 * Information on record
 	 *
@@ -434,10 +434,10 @@ class AccountingAccount extends CommonObject
 		$sql = 'SELECT a.rowid, a.datec, a.fk_user_author, a.fk_user_modif, a.tms';
 		$sql .= ' FROM ' . MAIN_DB_PREFIX . 'accounting_account as a';
 		$sql .= ' WHERE a.rowid = ' . $id;
-		
+
 		dol_syslog(get_class($this) . '::info sql=' . $sql);
 		$result = $this->db->query($sql);
-		
+
 		if ($result) {
 			if ($this->db->num_rows($result)) {
 				$obj = $this->db->fetch_object($result);
@@ -460,7 +460,7 @@ class AccountingAccount extends CommonObject
 			dol_print_error($this->db);
 		}
 	}
-	
+
 	/**
 	 * Account desactivate
 	 *
@@ -469,17 +469,17 @@ class AccountingAccount extends CommonObject
 	 */
 	function account_desactivate($id) {
 		$result = $this->checkUsage();
-		
+
 		if ($result > 0) {
 			$this->db->begin();
-			
+
 			$sql = "UPDATE " . MAIN_DB_PREFIX . "accounting_account ";
 			$sql .= "SET active = '0'";
 			$sql .= " WHERE rowid = " . $this->db->escape($id);
-			
+
 			dol_syslog(get_class($this) . "::desactivate sql=" . $sql, LOG_DEBUG);
 			$result = $this->db->query($sql);
-			
+
 			if ($result) {
 				$this->db->commit();
 				return 1;
@@ -492,7 +492,7 @@ class AccountingAccount extends CommonObject
 			return - 1;
 		}
 	}
-	
+
 	/**
 	 * Account activate
 	 *
@@ -501,11 +501,11 @@ class AccountingAccount extends CommonObject
 	 */
 	function account_activate($id) {
 		$this->db->begin();
-		
+
 		$sql = "UPDATE " . MAIN_DB_PREFIX . "accounting_account ";
 		$sql .= "SET active = '1'";
 		$sql .= " WHERE rowid = " . $this->db->escape($id);
-		
+
 		dol_syslog(get_class($this) . "::activate sql=" . $sql, LOG_DEBUG);
 		$result = $this->db->query($sql);
 		if ($result) {
@@ -517,8 +517,8 @@ class AccountingAccount extends CommonObject
 			return - 1;
 		}
 	}
-	
-	
+
+
 	/**
 	 *  Retourne le libelle du statut d'un user (actif, inactif)
 	 *
@@ -529,7 +529,7 @@ class AccountingAccount extends CommonObject
 	{
 	    return $this->LibStatut($this->status,$mode);
 	}
-	
+
 	/**
 	 *  Renvoi le libelle d'un statut donne
 	 *
@@ -541,7 +541,7 @@ class AccountingAccount extends CommonObject
 	{
 	    global $langs;
 	    $langs->load('users');
-	
+
 	    if ($mode == 0)
 	    {
 	        $prefix='';

htdocs/adherents/class/adherent.class.php

@@ -325,10 +325,10 @@ class Adherent extends CommonObject
         $sql.= " '".$this->db->idate($this->datec)."'";
         $sql.= ", ".($this->login?"'".$this->db->escape($this->login)."'":"null");
         $sql.= ", ".($user->id>0?$user->id:"null");	// Can be null because member can be created by a guest or a script
-        $sql.= ", null, null, '".$this->morphy."'";
-        $sql.= ", '".$this->typeid."'";
+        $sql.= ", null, null, '".$this->db->escape($this->morphy)."'";
+        $sql.= ", ".$this->typeid;
         $sql.= ", ".$conf->entity;
-        $sql.= ", ".(! empty($this->import_key) ? "'".$this->import_key."'":"null");
+        $sql.= ", ".(! empty($this->import_key) ? "'".$this->db->escape($this->import_key)."'":"null");
         $sql.= ")";
 
         dol_syslog(get_class($this)."::create", LOG_DEBUG);
@@ -447,17 +447,17 @@ class Adherent extends CommonObject
         $this->db->begin();
 
         $sql = "UPDATE ".MAIN_DB_PREFIX."adherent SET";
-        $sql.= " civility = ".(!is_null($this->civility_id)?"'".$this->civility_id."'":"null");
+        $sql.= " civility = ".(!is_null($this->civility_id)?$this->db->escape($this->civility_id):"null");
         $sql.= ", firstname = ".($this->firstname?"'".$this->db->escape($this->firstname)."'":"null");
         $sql.= ", lastname=" .($this->lastname?"'".$this->db->escape($this->lastname)."'":"null");
         $sql.= ", login="   .($this->login?"'".$this->db->escape($this->login)."'":"null");
         $sql.= ", societe=" .($this->societe?"'".$this->db->escape($this->societe)."'":"null");
-        $sql.= ", fk_soc="  .($this->fk_soc > 0?"'".$this->fk_soc."'":"null");
+        $sql.= ", fk_soc="  .($this->fk_soc > 0?$this->db->escape($this->fk_soc):"null");
         $sql.= ", address=" .($this->address?"'".$this->db->escape($this->address)."'":"null");
         $sql.= ", zip="      .($this->zip?"'".$this->db->escape($this->zip)."'":"null");
         $sql.= ", town="   .($this->town?"'".$this->db->escape($this->town)."'":"null");
-        $sql.= ", country=".($this->country_id>0?"'".$this->country_id."'":"null");
-        $sql.= ", state_id=".($this->state_id>0?"'".$this->state_id."'":"null");
+        $sql.= ", country=".($this->country_id>0?$this->db->escape($this->country_id):"null");
+        $sql.= ", state_id=".($this->state_id>0?$this->db->escape($this->state_id):"null");
         $sql.= ", email='".$this->db->escape($this->email)."'";
         $sql.= ", skype='".$this->db->escape($this->skype)."'";
         $sql.= ", phone="   .($this->phone?"'".$this->db->escape($this->phone)."'":"null");
@@ -465,7 +465,7 @@ class Adherent extends CommonObject
         $sql.= ", phone_mobile=" .($this->phone_mobile?"'".$this->db->escape($this->phone_mobile)."'":"null");
         $sql.= ", note_private=" .($this->note_private?"'".$this->db->escape($this->note_private)."'":"null");
         $sql.= ", note_public=" .($this->note_public?"'".$this->db->escape($this->note_public)."'":"null");
-        $sql.= ", photo="   .($this->photo?"'".$this->photo."'":"null");
+        $sql.= ", photo="   .($this->photo?"'".$this->db->escape($this->photo)."'":"null");
         $sql.= ", public='".$this->db->escape($this->public)."'";
         $sql.= ", statut="  .$this->statut;
         $sql.= ", fk_adherent_type=".$this->typeid;

htdocs/bookmarks/class/bookmark.class.php

@@ -120,11 +120,11 @@ class Bookmark extends CommonObject
         $sql.= ",title,favicon,position";
         $sql.= ",entity";
         $sql.= ") VALUES (";
-        $sql.= ($this->fk_user > 0?"'".$this->fk_user."'":"0").",";
+        $sql.= ($this->fk_user > 0 ? $this->fk_user:"0").",";
         $sql.= " '".$this->db->idate($now)."',";
-        $sql.= " '".$this->url."', '".$this->target."',";
-        $sql.= " '".$this->db->escape($this->title)."', '".$this->favicon."', '".$this->position."'";
-        $sql.= ", '".$conf->entity."'";
+        $sql.= " '".$this->db->escape($this->url)."', '".$this->db->escape($this->target)."',";
+        $sql.= " '".$this->db->escape($this->title)."', '".$this->db->escape($this->favicon)."', '".$this->db->escape($this->position)."'";
+        $sql.= ", ".$this->db->escape($conf->entity);
         $sql.= ")";
 
         dol_syslog("Bookmark::update", LOG_DEBUG);
@@ -168,7 +168,7 @@ class Bookmark extends CommonObject
 		if (empty($this->position)) $this->position=0;
 
     	$sql = "UPDATE ".MAIN_DB_PREFIX."bookmark";
-        $sql.= " SET fk_user = ".($this->fk_user > 0?"'".$this->fk_user."'":"0");
+        $sql.= " SET fk_user = ".($this->fk_user > 0 ? $this->fk_user :"0");
         $sql.= " ,dateb = '".$this->db->idate($this->datec)."'";
         $sql.= " ,url = '".$this->db->escape($this->url)."'";
         $sql.= " ,target = '".$this->db->escape($this->target)."'";

htdocs/categories/class/categorie.class.php

@@ -311,7 +311,7 @@ class Categorie extends CommonObject
 		$sql.= " import_key,";
 		$sql.= " entity";
 		$sql.= ") VALUES (";
-		$sql.= $this->fk_parent.",";
+		$sql.= $this->db->escape($this->fk_parent).",";
 		$sql.= "'".$this->db->escape($this->label)."',";
 		$sql.= "'".$this->db->escape($this->description)."',";
 		$sql.= "'".$this->db->escape($this->color)."',";
@@ -319,10 +319,10 @@ class Categorie extends CommonObject
 		{
 			$sql.= ($this->socid != -1 ? $this->socid : 'null').",";
 		}
-		$sql.= "'".$this->visible."',";
-		$sql.= $type.",";
+		$sql.= "'".$this->db->escape($this->visible)."',";
+		$sql.= $this->db->escape($type).",";
 		$sql.= (! empty($this->import_key)?"'".$this->db->escape($this->import_key)."'":'null').",";
-		$sql.= $conf->entity;
+		$sql.= $this->db->escape($conf->entity);
 		$sql.= ")";
 
 		$res = $this->db->query($sql);

htdocs/comm/action/class/actioncomm.class.php

@@ -296,23 +296,23 @@ class ActionComm extends CommonObject
         $sql.= "elementtype,";
         $sql.= "entity";
         $sql.= ") VALUES (";
-        $sql.= "'".$this->db->idate($now)."',";
-        $sql.= (strval($this->datep)!=''?"'".$this->db->idate($this->datep)."'":"null").",";
-        $sql.= (strval($this->datef)!=''?"'".$this->db->idate($this->datef)."'":"null").",";
-        $sql.= ((isset($this->durationp) && $this->durationp >= 0 && $this->durationp != '')?"'".$this->durationp."'":"null").",";	// deprecated
+        $sql.= "'".$this->db->idate($now)."', ";
+        $sql.= (strval($this->datep)!=''?"'".$this->db->idate($this->datep)."'":"null").", ";
+        $sql.= (strval($this->datef)!=''?"'".$this->db->idate($this->datef)."'":"null").", ";
+        $sql.= ((isset($this->durationp) && $this->durationp >= 0 && $this->durationp != '')?"'".$this->db->escape($this->durationp)."'":"null").", ";	// deprecated
         $sql.= (isset($this->type_id)?$this->type_id:"null").",";
-        $sql.= (isset($this->type_code)?" '".$this->type_code."'":"null").",";
-        $sql.= ((isset($this->socid) && $this->socid > 0)?" '".$this->socid."'":"null").",";
-        $sql.= ((isset($this->fk_project) && $this->fk_project > 0)?" '".$this->fk_project."'":"null").",";
-        $sql.= " '".$this->db->escape($this->note)."',";
-        $sql.= ((isset($this->contactid) && $this->contactid > 0)?"'".$this->contactid."'":"null").",";
-        $sql.= (isset($user->id) && $user->id > 0 ? "'".$user->id."'":"null").",";
-        $sql.= ($userownerid>0?"'".$userownerid."'":"null").",";
-        $sql.= ($userdoneid>0?"'".$userdoneid."'":"null").",";
-        $sql.= "'".$this->db->escape($this->label)."','".$this->percentage."','".$this->priority."','".$this->fulldayevent."','".$this->db->escape($this->location)."','".$this->punctual."',";
-        $sql.= "'".$this->transparency."',";
-        $sql.= (! empty($this->fk_element)?$this->fk_element:"null").",";
-        $sql.= (! empty($this->elementtype)?"'".$this->elementtype."'":"null").",";
+        $sql.= (isset($this->type_code)?" '".$this->db->escape($this->type_code)."'":"null").", ";
+        $sql.= ((isset($this->socid) && $this->socid > 0) ? $this->socid:"null").", ";
+        $sql.= ((isset($this->fk_project) && $this->fk_project > 0) ? $this->fk_project:"null").", ";
+        $sql.= " '".$this->db->escape($this->note)."', ";
+        $sql.= ((isset($this->contactid) && $this->contactid > 0) ? $this->contactid:"null").", ";
+        $sql.= (isset($user->id) && $user->id > 0 ? $user->id:"null").", ";
+        $sql.= ($userownerid>0 ? $userownerid:"null").", ";
+        $sql.= ($userdoneid>0 ? $userdoneid:"null").", ";
+        $sql.= "'".$this->db->escape($this->label)."','".$this->db->escape($this->percentage)."','".$this->db->escape($this->priority)."','".$this->db->escape($this->fulldayevent)."','".$this->db->escape($this->location)."','".$this->db->escape($this->punctual)."', ";
+        $sql.= "'".$this->db->escape($this->transparency)."', ";
+        $sql.= (! empty($this->fk_element)?$this->fk_element:"null").", ";
+        $sql.= (! empty($this->elementtype)?"'".$this->db->escape($this->elementtype)."'":"null").", ";
         $sql.= $conf->entity;
         $sql.= ")";
 
@@ -758,11 +758,11 @@ class ActionComm extends CommonObject
         $sql.= ", label = ".($this->label ? "'".$this->db->escape($this->label)."'":"null");
         $sql.= ", datep = ".(strval($this->datep)!='' ? "'".$this->db->idate($this->datep)."'" : 'null');
         $sql.= ", datep2 = ".(strval($this->datef)!='' ? "'".$this->db->idate($this->datef)."'" : 'null');
-        $sql.= ", durationp = ".(isset($this->durationp) && $this->durationp >= 0 && $this->durationp != ''?"'".$this->durationp."'":"null");	// deprecated
+        $sql.= ", durationp = ".(isset($this->durationp) && $this->durationp >= 0 && $this->durationp != ''?"'".$this->db->escape($this->durationp)."'":"null");	// deprecated
         $sql.= ", note = ".($this->note ? "'".$this->db->escape($this->note)."'":"null");
-        $sql.= ", fk_project =". ($this->fk_project > 0 ? "'".$this->fk_project."'":"null");
-        $sql.= ", fk_soc =". ($socid > 0 ? "'".$socid."'":"null");
-        $sql.= ", fk_contact =". ($contactid > 0 ? "'".$contactid."'":"null");
+        $sql.= ", fk_project =". ($this->fk_project > 0 ? $this->fk_project:"null");
+        $sql.= ", fk_soc =". ($socid > 0 ? $socid:"null");
+        $sql.= ", fk_contact =". ($contactid > 0 ? $contactid:"null");
         $sql.= ", priority = '".$this->db->escape($this->priority)."'";
         $sql.= ", fulldayevent = '".$this->db->escape($this->fulldayevent)."'";
         $sql.= ", location = ".($this->location ? "'".$this->db->escape($this->location)."'":"null");
@@ -770,8 +770,8 @@ class ActionComm extends CommonObject
         $sql.= ", fk_user_mod = ".$user->id;
         $sql.= ", fk_user_action=".($userownerid > 0 ? "'".$userownerid."'":"null");
         $sql.= ", fk_user_done=".($userdoneid > 0 ? "'".$userdoneid."'":"null");
-        if (! empty($this->fk_element)) $sql.= ", fk_element=".($this->fk_element?$this->fk_element:"null");
-        if (! empty($this->elementtype)) $sql.= ", elementtype=".($this->elementtype?"'".$this->elementtype."'":"null");
+        if (! empty($this->fk_element)) $sql.= ", fk_element=".($this->fk_element?$this->db->escape($this->fk_element):"null");
+        if (! empty($this->elementtype)) $sql.= ", elementtype=".($this->elementtype?"'".$this->db->escape($this->elementtype)."'":"null");
         $sql.= " WHERE id=".$this->id;
 
         dol_syslog(get_class($this)."::update", LOG_DEBUG);

htdocs/comm/mailing/class/advtargetemailing.class.php

@@ -121,7 +121,7 @@ class AdvanceTargetingMailing extends CommonObject
 
 		$sql.= " ".(! isset($this->name)?'NULL':"'".$this->db->escape($this->name)."'").",";
 		$sql.= " ".$conf->entity.",";
-		$sql.= " ".(! isset($this->fk_mailing)?'NULL':"'".$this->fk_mailing."'").",";
+		$sql.= " ".(! isset($this->fk_mailing)?'NULL':"'".$this->db->escape($this->fk_mailing)."'").",";
 		$sql.= " ".(! isset($this->filtervalue)?'NULL':"'".$this->db->escape($this->filtervalue)."'").",";
 		$sql.= " ".$user->id.",";
 		$sql.= " '".$this->db->idate(dol_now())."',";

htdocs/comm/propal/class/propal.class.php

@@ -938,7 +938,7 @@ class Propal extends CommonObject
 		$sql.= ", '".$this->db->escape($this->multicurrency_code)."'";
 		$sql.= ", ".(double) $this->multicurrency_tx;
         $sql.= ")";
-        
+
         dol_syslog(get_class($this)."::create", LOG_DEBUG);
         $resql=$this->db->query($sql);
         if ($resql)
@@ -3772,28 +3772,28 @@ class PropaleLigne extends CommonObjectLine
         $sql.= ' date_start, date_end';
 		$sql.= ', fk_multicurrency, multicurrency_code, multicurrency_subprice, multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc)';
         $sql.= " VALUES (".$this->fk_propal.",";
-        $sql.= " ".($this->fk_parent_line>0?"'".$this->fk_parent_line."'":"null").",";
+        $sql.= " ".($this->fk_parent_line>0?"'".$this->db->escape($this->fk_parent_line)."'":"null").",";
         $sql.= " ".(! empty($this->label)?"'".$this->db->escape($this->label)."'":"null").",";
         $sql.= " '".$this->db->escape($this->desc)."',";
-        $sql.= " ".($this->fk_product?"'".$this->fk_product."'":"null").",";
-        $sql.= " '".$this->product_type."',";
-        $sql.= " ".($this->fk_remise_except?"'".$this->fk_remise_except."'":"null").",";
+        $sql.= " ".($this->fk_product?"'".$this->db->escape($this->fk_product)."'":"null").",";
+        $sql.= " '".$this->db->escape($this->product_type)."',";
+        $sql.= " ".($this->fk_remise_except?"'".$this->db->escape($this->fk_remise_except)."'":"null").",";
         $sql.= " ".price2num($this->qty).",";
-        $sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->vat_src_code."'").",";
+        $sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->db->escape($this->vat_src_code)."'").",";
         $sql.= " ".price2num($this->tva_tx).",";
         $sql.= " ".price2num($this->localtax1_tx).",";
         $sql.= " ".price2num($this->localtax2_tx).",";
-		$sql.= " '".$this->localtax1_type."',";
-		$sql.= " '".$this->localtax2_type."',";
+		$sql.= " '".$this->db->escape($this->localtax1_type)."',";
+		$sql.= " '".$this->db->escape($this->localtax2_type)."',";
         $sql.= " ".($this->subprice?price2num($this->subprice):"null").",";
         $sql.= " ".price2num($this->remise_percent).",";
-        $sql.= " ".(isset($this->info_bits)?"'".$this->info_bits."'":"null").",";
+        $sql.= " ".(isset($this->info_bits)?"'".$this->db->escape($this->info_bits)."'":"null").",";
         $sql.= " ".price2num($this->total_ht).",";
         $sql.= " ".price2num($this->total_tva).",";
         $sql.= " ".price2num($this->total_localtax1).",";
         $sql.= " ".price2num($this->total_localtax2).",";
         $sql.= " ".price2num($this->total_ttc).",";
-        $sql.= " ".(!empty($this->fk_fournprice)?"'".$this->fk_fournprice."'":"null").",";
+        $sql.= " ".(!empty($this->fk_fournprice)?"'".$this->db->escape($this->fk_fournprice)."'":"null").",";
         $sql.= " ".(isset($this->pa_ht)?"'".price2num($this->pa_ht)."'":"null").",";
         $sql.= ' '.$this->special_code.',';
         $sql.= ' '.$this->rang.',';
@@ -3975,7 +3975,7 @@ class PropaleLigne extends CommonObjectLine
             $sql.= ", total_localtax1=".price2num($this->total_localtax1)."";
             $sql.= ", total_localtax2=".price2num($this->total_localtax2)."";
         }
-		$sql.= ", fk_product_fournisseur_price=".(! empty($this->fk_fournprice)?"'".$this->fk_fournprice."'":"null");
+		$sql.= ", fk_product_fournisseur_price=".(! empty($this->fk_fournprice)?"'".$this->db->escape($this->fk_fournprice)."'":"null");
 		$sql.= ", buy_price_ht=".price2num($this->pa_ht);
         if (strlen($this->special_code)) $sql.= ", special_code=".$this->special_code;
         $sql.= ", fk_parent_line=".($this->fk_parent_line>0?$this->fk_parent_line:"null");

htdocs/commande/class/commande.class.php

@@ -775,11 +775,11 @@ class Commande extends CommonOrder
         $sql.= ", ".($this->ref_client?"'".$this->db->escape($this->ref_client)."'":"null");
         $sql.= ", ".($this->ref_int?"'".$this->db->escape($this->ref_int)."'":"null");
         $sql.= ", '".$this->db->escape($this->modelpdf)."'";
-        $sql.= ", ".($this->cond_reglement_id>0?"'".$this->cond_reglement_id."'":"null");
-        $sql.= ", ".($this->mode_reglement_id>0?"'".$this->mode_reglement_id."'":"null");
+        $sql.= ", ".($this->cond_reglement_id>0?$this->cond_reglement_id:"null");
+        $sql.= ", ".($this->mode_reglement_id>0?$this->mode_reglement_id:"null");
         $sql.= ", ".($this->fk_account>0?$this->fk_account:'NULL');
-        $sql.= ", ".($this->availability_id>0?"'".$this->availability_id."'":"null");
-        $sql.= ", ".($this->demand_reason_id>0?"'".$this->demand_reason_id."'":"null");
+        $sql.= ", ".($this->availability_id>0?$this->availability_id:"null");
+        $sql.= ", ".($this->demand_reason_id>0?$this->demand_reason_id:"null");
         $sql.= ", ".($this->date_livraison?"'".$this->db->idate($this->date_livraison)."'":"null");
         $sql.= ", ".($this->fk_delivery_address>0?$this->fk_delivery_address:'NULL');
         $sql.= ", ".($this->shipping_method_id>0?$this->shipping_method_id:'NULL');
@@ -3995,18 +3995,18 @@ class OrderLine extends CommonOrderLine
 		$sql.= ', fk_multicurrency, multicurrency_code, multicurrency_subprice, multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc';
 		$sql.= ')';
         $sql.= " VALUES (".$this->fk_commande.",";
-        $sql.= " ".($this->fk_parent_line>0?"'".$this->fk_parent_line."'":"null").",";
+        $sql.= " ".($this->fk_parent_line>0?"'".$this->db->escape($this->fk_parent_line)."'":"null").",";
         $sql.= " ".(! empty($this->label)?"'".$this->db->escape($this->label)."'":"null").",";
         $sql.= " '".$this->db->escape($this->desc)."',";
         $sql.= " '".price2num($this->qty)."',";
-        $sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->vat_src_code."'").",";
+        $sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->db->escape($this->vat_src_code)."'").",";
         $sql.= " '".price2num($this->tva_tx)."',";
         $sql.= " '".price2num($this->localtax1_tx)."',";
         $sql.= " '".price2num($this->localtax2_tx)."',";
-		$sql.= " '".$this->localtax1_type."',";
-		$sql.= " '".$this->localtax2_type."',";
+		$sql.= " '".$this->db->escape($this->localtax1_type)."',";
+		$sql.= " '".$this->db->escape($this->localtax2_type)."',";
         $sql.= ' '.(! empty($this->fk_product)?$this->fk_product:"null").',';
-        $sql.= " '".$this->product_type."',";
+        $sql.= " '".$this->db->escape($this->product_type)."',";
         $sql.= " '".price2num($this->remise_percent)."',";
         $sql.= " ".($this->subprice!=''?"'".price2num($this->subprice)."'":"null").",";
         $sql.= " ".($this->price!=''?"'".price2num($this->price)."'":"null").",";
@@ -4016,7 +4016,7 @@ class OrderLine extends CommonOrderLine
         $sql.= ' '.$this->rang.',';
 		$sql.= ' '.(! empty($this->fk_fournprice)?$this->fk_fournprice:"null").',';
 		$sql.= ' '.price2num($this->pa_ht).',';
-        $sql.= " '".$this->info_bits."',";
+        $sql.= " '".$this->db->escape($this->info_bits)."',";
         $sql.= " '".price2num($this->total_ht)."',";
         $sql.= " '".price2num($this->total_tva)."',";
         $sql.= " '".price2num($this->total_localtax1)."',";

htdocs/compta/bank/class/account.class.php

@@ -573,21 +573,21 @@ class Account extends CommonObject
         $sql.= ", '".$this->db->escape($this->account_number)."'";
 		$sql.= ", ".($this->fk_accountancy_journal > 0 ? $this->db->escape($this->fk_accountancy_journal) : "null");
 		$sql.= ", '".$this->db->escape($this->bank)."'";
-        $sql.= ", '".$this->code_banque."'";
-        $sql.= ", '".$this->code_guichet."'";
-        $sql.= ", '".$this->number."'";
-        $sql.= ", '".$this->cle_rib."'";
-        $sql.= ", '".$this->bic."'";
-        $sql.= ", '".$this->iban."'";
+        $sql.= ", '".$this->db->escape($this->code_banque)."'";
+        $sql.= ", '".$this->db->escape($this->code_guichet)."'";
+        $sql.= ", '".$this->db->escape($this->number)."'";
+        $sql.= ", '".$this->db->escape($this->cle_rib)."'";
+        $sql.= ", '".$this->db->escape($this->bic)."'";
+        $sql.= ", '".$this->db->escape($this->iban)."'";
         $sql.= ", '".$this->db->escape($this->domiciliation)."'";
         $sql.= ", '".$this->db->escape($this->proprio)."'";
         $sql.= ", '".$this->db->escape($this->owner_address)."'";
-        $sql.= ", '".$this->currency_code."'";
+        $sql.= ", '".$this->db->escape($this->currency_code)."'";
         $sql.= ", ".$this->rappro;
         $sql.= ", ".price2num($this->min_allowed);
         $sql.= ", ".price2num($this->min_desired);
         $sql.= ", '".$this->db->escape($this->comment)."'";
-        $sql.= ", ".($this->state_id>0?"'".$this->state_id."'":"null");
+        $sql.= ", ".($this->state_id>0?$this->state_id:"null");
         $sql.= ", ".$this->country_id;
         $sql.= ")";
 
@@ -702,7 +702,7 @@ class Account extends CommonObject
         $sql.= ",courant = ".$this->courant;
         $sql.= ",clos = ".$this->clos;
         $sql.= ",rappro = ".$this->rappro;
-        $sql.= ",url = ".($this->url?"'".$this->url."'":"null");
+        $sql.= ",url = ".($this->url?"'".$this->db->escape($this->url)."'":"null");
         $sql.= ",account_number = '".$this->db->escape($this->account_number)."'";
 		$sql.= ",fk_accountancy_journal = ".($this->fk_accountancy_journal > 0 ? $this->db->escape($this->fk_accountancy_journal) : "null");
 		$sql.= ",bank  = '".$this->db->escape($this->bank)."'";
@@ -722,7 +722,7 @@ class Account extends CommonObject
         $sql.= ",min_desired = ".($this->min_desired != '' ? price2num($this->min_desired) : "null");
         $sql.= ",comment     = '".$this->db->escape($this->comment)."'";
 
-        $sql.= ",state_id = ".($this->state_id>0?"'".$this->state_id."'":"null");
+        $sql.= ",state_id = ".($this->state_id>0?$this->state_id:"null");
         $sql.= ",fk_pays = ".$this->country_id;
 
         $sql.= " WHERE rowid = ".$this->id;
@@ -807,7 +807,7 @@ class Account extends CommonObject
         $sql.= ",domiciliation='".$this->db->escape($this->domiciliation)."'";
         $sql.= ",proprio = '".$this->db->escape($this->proprio)."'";
         $sql.= ",owner_address = '".$this->db->escape($this->owner_address)."'";
-        $sql.= ",state_id = ".($this->state_id>0?"'".$this->state_id."'":"null");
+        $sql.= ",state_id = ".($this->state_id>0?$this->state_id:"null");
         $sql.= ",fk_pays = ".$this->country_id;
         $sql.= " WHERE rowid = ".$this->id;
         $sql.= " AND entity = ".$conf->entity;
@@ -1694,9 +1694,9 @@ class AccountLine extends CommonObject
 		$sql .= ", '".$this->db->idate($this->datev)."'";
 		$sql .= ", '".$this->db->escape($this->label)."'";
 		$sql .= ", ".price2num($this->amount);
-		$sql .= ", ".($this->fk_user_author > 0 ? "'".$this->fk_user_author."'":"null");
-		$sql .= ", ".($this->num_chq ? "'".$this->num_chq."'" : "null");
-		$sql .= ", '".$this->fk_account."'";
+		$sql .= ", ".($this->fk_user_author > 0 ? $this->fk_user_author :"null");
+		$sql .= ", ".($this->num_chq ? "'".$this->db->escape($this->num_chq)."'" : "null");
+		$sql .= ", '".$this->db->escape($this->fk_account)."'";
 		$sql .= ", '".$this->db->escape($this->fk_type)."'";
 		$sql .= ", ".($this->emetteur ? "'".$this->db->escape($this->emetteur)."'" : "null");
 		$sql .= ", ".($this->bank_chq ? "'".$this->db->escape($this->bank_chq)."'" : "null");

htdocs/compta/deplacement/class/deplacement.class.php

@@ -107,7 +107,7 @@ class Deplacement extends CommonObject
 		$sql.= ", ".$conf->entity;
 		$sql.= ", ".$user->id;
 		$sql.= ", ".$this->fk_user;
-		$sql.= ", '".$this->type."'";
+		$sql.= ", '".$this->db->escape($this->type)."'";
 		$sql.= ", ".($this->note_private?"'".$this->db->escape($this->note_private)."'":"null");
 		$sql.= ", ".($this->note_public?"'".$this->db->escape($this->note_public)."'":"null");
 		$sql.= ", ".($this->fk_project > 0? $this->fk_project : 0);

htdocs/compta/facture/class/facture-rec.class.php

@@ -141,7 +141,7 @@ class FactureRec extends CommonInvoice
 			$sql.= ", nb_gen_max";
 			$sql.= ", auto_validate";
 			$sql.= ") VALUES (";
-			$sql.= "'".$this->titre."'";
+			$sql.= "'".$this->db->escape($this->titre)."'";
 			$sql.= ", ".$facsrc->socid;
 			$sql.= ", ".$conf->entity;
 			$sql.= ", '".$this->db->idate($now)."'";
@@ -149,11 +149,11 @@ class FactureRec extends CommonInvoice
 			$sql.= ", ".(!empty($facsrc->remise)?$this->remise:'0');
 			$sql.= ", ".(!empty($this->note_private)?("'".$this->db->escape($this->note_private)."'"):"NULL");
 			$sql.= ", ".(!empty($this->note_public)?("'".$this->db->escape($this->note_public)."'"):"NULL");
-			$sql.= ", '".$user->id."'";
+			$sql.= ", '".$this->db->escape($user->id)."'";
 			$sql.= ", ".(! empty($facsrc->fk_project)?"'".$facsrc->fk_project."'":"null");
 			$sql.= ", ".(! empty($facsrc->fk_account)?"'".$facsrc->fk_account."'":"null");
-			$sql.= ", '".$facsrc->cond_reglement_id."'";
-			$sql.= ", '".$facsrc->mode_reglement_id."'";
+			$sql.= ", '".$this->db->escape($facsrc->cond_reglement_id)."'";
+			$sql.= ", '".$this->db->escape($facsrc->mode_reglement_id)."'";
 			$sql.= ", ".$this->usenewprice;
 			$sql.= ", ".$this->frequency;
 			$sql.= ", '".$this->db->escape($this->unit_frequency)."'";
@@ -1504,7 +1504,7 @@ class FactureLigneRec extends CommonInvoiceLine
     	$sql.= ", localtax1_type='".$this->db->escape($this->localtax1_type)."'";
     	$sql.= ", localtax2_tx=".price2num($this->localtax2_tx);
     	$sql.= ", localtax2_type='".$this->db->escape($this->localtax2_type)."'";
-    	$sql.= ", fk_product=".(! empty($this->fk_product)?"'".$this->fk_product."'":"null");
+    	$sql.= ", fk_product=".($this->fk_product > 0 ? $this->fk_product :"null");
     	$sql.= ", product_type=".$this->product_type;
     	$sql.= ", remise_percent='".price2num($this->remise_percent)."'";
     	$sql.= ", subprice='".price2num($this->subprice)."'";

htdocs/compta/facture/class/facture.class.php

@@ -4446,16 +4446,16 @@ class FactureLigne extends CommonInvoiceLine
 		$sql.= ' fk_multicurrency, multicurrency_code, multicurrency_subprice, multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc';
 		$sql.= ')';
 		$sql.= " VALUES (".$this->fk_facture.",";
-		$sql.= " ".($this->fk_parent_line>0?"'".$this->fk_parent_line."'":"null").",";
+		$sql.= " ".($this->fk_parent_line>0 ? $this->fk_parent_line:"null").",";
 		$sql.= " ".(! empty($this->label)?"'".$this->db->escape($this->label)."'":"null").",";
 		$sql.= " '".$this->db->escape($this->desc)."',";
 		$sql.= " ".price2num($this->qty).",";
-        $sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->vat_src_code."'").",";
+        $sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->db->escape($this->vat_src_code)."'").",";
 		$sql.= " ".price2num($this->tva_tx).",";
 		$sql.= " ".price2num($this->localtax1_tx).",";
 		$sql.= " ".price2num($this->localtax2_tx).",";
-		$sql.= " '".$this->localtax1_type."',";
-		$sql.= " '".$this->localtax2_type."',";
+		$sql.= " '".$this->db->escape($this->localtax1_type)."',";
+		$sql.= " '".$this->db->escape($this->localtax2_type)."',";
 		$sql.= ' '.(! empty($this->fk_product)?$this->fk_product:"null").',';
 		$sql.= " ".$this->product_type.",";
 		$sql.= " ".price2num($this->remise_percent).",";
@@ -4468,7 +4468,7 @@ class FactureLigne extends CommonInvoiceLine
 		$sql.= ' '.$this->special_code.',';
 		$sql.= ' '.(! empty($this->fk_fournprice)?$this->fk_fournprice:"null").',';
 		$sql.= ' '.price2num($this->pa_ht).',';
-		$sql.= " '".$this->info_bits."',";
+		$sql.= " '".$this->db->escape($this->info_bits)."',";
 		$sql.= " ".price2num($this->total_ht).",";
 		$sql.= " ".price2num($this->total_tva).",";
 		$sql.= " ".price2num($this->total_ttc).",";

htdocs/compta/facture/class/paymentterm.class.php

@@ -85,13 +85,11 @@ class PaymentTerm // extends CommonObject
 		if (isset($this->decalage)) $this->decalage=trim($this->decalage);
 
 
-
 		// Check parameters
 		// Put here code to add control on parameters values
 
         // Insert request
 		$sql = "INSERT INTO ".MAIN_DB_PREFIX."c_payment_term(";
-
 		$sql.= "rowid,";
 		$sql.= "code,";
 		$sql.= "sortorder,";
@@ -101,21 +99,16 @@ class PaymentTerm // extends CommonObject
 		$sql.= "type_cdr,";
 		$sql.= "nbjour,";
 		$sql.= "decalage";
-
-
         $sql.= ") VALUES (";
-
-		$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->rowid."'").",";
+		$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->db->escape($this->rowid)."'").",";
 		$sql.= " ".(! isset($this->code)?'NULL':"'".$this->db->escape($this->code)."'").",";
-		$sql.= " ".(! isset($this->sortorder)?'NULL':"'".$this->sortorder."'").",";
-		$sql.= " ".(! isset($this->active)?'NULL':"'".$this->active."'").",";
+		$sql.= " ".(! isset($this->sortorder)?'NULL':"'".$this->db->escape($this->sortorder)."'").",";
+		$sql.= " ".(! isset($this->active)?'NULL':"'".$this->db->escape($this->active)."'").",";
 		$sql.= " ".(! isset($this->libelle)?'NULL':"'".$this->db->escape($this->libelle)."'").",";
 		$sql.= " ".(! isset($this->libelle_facture)?'NULL':"'".$this->db->escape($this->libelle_facture)."'").",";
-		$sql.= " ".(! isset($this->type_cdr)?'NULL':"'".$this->type_cdr."'").",";
-		$sql.= " ".(! isset($this->nbjour)?'NULL':"'".$this->nbjour."'").",";
-		$sql.= " ".(! isset($this->decalage)?'NULL':"'".$this->decalage."'")."";
-
-
+		$sql.= " ".(! isset($this->type_cdr)?'NULL':"'".$this->db->escape($this->type_cdr)."'").",";
+		$sql.= " ".(! isset($this->nbjour)?'NULL':"'".$this->db->escape($this->nbjour)."'").",";
+		$sql.= " ".(! isset($this->decalage)?'NULL':"'".$this->db->escape($this->decalage)."'")."";
 		$sql.= ")";
 
 		$this->db->begin();
@@ -285,7 +278,6 @@ class PaymentTerm // extends CommonObject
 
         // Update request
         $sql = "UPDATE ".MAIN_DB_PREFIX."c_payment_term SET";
-
 		$sql.= " code=".(isset($this->code)?"'".$this->db->escape($this->code)."'":"null").",";
 		$sql.= " sortorder=".(isset($this->sortorder)?$this->sortorder:"null").",";
 		$sql.= " active=".(isset($this->active)?$this->active:"null").",";
@@ -294,8 +286,6 @@ class PaymentTerm // extends CommonObject
 		$sql.= " type_cdr=".(isset($this->type_cdr)?$this->type_cdr:"null").",";
 		$sql.= " nbjour=".(isset($this->nbjour)?$this->nbjour:"null").",";
 		$sql.= " decalage=".(isset($this->decalage)?$this->decalage:"null")."";
-
-
         $sql.= " WHERE rowid=".$this->id;
 
 		$this->db->begin();

htdocs/compta/localtax/class/localtax.class.php

@@ -87,12 +87,12 @@ class Localtax extends CommonObject
 		$sql.= " '".$this->db->idate($this->tms)."',";
 		$sql.= " '".$this->db->idate($this->datep)."',";
 		$sql.= " '".$this->db->idate($this->datev)."',";
-		$sql.= " '".$this->amount."',";
-		$sql.= " '".$this->label."',";
-		$sql.= " '".$this->note."',";
-		$sql.= " ".($this->fk_bank <= 0 ? "NULL" : "'".$this->fk_bank."'").",";
-		$sql.= " '".$this->fk_user_creat."',";
-		$sql.= " '".$this->fk_user_modif."'";
+		$sql.= " '".$this->db->escape($this->amount)."',";
+		$sql.= " '".$this->db->escape($this->label)."',";
+		$sql.= " '".$this->db->escape($this->note)."',";
+		$sql.= " ".($this->fk_bank <= 0 ? "NULL" : "'".$this->db->escape($this->fk_bank)."'").",";
+		$sql.= " '".$this->db->escape($this->fk_user_creat)."',";
+		$sql.= " '".$this->db->escape($this->fk_user_modif)."'";
 		$sql.= ")";
 
 	   	dol_syslog(get_class($this)."::create", LOG_DEBUG);

htdocs/compta/salaries/class/paymentsalary.class.php

@@ -108,7 +108,7 @@ class PaymentSalary extends CommonObject
 		$sql.= " datesp='".$this->db->idate($this->datesp)."',";
 		$sql.= " dateep='".$this->db->idate($this->dateep)."',";
 		$sql.= " note='".$this->db->escape($this->note)."',";
-		$sql.= " fk_bank=".($this->fk_bank > 0 ? "'".$this->fk_bank."'":"null").",";
+		$sql.= " fk_bank=".($this->fk_bank > 0 ? "'".$this->db->escape($this->fk_bank)."'":"null").",";
 		$sql.= " fk_user_author=".$this->fk_user_author.",";
 		$sql.= " fk_user_modif=".$this->fk_user_modif;
 
@@ -344,18 +344,18 @@ class PaymentSalary extends CommonObject
 		$sql.= ", entity";
 		$sql.= ") ";
 		$sql.= " VALUES (";
-		$sql.= "'".$this->fk_user."'";
+		$sql.= "'".$this->db->escape($this->fk_user)."'";
 		$sql.= ", '".$this->db->idate($this->datep)."'";
 		$sql.= ", '".$this->db->idate($this->datev)."'";
 		$sql.= ", ".$this->amount;
 		$sql.= ", ".($this->salary > 0 ? $this->salary : "null");
-		$sql.= ", '".$this->type_payment."'";
-		$sql.= ", '".$this->num_payment."'";
+		$sql.= ", '".$this->db->escape($this->type_payment)."'";
+		$sql.= ", '".$this->db->escape($this->num_payment)."'";
 		if ($this->note) $sql.= ", '".$this->db->escape($this->note)."'";
 		$sql.= ", '".$this->db->escape($this->label)."'";
 		$sql.= ", '".$this->db->idate($this->datesp)."'";
 		$sql.= ", '".$this->db->idate($this->dateep)."'";
-		$sql.= ", '".$user->id."'";
+		$sql.= ", '".$this->db->escape($user->id)."'";
 		$sql.= ", '".$this->db->idate($now)."'";
 		$sql.= ", NULL";
 		$sql.= ", ".$conf->entity;

htdocs/compta/sociales/class/chargesociales.class.php

@@ -26,7 +26,7 @@
 require_once DOL_DOCUMENT_ROOT.'/core/class/commonobject.class.php';
 
 
-/** 
+/**
  *	Classe permettant la gestion des paiements des charges
  *  La tva collectee n'est calculee que sur les factures payees.
  */
@@ -36,7 +36,7 @@ class ChargeSociales extends CommonObject
     public $table='chargesociales';
     public $table_element='chargesociales';
     public $picto = 'bill';
-    
+
     /**
      * {@inheritdoc}
      */
@@ -110,7 +110,7 @@ class ChargeSociales extends CommonObject
                 $this->paye					= $obj->paye;
                 $this->periode				= $this->db->jdate($obj->periode);
                 $this->import_key			= $this->import_key;
-                
+
                 $this->db->free($resql);
 
                 return 1;
@@ -171,8 +171,8 @@ class ChargeSociales extends CommonObject
 
         $sql = "INSERT INTO ".MAIN_DB_PREFIX."chargesociales (fk_type, fk_account, fk_mode_reglement, libelle, date_ech, periode, amount, fk_projet, entity, fk_user_author, date_creation)";
         $sql.= " VALUES (".$this->type;
-        $sql.= ", ".($this->fk_account>0?$this->fk_account:'NULL');
-        $sql.= ", ".($this->mode_reglement_id>0?"'".$this->mode_reglement_id."'":"NULL");
+        $sql.= ", ".($this->fk_account>0 ? $this->fk_account:'NULL');
+        $sql.= ", ".($this->mode_reglement_id>0 ? $this->mode_reglement_id:"NULL");
         $sql.= ", '".$this->db->escape($this->lib)."'";
         $sql.= ", '".$this->db->idate($this->date_ech)."'";
 		$sql.= ", '".$this->db->idate($this->periode)."'";
@@ -378,7 +378,7 @@ class ChargeSociales extends CommonObject
         if ($return) return 1;
         else return -1;
     }
-    
+
     /**
      *  Retourne le libelle du statut d'une charge (impaye, payee)
      *
@@ -445,7 +445,7 @@ class ChargeSociales extends CommonObject
             if ($statut ==  0 && $alreadypaid > 0) return $langs->trans("BillStatusStarted").' '.img_picto($langs->trans("BillStatusStarted"), 'statut3');
             if ($statut ==  1) return $langs->trans("Paid").' '.img_picto($langs->trans("Paid"), 'statut6');
         }
-        
+
         return "Error, mode/status not found";
     }
 

htdocs/compta/tva/class/tva.class.php

@@ -106,12 +106,12 @@ class Tva extends CommonObject
 		$sql.= " '".$this->db->idate($now)."',";
 		$sql.= " '".$this->db->idate($this->datep)."',";
 		$sql.= " '".$this->db->idate($this->datev)."',";
-		$sql.= " '".$this->amount."',";
-		$sql.= " '".$this->label."',";
-		$sql.= " '".$this->note."',";
-		$sql.= " ".($this->fk_bank <= 0 ? "NULL" : "'".$this->fk_bank."'").",";
-		$sql.= " '".$this->fk_user_creat."',";
-		$sql.= " '".$this->fk_user_modif."'";
+		$sql.= " '".$this->db->escape($this->amount)."',";
+		$sql.= " '".$this->db->escape($this->label)."',";
+		$sql.= " '".$this->db->escape($this->note)."',";
+		$sql.= " ".($this->fk_bank <= 0 ? "NULL" : "'".$this->db->escape($this->fk_bank)."'").",";
+		$sql.= " '".$this->db->escape($this->fk_user_creat)."',";
+		$sql.= " '".$this->db->escape($this->fk_user_modif)."'";
 
 		$sql.= ")";
 
@@ -535,11 +535,11 @@ class Tva extends CommonObject
 		$sql.= "'".$this->db->idate($this->datep)."'";
         $sql.= ", '".$this->db->idate($this->datev)."'";
 		$sql.= ", ".$this->amount;
-        $sql.= ", '".$this->type_payment."'";
-		$sql.= ", '".$this->num_payment."'";
+        $sql.= ", '".$this->db->escape($this->type_payment)."'";
+		$sql.= ", '".$this->db->escape($this->num_payment)."'";
 		if ($this->note)  $sql.=", '".$this->db->escape($this->note)."'";
         if ($this->label) $sql.=", '".$this->db->escape($this->label)."'";
-        $sql.= ", '".$user->id."'";
+        $sql.= ", '".$this->db->escape($user->id)."'";
 		$sql.= ", NULL";
 		$sql.= ", ".$conf->entity;
         $sql.= ")";

htdocs/contact/class/contact.class.php

@@ -200,7 +200,7 @@ class Contact extends CommonObject
         $sql.= " ".(! empty($this->canvas)?"'".$this->db->escape($this->canvas)."'":"null").",";
         $sql.= " ".$conf->entity.",";
         $sql.= "'".$this->db->escape($this->ref_ext)."',";
-        $sql.= " ".(! empty($this->import_key)?"'".$this->import_key."'":"null");
+        $sql.= " ".(! empty($this->import_key)?"'".$this->db->escape($this->import_key)."'":"null");
 		$sql.= ")";
 
 		dol_syslog(get_class($this)."::create", LOG_DEBUG);
@@ -319,9 +319,9 @@ class Contact extends CommonObject
 		$sql .= ", jabberid = ".(isset($this->jabberid)?"'".$this->db->escape($this->jabberid)."'":"null");
 		$sql .= ", priv = '".$this->db->escape($this->priv)."'";
 		$sql .= ", statut = ".$this->statut;
-		$sql .= ", fk_user_modif=".($user->id > 0 ? "'".$user->id."'":"NULL");
-		$sql .= ", default_lang=".($this->default_lang?"'".$this->default_lang."'":"NULL");
-		$sql .= ", no_email=".($this->no_email?"'".$this->no_email."'":"0");
+		$sql .= ", fk_user_modif=".($user->id > 0 ? "'".$this->db->escape($user->id)."'":"NULL");
+		$sql .= ", default_lang=".($this->default_lang?"'".$this->db->escape($this->default_lang)."'":"NULL");
+		$sql .= ", no_email=".($this->no_email?"'".$this->db->escape($this->no_email)."'":"0");
 		$sql .= " WHERE rowid=".$this->db->escape($id);
 
 		dol_syslog(get_class($this)."::update", LOG_DEBUG);
@@ -492,7 +492,7 @@ class Contact extends CommonObject
 		// Mis a jour contact
 		$sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET";
 		$sql.= " birthday=".($this->birthday ? "'".$this->db->idate($this->birthday)."'" : "null");
-		$sql.= ", photo = ".($this->photo? "'".$this->photo."'" : "null");
+		$sql.= ", photo = ".($this->photo? "'".$this->db->escape($this->photo)."'" : "null");
 		if ($user) $sql .= ", fk_user_modif=".$user->id;
 		$sql.= " WHERE rowid=".$this->db->escape($id);
 

htdocs/contrat/class/contrat.class.php

@@ -928,7 +928,7 @@ class Contrat extends CommonObject
 		$sql.= ",".($this->commercial_signature_id>0?$this->commercial_signature_id:"NULL");
 		$sql.= ",".($this->commercial_suivi_id>0?$this->commercial_suivi_id:"NULL");
 		$sql.= ",".($this->fk_project>0?$this->fk_project:"NULL");
-		$sql.= ", ".(dol_strlen($this->ref)<=0 ? "null" : "'".$this->ref."'");
+		$sql.= ", ".(dol_strlen($this->ref)<=0 ? "null" : "'".$this->db->escape($this->ref)."'");
 		$sql.= ", ".$conf->entity;
 		$sql.= ", ".(!empty($this->note_private)?("'".$this->db->escape($this->note_private)."'"):"NULL");
 		$sql.= ", ".(!empty($this->note_public)?("'".$this->db->escape($this->note_public)."'"):"NULL");
@@ -2872,7 +2872,7 @@ class ContratLigne extends CommonObjectLine
 		// Update request
 		$sql = "UPDATE ".MAIN_DB_PREFIX."contratdet SET";
 		$sql.= " fk_contrat=".$this->fk_contrat.",";
-		$sql.= " fk_product=".($this->fk_product?"'".$this->fk_product."'":'null').",";
+		$sql.= " fk_product=".($this->fk_product?"'".$this->db->escape($this->fk_product)."'":'null').",";
 		$sql.= " statut=".$this->statut.",";
 		$sql.= " label='".$this->db->escape($this->label)."',";
 		$sql.= " description='".$this->db->escape($this->description)."',";
@@ -3009,16 +3009,16 @@ class ContratLigne extends CommonObjectLine
 		if ($this->date_fin_validite > 0)   { $sql.= ",date_fin_validite"; }
 		$sql.= ") VALUES ($this->fk_contrat, '', '" . $this->db->escape($this->description) . "',";
 		$sql.= ($this->fk_product>0 ? $this->fk_product : "null").",";
-		$sql.= " '".$this->qty."',";
-		$sql.= " '".$this->vat_src_code."',";
-		$sql.= " '".$this->tva_tx."',";
-		$sql.= " '".$this->localtax1_tx."',";
-		$sql.= " '".$this->localtax2_tx."',";
-		$sql.= " '".$this->localtax1_type."',";
-		$sql.= " '".$this->localtax2_type."',";
+		$sql.= " '".$this->db->escape($this->qty)."',";
+		$sql.= " '".$this->db->escape($this->vat_src_code)."',";
+		$sql.= " '".$this->db->escape($this->tva_tx)."',";
+		$sql.= " '".$this->db->escape($this->localtax1_tx)."',";
+		$sql.= " '".$this->db->escape($this->localtax2_tx)."',";
+		$sql.= " '".$this->db->escape($this->localtax1_type)."',";
+		$sql.= " '".$this->db->escape($this->localtax2_type)."',";
 		$sql.= " ".price2num($this->remise_percent).",".price2num($this->subprice).",";
 		$sql.= " ".price2num($this->total_ht).",".price2num($this->total_tva).",".price2num($this->total_localtax1).",".price2num($this->total_localtax2).",".price2num($this->total_ttc).",";
-		$sql.= " '".$this->info_bits."',";
+		$sql.= " '".$this->db->escape($this->info_bits)."',";
 		$sql.= " ".price2num($this->price_ht).",".price2num($this->remise).",";
 		if ($this->fk_fournprice > 0) $sql.= ' '.$this->fk_fournprice.',';
 		else $sql.= ' null,';

htdocs/core/class/ccountry.class.php

@@ -88,11 +88,11 @@ class Ccountry // extends CommonObject
 		$sql.= "label,";
 		$sql.= "active";
         $sql.= ") VALUES (";
-		$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->rowid."'").",";
+		$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->db->escape($this->rowid)."'").",";
 		$sql.= " ".(! isset($this->code)?'NULL':"'".$this->db->escape($this->code)."'").",";
 		$sql.= " ".(! isset($this->code_iso)?'NULL':"'".$this->db->escape($this->code_iso)."'").",";
 		$sql.= " ".(! isset($this->label)?'NULL':"'".$this->db->escape($this->label)."'").",";
-		$sql.= " ".(! isset($this->active)?'NULL':"'".$this->active."'")."";
+		$sql.= " ".(! isset($this->active)?'NULL':"'".$this->db->escape($this->active)."'")."";
 		$sql.= ")";
 
 		$this->db->begin();

htdocs/core/class/commonobject.class.php

@@ -580,8 +580,8 @@ abstract class CommonObject
             $sql = "SELECT tc.rowid";
             $sql.= " FROM ".MAIN_DB_PREFIX."c_type_contact as tc";
             $sql.= " WHERE tc.element='".$this->db->escape($this->element)."'";
-            $sql.= " AND tc.source='".$source."'";
-            $sql.= " AND tc.code='".$type_contact."' AND tc.active=1";
+            $sql.= " AND tc.source='".$this->db->escape($source)."'";
+            $sql.= " AND tc.code='".$this->db->escape($type_contact)."' AND tc.active=1";
 			//print $sql;
             $resql=$this->db->query($sql);
             if ($resql)
@@ -2475,9 +2475,9 @@ abstract class CommonObject
         $sql.= ", targettype";
         $sql.= ") VALUES (";
         $sql.= $origin_id;
-        $sql.= ", '".$origin."'";
+        $sql.= ", '".$this->db->escape($origin)."'";
         $sql.= ", ".$this->id;
-        $sql.= ", '".$this->element."'";
+        $sql.= ", '".$this->db->escape($this->element)."'";
         $sql.= ")";
 
         dol_syslog(get_class($this)."::add_object_linked", LOG_DEBUG);
@@ -3812,11 +3812,11 @@ abstract class CommonObject
 		$sql.= ", mandatory";
 		$sql.= ") VALUES (";
 		$sql.= $resource_id;
-		$sql.= ", '".$resource_type."'";
-		$sql.= ", '".$this->id."'";
-		$sql.= ", '".$this->element."'";
-		$sql.= ", '".$busy."'";
-		$sql.= ", '".$mandatory."'";
+		$sql.= ", '".$this->db->escape($resource_type)."'";
+		$sql.= ", '".$this->db->escape($this->id)."'";
+		$sql.= ", '".$this->db->escape($this->element)."'";
+		$sql.= ", '".$this->db->escape($busy)."'";
+		$sql.= ", '".$this->db->escape($mandatory)."'";
 		$sql.= ")";
 
 		dol_syslog(get_class($this)."::add_element_resource", LOG_DEBUG);

htdocs/core/class/cstate.class.php

@@ -85,10 +85,10 @@ class Cstate // extends CommonObject
 		$sql.= "nom,";
 		$sql.= "active";
         $sql.= ") VALUES (";
-		$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->rowid."'").",";
+		$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->db->escape($this->rowid)."'").",";
 		$sql.= " ".(! isset($this->code_departement)?'NULL':"'".$this->db->escape($this->code_departement)."'").",";
 		$sql.= " ".(! isset($this->nom)?'NULL':"'".$this->db->escape($this->nom)."'").",";
-		$sql.= " ".(! isset($this->active)?'NULL':"'".$this->active."'")."";
+		$sql.= " ".(! isset($this->active)?'NULL':"'".$this->db->escape($this->active)."'")."";
 		$sql.= ")";
 
 		$this->db->begin();

htdocs/core/class/ctypent.class.php

@@ -91,10 +91,10 @@ class Ctypent // extends CommonObject
 
         $sql.= ") VALUES (";
 
-		$sql.= " ".(! isset($this->id)?'NULL':"'".$this->id."'").",";
+		$sql.= " ".(! isset($this->id)?'NULL':"'".$this->db->escape($this->id)."'").",";
 		$sql.= " ".(! isset($this->code)?'NULL':"'".$this->db->escape($this->code)."'").",";
 		$sql.= " ".(! isset($this->libelle)?'NULL':"'".$this->db->escape($this->libelle)."'").",";
-		$sql.= " ".(! isset($this->active)?'NULL':"'".$this->active."'").",";
+		$sql.= " ".(! isset($this->active)?'NULL':"'".$this->db->active($this->active)."'").",";
 		$sql.= " ".(! isset($this->module)?'NULL':"'".$this->db->escape($this->module)."'")."";
 
 

htdocs/core/class/discount.class.php

@@ -158,7 +158,7 @@ class DiscountAbsolute
         $sql.= ")";
         $sql.= " VALUES (".$conf->entity.", '".$this->db->idate($this->datec!=''?$this->datec:dol_now())."', ".$this->fk_soc.", ".$user->id.", '".$this->db->escape($this->description)."',";
         $sql.= " ".$this->amount_ht.", ".$this->amount_tva.", ".$this->amount_ttc.", ".$this->tva_tx.",";
-        $sql.= " ".($this->fk_facture_source?"'".$this->fk_facture_source."'":"null");
+        $sql.= " ".($this->fk_facture_source ? "'".$this->db->escape($this->fk_facture_source)."'":"null");
         $sql.= ")";
 
         dol_syslog(get_class($this)."::create", LOG_DEBUG);

htdocs/core/class/events.class.php

@@ -126,12 +126,12 @@ class Events // extends CommonObject
 		$sql.= "fk_user,";
 		$sql.= "description";
 		$sql.= ") VALUES (";
-		$sql.= " '".$this->type."',";
+		$sql.= " '".$this->db->escape($this->type)."',";
 		$sql.= " ".$conf->entity.",";
-		$sql.= " '".$_SERVER['REMOTE_ADDR']."',";
-		$sql.= " ".($_SERVER['HTTP_USER_AGENT']?"'".dol_trunc($_SERVER['HTTP_USER_AGENT'],250)."'":'NULL').",";
+		$sql.= " '".$this->db->escape($_SERVER['REMOTE_ADDR'])."',";
+		$sql.= " ".($_SERVER['HTTP_USER_AGENT']?"'".$this->db->escape(dol_trunc($_SERVER['HTTP_USER_AGENT'],250))."'":'NULL').",";
 		$sql.= " '".$this->db->idate($this->dateevent)."',";
-		$sql.= " ".($user->id?"'".$user->id."'":'NULL').",";
+		$sql.= " ".($user->id?"'".$this->db->escape($user->id)."'":'NULL').",";
 		$sql.= " '".$this->db->escape(dol_trunc($this->description,250))."'";
 		$sql.= ")";
 

htdocs/core/class/link.class.php

@@ -89,7 +89,7 @@ class Link extends CommonObject
         $sql .= " VALUES ('".$conf->entity."', '".$this->db->idate($this->datea)."'";
         $sql .= ", '" . $this->db->escape($this->url) . "'";
         $sql .= ", '" . $this->db->escape($this->label) . "'";
-        $sql .= ", '" . $this->objecttype . "'";
+        $sql .= ", '" . $this->db->escape($this->objecttype) . "'";
         $sql .= ", " . $this->objectid . ")";
 
         dol_syslog(get_class($this)."::create", LOG_DEBUG);
@@ -100,7 +100,7 @@ class Link extends CommonObject
             if ($this->id > 0) {
                 // Call trigger
                 $result=$this->call_trigger('LINK_CREATE',$user);
-                if ($result < 0) $error++;            
+                if ($result < 0) $error++;
                 // End call triggers
             } else {
                 $error++;
@@ -283,20 +283,20 @@ class Link extends CommonObject
     public static function count($db, $objecttype, $objectid)
     {
         global $conf;
-    
+
         $sql = "SELECT COUNT(rowid) as nb FROM " . MAIN_DB_PREFIX . "links";
         $sql .= " WHERE objecttype = '" . $objecttype . "' AND objectid = " . $objectid;
         if ($conf->entity != 0) $sql .= " AND entity = " . $conf->entity;
-    
+
         $resql = $db->query($sql);
         if ($resql)
         {
             $obj = $db->fetch_object($resql);
             if ($obj) return $obj->nb;
-        } 
+        }
         return -1;
     }
-    
+
     /**
      *  Loads a link from database
      *
@@ -354,8 +354,8 @@ class Link extends CommonObject
 
         // Call trigger
         $result=$this->call_trigger('LINK_DELETE',$user);
-        if ($result < 0) return -1;            
-        // End call triggers         
+        if ($result < 0) return -1;
+        // End call triggers
 
         $this->db->begin();
 

htdocs/core/class/menubase.class.php

@@ -144,15 +144,15 @@ class Menubase
         $sql.= "enabled,";
         $sql.= "usertype";
         $sql.= ") VALUES (";
-        $sql.= " '".$this->menu_handler."',";
-        $sql.= " '".$conf->entity."',";
-        $sql.= " '".$this->module."',";
-        $sql.= " '".$this->type."',";
-        $sql.= " ".($this->mainmenu?"'".$this->mainmenu."'":"''").",";    // Can't be null
-        $sql.= " ".($this->leftmenu?"'".$this->leftmenu."'":"null").",";
-        $sql.= " '".$this->fk_menu."',";
-        $sql.= " ".($this->fk_mainmenu?"'".$this->fk_mainmenu."'":"null").",";
-        $sql.= " ".($this->fk_leftmenu?"'".$this->fk_leftmenu."'":"null").",";
+        $sql.= " '".$this->db->escape($this->menu_handler)."',";
+        $sql.= " '".$this->db->escape($conf->entity)."',";
+        $sql.= " '".$this->db->escape($this->module)."',";
+        $sql.= " '".$this->db->escape($this->type)."',";
+        $sql.= " ".($this->mainmenu?"'".$this->db->escape($this->mainmenu)."'":"''").",";    // Can't be null
+        $sql.= " ".($this->leftmenu?"'".$this->db->escape($this->leftmenu)."'":"null").",";
+        $sql.= " '".$this->db->escape($this->fk_menu)."',";
+        $sql.= " ".($this->fk_mainmenu?"'".$this->db->escape($this->fk_mainmenu)."'":"null").",";
+        $sql.= " ".($this->fk_leftmenu?"'".$this->db->escape($this->fk_leftmenu)."'":"null").",";
         $sql.= " '".(int) $this->position."',";
         $sql.= " '".$this->db->escape($this->url)."',";
         $sql.= " '".$this->db->escape($this->target)."',";
@@ -160,7 +160,7 @@ class Menubase
         $sql.= " '".$this->db->escape($this->langs)."',";
         $sql.= " '".$this->db->escape($this->perms)."',";
         $sql.= " '".$this->db->escape($this->enabled)."',";
-        $sql.= " '".$this->user."'";
+        $sql.= " '".$this->db->escape($this->user)."'";
         $sql.= ")";
 
         dol_syslog(get_class($this)."::create", LOG_DEBUG);
@@ -220,8 +220,8 @@ class Menubase
         $sql.= " mainmenu='".$this->db->escape($this->mainmenu)."',";
         $sql.= " leftmenu='".$this->db->escape($this->leftmenu)."',";
         $sql.= " fk_menu='".$this->db->escape($this->fk_menu)."',";
-        $sql.= " fk_mainmenu=".($this->fk_mainmenu?"'".$this->fk_mainmenu."'":"null").",";
-        $sql.= " fk_leftmenu=".($this->fk_leftmenu?"'".$this->fk_leftmenu."'":"null").",";
+        $sql.= " fk_mainmenu=".($this->fk_mainmenu?"'".$this->db->escape($this->fk_mainmenu)."'":"null").",";
+        $sql.= " fk_leftmenu=".($this->fk_leftmenu?"'".$this->db->escape($this->fk_leftmenu)."'":"null").",";
         $sql.= " position=".($this->position > 0 ? $this->position : 0).",";
         $sql.= " url='".$this->db->escape($this->url)."',";
         $sql.= " target='".$this->db->escape($this->target)."',";

htdocs/core/modules/DolibarrModules.class.php

@@ -1426,7 +1426,7 @@ class DolibarrModules           // Can not be abstract, because we need to insta
         $err=0;
 
         $sql = "DELETE FROM ".MAIN_DB_PREFIX."const";
-        $sql.= " WHERE ".$this->db->decrypt('name')." like '".$this->const_name."_TABS_%'";
+        $sql.= " WHERE ".$this->db->decrypt('name')." like '".$this->db->escape($this->const_name)."_TABS_%'";
         $sql.= " AND entity = ".$conf->entity;
 
         dol_syslog(get_class($this)."::delete_tabs", LOG_DEBUG);
@@ -2019,7 +2019,7 @@ class DolibarrModules           // Can not be abstract, because we need to insta
         $err=0;
 
         $sql = "DELETE FROM ".MAIN_DB_PREFIX."const";
-        $sql.= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->const_name."_DIR_%'";
+        $sql.= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->db->escape($this->const_name)."_DIR_%'";
         $sql.= " AND entity = ".$conf->entity;
 
         dol_syslog(get_class($this)."::delete_dirs", LOG_DEBUG);
@@ -2128,7 +2128,7 @@ class DolibarrModules           // Can not be abstract, because we need to insta
                 if (is_array($value) && isset($value['entity'])) $entity = $value['entity'];
 
                 $sql = "DELETE FROM ".MAIN_DB_PREFIX."const";
-                $sql.= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->const_name."_".strtoupper($key)."'";
+                $sql.= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->db->escape($this->const_name)."_".strtoupper($key)."'";
                 $sql.= " AND entity = ".$entity;
 
                 dol_syslog(get_class($this)."::delete_const_".$key."", LOG_DEBUG);

htdocs/core/modules/cheque/mod_chequereceipt_mint.php

@@ -73,7 +73,7 @@ class mod_chequereceipt_mint extends ModeleNumRefChequeReceipts
 		$posindice=9;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."bordereau_cheque";
-		$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -107,7 +107,7 @@ class mod_chequereceipt_mint extends ModeleNumRefChequeReceipts
 		$posindice=9;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."bordereau_cheque";
-		$sql.= " WHERE ref like '".$this->prefix."____-%'";
+		$sql.= " WHERE ref like '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);

htdocs/core/modules/commande/mod_commande_marbre.php

@@ -73,7 +73,7 @@ class mod_commande_marbre extends ModeleNumRefCommandes
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."commande";
-		$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -107,7 +107,7 @@ class mod_commande_marbre extends ModeleNumRefCommandes
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."commande";
-		$sql.= " WHERE ref like '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);

htdocs/core/modules/contract/mod_contract_serpis.php

@@ -72,7 +72,7 @@ class mod_contract_serpis extends ModelNumRefContracts
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."contrat";
-		$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -105,7 +105,7 @@ class mod_contract_serpis extends ModelNumRefContracts
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."contrat";
-		$sql.= " WHERE ref like '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);

htdocs/core/modules/expedition/mod_expedition_safor.php

@@ -71,7 +71,7 @@ class mod_expedition_safor extends ModelNumRefExpedition
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."expedition";
-		$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -104,7 +104,7 @@ class mod_expedition_safor extends ModelNumRefExpedition
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."expedition";
-		$sql.= " WHERE ref like '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);

htdocs/core/modules/expensereport/mod_expensereport_jade.php

@@ -72,7 +72,7 @@ class mod_expensereport_jade extends ModeleNumRefExpenseReport
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."expensereport";
-		$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -105,7 +105,7 @@ class mod_expensereport_jade extends ModeleNumRefExpenseReport
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."expensereport";
-		$sql.= " WHERE ref like '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);

htdocs/core/modules/facture/mod_facture_mars.php

@@ -37,7 +37,7 @@ class mod_facture_mars extends ModeleNumRefFactures
 	var $prefixcreditnote='AV';
 	var $error='';
 
-	
+
 	/**
 	 * Constructor
 	 */
@@ -48,7 +48,7 @@ class mod_facture_mars extends ModeleNumRefFactures
 			$this->prefixinvoice = $conf->global->INVOICE_NUMBERING_MARS_FORCE_PREFIX;
 		}
 	}
-	
+
 	/**
 	 *  Renvoi la description du modele de numerotation
 	 *
@@ -89,7 +89,7 @@ class mod_facture_mars extends ModeleNumRefFactures
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(facnumber FROM ".$posindice.") AS SIGNED) as max";	// This is standard SQL
 		$sql.= " FROM ".MAIN_DB_PREFIX."facture";
-		$sql.= " WHERE facnumber LIKE '".$this->prefixinvoice."____-%'";
+		$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixinvoice)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -111,7 +111,7 @@ class mod_facture_mars extends ModeleNumRefFactures
 		$posindice=8;
 		$sql = "SELECT MAX(SUBSTRING(facnumber FROM ".$posindice.")) as max";	// This is standard SQL
 		$sql.= " FROM ".MAIN_DB_PREFIX."facture";
-		$sql.= " WHERE facnumber LIKE '".$this->prefixcreditnote."____-%'";
+		$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixcreditnote)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);

htdocs/core/modules/facture/mod_facture_terre.php

@@ -35,7 +35,7 @@ class mod_facture_terre extends ModeleNumRefFactures
 	var $prefixdeposit='AC';
 	var $error='';
 
-	
+
 	/**
 	 * Constructor
 	 */
@@ -46,7 +46,7 @@ class mod_facture_terre extends ModeleNumRefFactures
 			$this->prefixinvoice = $conf->global->INVOICE_NUMBERING_TERRE_FORCE_PREFIX;
 		}
 	}
-	
+
 	/**
 	 *  Renvoi la description du modele de numerotation
 	 *
@@ -87,7 +87,7 @@ class mod_facture_terre extends ModeleNumRefFactures
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(facnumber FROM ".$posindice.") AS SIGNED)) as max";	// This is standard SQL
 		$sql.= " FROM ".MAIN_DB_PREFIX."facture";
-		$sql.= " WHERE facnumber LIKE '".$this->prefixinvoice."____-%'";
+		$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixinvoice)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -109,7 +109,7 @@ class mod_facture_terre extends ModeleNumRefFactures
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(facnumber FROM ".$posindice.") AS SIGNED)) as max";	// This is standard SQL
 		$sql.= " FROM ".MAIN_DB_PREFIX."facture";
-		$sql.= " WHERE facnumber LIKE '".$this->prefixcreditnote."____-%'";
+		$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixcreditnote)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -130,7 +130,7 @@ class mod_facture_terre extends ModeleNumRefFactures
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(facnumber FROM ".$posindice.") AS SIGNED)) as max";	// This is standard SQL
 		$sql.= " FROM ".MAIN_DB_PREFIX."facture";
-		$sql.= " WHERE facnumber LIKE '".$this->prefixdeposit."____-%'";
+		$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixdeposit)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);

htdocs/core/modules/fichinter/mod_pacific.php

@@ -74,7 +74,7 @@ class mod_pacific extends ModeleNumRefFicheinter
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."fichinter";
-		$sql.= " WHERE ref like '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " WHERE entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -110,7 +110,7 @@ class mod_pacific extends ModeleNumRefFicheinter
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."fichinter";
-		$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);

htdocs/core/modules/livraison/mod_livraison_jade.php

@@ -80,7 +80,7 @@ class mod_livraison_jade extends ModeleNumRefDeliveryOrder
         $posindice=8;
         $sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";   // This is standard SQL
         $sql.= " FROM ".MAIN_DB_PREFIX."livraison";
-        $sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+        $sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
         $sql.= " AND entity = ".$conf->entity;
 
         $resql=$db->query($sql);
@@ -114,7 +114,7 @@ class mod_livraison_jade extends ModeleNumRefDeliveryOrder
         $posindice=8;
         $sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";   // This is standard SQL
         $sql.= " FROM ".MAIN_DB_PREFIX."livraison";
-        $sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+        $sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
         $sql.= " AND entity = ".$conf->entity;
 
         $resql=$db->query($sql);

htdocs/core/modules/payment/mod_payment_cicada.php

@@ -73,7 +73,7 @@ class mod_payment_cicada extends ModeleNumRefPayments
 		$posindice=9;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."paiement";
-		$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -107,7 +107,7 @@ class mod_payment_cicada extends ModeleNumRefPayments
 		$posindice=9;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."paiement";
-		$sql.= " WHERE ref like '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);

htdocs/core/modules/project/mod_project_simple.php

@@ -75,7 +75,7 @@ class mod_project_simple extends ModeleNumRefProjects
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
         $sql.= " FROM ".MAIN_DB_PREFIX."projet";
-		$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
         $sql.= " AND entity = ".$conf->entity;
         $resql=$db->query($sql);
         if ($resql)
@@ -111,7 +111,7 @@ class mod_project_simple extends ModeleNumRefProjects
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."projet";
-		$sql.= " WHERE ref like '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);

htdocs/core/modules/project/task/mod_task_simple.php

@@ -76,7 +76,7 @@ class mod_task_simple extends ModeleNumRefTask
 		$sql = "SELECT MAX(CAST(SUBSTRING(task.ref FROM " . $posindice . ") AS SIGNED)) as max";
 		$sql .= " FROM " . MAIN_DB_PREFIX . "projet_task AS task, ";
 		$sql .= MAIN_DB_PREFIX . "projet AS project WHERE task.fk_projet=project.rowid";
-		$sql .= " AND task.ref LIKE '" . $this->prefix . "____-%'";
+		$sql .= " AND task.ref LIKE '" . $this->db->escape($this->prefix) . "____-%'";
 		$sql .= " AND project.entity = " . $conf->entity;
         $resql=$db->query($sql);
         if ($resql)
@@ -112,7 +112,7 @@ class mod_task_simple extends ModeleNumRefTask
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."projet_task";
-		$sql.= " WHERE ref like '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 
 		$resql=$db->query($sql);
 		if ($resql)

htdocs/core/modules/propale/mod_propale_marbre.php

@@ -75,7 +75,7 @@ class mod_propale_marbre extends ModeleNumRefPropales
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."propal";
-		$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -112,7 +112,7 @@ class mod_propale_marbre extends ModeleNumRefPropales
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";	// This is standard SQL
 		$sql.= " FROM ".MAIN_DB_PREFIX."propal";
-		$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);

htdocs/core/modules/supplier_invoice/mod_facture_fournisseur_cactus.php

@@ -82,7 +82,7 @@ class mod_facture_fournisseur_cactus extends ModeleNumRefSuppliersInvoices
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."facture_fourn";
-		$sql.= " WHERE ref LIKE '".$this->prefixinvoice."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefixinvoice)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 		$resql=$db->query($sql);
 		if ($resql)
@@ -103,7 +103,7 @@ class mod_facture_fournisseur_cactus extends ModeleNumRefSuppliersInvoices
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";	// This is standard SQL
 		$sql.= " FROM ".MAIN_DB_PREFIX."facture_fourn";
-		$sql.= " WHERE ref LIKE '".$this->prefixcreditnote."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefixcreditnote)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -124,7 +124,7 @@ class mod_facture_fournisseur_cactus extends ModeleNumRefSuppliersInvoices
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";	// This is standard SQL
 		$sql.= " FROM ".MAIN_DB_PREFIX."facture_fourn";
-		$sql.= " WHERE ref LIKE '".$this->prefixdeposit."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefixdeposit)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -202,7 +202,7 @@ class mod_facture_fournisseur_cactus extends ModeleNumRefSuppliersInvoices
         {
         	$date=$object->date;	// This is invoice date (not creation date)
         	$yymm = strftime("%y%m",$date);
-        	
+
         	if ($max >= (pow(10, 4) - 1)) $num=$max+1;	// If counter > 9999, we do not format on 4 chars, we take number as it is
         	else $num = sprintf("%04s",$max+1);
 

htdocs/core/modules/supplier_order/mod_commande_fournisseur_muguet.php

@@ -85,7 +85,7 @@ class mod_commande_fournisseur_muguet extends ModeleNumRefSuppliersOrders
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
         $sql.= " FROM ".MAIN_DB_PREFIX."commande_fournisseur";
-		$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
         $sql.= " AND entity = ".$conf->entity;
         $resql=$db->query($sql);
         if ($resql)
@@ -120,7 +120,7 @@ class mod_commande_fournisseur_muguet extends ModeleNumRefSuppliersOrders
         $posindice=8;
         $sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
         $sql.= " FROM ".MAIN_DB_PREFIX."commande_fournisseur";
-		$sql.= " WHERE ref like '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
         $sql.= " AND entity = ".$conf->entity;
 
         $resql=$db->query($sql);

htdocs/core/modules/supplier_payment/mod_supplier_payment_bronan.php

@@ -73,7 +73,7 @@ class mod_supplier_payment_bronan extends ModeleNumRefSupplierPayments
 		$posindice=9;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."paiementfourn";
-		$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -107,7 +107,7 @@ class mod_supplier_payment_bronan extends ModeleNumRefSupplierPayments
 		$posindice=10;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."paiementfourn";
-		$sql.= " WHERE ref like '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);

htdocs/core/modules/supplier_proposal/mod_supplier_proposal_marbre.php

@@ -75,7 +75,7 @@ class mod_supplier_proposal_marbre extends ModeleNumRefSupplierProposal
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
 		$sql.= " FROM ".MAIN_DB_PREFIX."supplier_proposal";
-		$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);
@@ -112,7 +112,7 @@ class mod_supplier_proposal_marbre extends ModeleNumRefSupplierProposal
 		$posindice=8;
 		$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";	// This is standard SQL
 		$sql.= " FROM ".MAIN_DB_PREFIX."supplier_proposal";
-		$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
+		$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
 		$sql.= " AND entity = ".$conf->entity;
 
 		$resql=$db->query($sql);

htdocs/cron/class/cronjob.class.php

@@ -201,7 +201,7 @@ class Cronjob extends CommonObject
 		$sql.= " ".(! isset($this->lastresult)?'NULL':"'".$this->db->escape($this->lastresult)."'").",";
 		$sql.= " ".(! isset($this->datelastresult) || dol_strlen($this->datelastresult)==0?'NULL':"'".$this->db->idate($this->datelastresult)."'").",";
 		$sql.= " ".(! isset($this->lastoutput)?'NULL':"'".$this->db->escape($this->lastoutput)."'").",";
-		$sql.= " ".(! isset($this->unitfrequency)?'NULL':"'".$this->unitfrequency."'").",";
+		$sql.= " ".(! isset($this->unitfrequency)?'NULL':"'".$this->db->escape($this->unitfrequency)."'").",";
 		$sql.= " ".(! isset($this->frequency)?'0':$this->frequency).",";
 		$sql.= " ".(! isset($this->status)?'0':$this->status).",";
 		$sql.= " ".$user->id.",";

htdocs/ecm/class/ecmdirectory.class.php

@@ -134,12 +134,12 @@ class EcmDirectory // extends CommonObject
 			$sql.= "fk_user_c";
 			$sql.= ") VALUES (";
 			$sql.= " '".$this->db->escape($this->label)."',";
-			$sql.= " '".$conf->entity."',";
-			$sql.= " '".$this->fk_parent."',";
+			$sql.= " '".$this->db->escape($conf->entity)."',";
+			$sql.= " '".$this->db->escape($this->fk_parent)."',";
 			$sql.= " '".$this->db->escape($this->description)."',";
 			$sql.= " ".$this->cachenbofdoc.",";
 			$sql.= " '".$this->db->idate($this->date_c)."',";
-			$sql.= " '".$this->fk_user_c."'";
+			$sql.= " '".$this->db->escape($this->fk_user_c)."'";
 			$sql.= ")";
 
 			dol_syslog(get_class($this)."::create", LOG_DEBUG);

htdocs/expedition/class/expedition.class.php

@@ -1769,7 +1769,7 @@ class Expedition extends CommonObject
         if ($id=='')
         {
             $sql = "INSERT INTO ".MAIN_DB_PREFIX."c_shipment_mode (code, libelle, description, tracking)";
-            $sql.=" VALUES ('".$this->update['code']."','".$this->update['libelle']."','".$this->update['description']."','".$this->update['tracking']."')";
+            $sql.=" VALUES ('".$this->db->escape($this->update['code'])."','".$this->db->escape($this->update['libelle'])."','".$this->db->escape($this->update['description'])."','".$this->db->escape($this->update['tracking'])."')";
             $resql = $this->db->query($sql);
         }
         else

htdocs/fourn/class/fournisseur.commande.class.php

@@ -1414,7 +1414,7 @@ class CommandeFournisseur extends CommonOrder
                             if ($remise_percent == 0 && $prod->remise_percent !=0)
                             	$remise_percent =$prod->remise_percent;
 
-				
+
                         }
                         if ($result == 0)                   // If result == 0, we failed to found the supplier reference price
                         {
@@ -2678,14 +2678,14 @@ class CommandeFournisseur extends CommonOrder
                 if ($db->num_rows($query))
                 {
                     $obj = $db->fetch_object($query);
-    
+
                     $string = $langs->trans($obj->code);
                     if ($string == $obj->code)
                     {
                         $string = $obj->label != '-' ? $obj->label : '';
                     }
                     return $string;
-                }    
+                }
             }
             else dol_print_error($db);
         }
@@ -3129,15 +3129,15 @@ class CommandeFournisseurLigne extends CommonOrderLine
         $sql.= " ".($this->date_end?"'".$this->db->idate($this->date_end)."'":"null").",";
         if ($this->fk_product) { $sql.= $this->fk_product.","; }
         else { $sql.= "null,"; }
-        $sql.= "'".$this->product_type."',";
-        $sql.= "'".$this->qty."', ";
+        $sql.= "'".$this->db->escape($this->product_type)."',";
+        $sql.= "'".$this->db->escape($this->qty)."', ";
 
-        $sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->vat_src_code."'").",";
+        $sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->db->escape($this->vat_src_code)."'").",";
         $sql.= " ".$this->tva_tx.", ";
         $sql.= " ".$this->localtax1_tx.",";
         $sql.= " ".$this->localtax2_tx.",";
-        $sql.= " '".$this->localtax1_type."',";
-        $sql.= " '".$this->localtax2_type."',";
+        $sql.= " '".$this->db->escape($this->localtax1_type)."',";
+        $sql.= " '".$this->db->escape($this->localtax2_type)."',";
         $sql.= " ".$this->remise_percent.", ".price2num($this->subprice,'MU').", '".$this->db->escape($this->ref_supplier)."',";
         $sql.= " ".price2num($this->total_ht).",";
         $sql.= " ".price2num($this->total_tva).",";

htdocs/fourn/class/fournisseur.commande.dispatch.class.php

@@ -105,14 +105,11 @@ class CommandeFournisseurDispatch extends CommonObject
 		if (isset($this->status)) $this->status=trim($this->status);
 		if (isset($this->batch)) $this->batch=trim($this->batch);
 
-
-
 		// Check parameters
 		// Put here code to add control on parameters values
 
         // Insert request
 		$sql = "INSERT INTO ".MAIN_DB_PREFIX.$this->table_element."(";
-
 		$sql.= "fk_commande,";
 		$sql.= "fk_product,";
 		$sql.= "fk_commandefourndet,";
@@ -125,24 +122,19 @@ class CommandeFournisseurDispatch extends CommonObject
 		$sql.= "batch,";
 		$sql.= "eatby,";
 		$sql.= "sellby";
-
-
         $sql.= ") VALUES (";
-
-		$sql.= " ".(! isset($this->fk_commande)?'NULL':"'".$this->fk_commande."'").",";
-		$sql.= " ".(! isset($this->fk_product)?'NULL':"'".$this->fk_product."'").",";
-		$sql.= " ".(! isset($this->fk_commandefourndet)?'NULL':"'".$this->fk_commandefourndet."'").",";
-		$sql.= " ".(! isset($this->qty)?'NULL':"'".$this->qty."'").",";
-		$sql.= " ".(! isset($this->fk_entrepot)?'NULL':"'".$this->fk_entrepot."'").",";
-		$sql.= " ".(! isset($this->fk_user)?'NULL':"'".$this->fk_user."'").",";
+		$sql.= " ".(! isset($this->fk_commande)?'NULL':"'".$this->db->escape($this->fk_commande)."'").",";
+		$sql.= " ".(! isset($this->fk_product)?'NULL':"'".$this->db->escape($this->fk_product)."'").",";
+		$sql.= " ".(! isset($this->fk_commandefourndet)?'NULL':"'".$this->db->escape($this->fk_commandefourndet)."'").",";
+		$sql.= " ".(! isset($this->qty)?'NULL':"'".$this->db->escape($this->qty)."'").",";
+		$sql.= " ".(! isset($this->fk_entrepot)?'NULL':"'".$this->db->escape($this->fk_entrepot)."'").",";
+		$sql.= " ".(! isset($this->fk_user)?'NULL':"'".$this->db->escape($this->fk_user)."'").",";
 		$sql.= " ".(! isset($this->datec) || dol_strlen($this->datec)==0?'NULL':"'".$this->db->idate($this->datec)."'").",";
 		$sql.= " ".(! isset($this->comment)?'NULL':"'".$this->db->escape($this->comment)."'").",";
-		$sql.= " ".(! isset($this->status)?'NULL':"'".$this->status."'").",";
+		$sql.= " ".(! isset($this->status)?'NULL':"'".$this->db->escape($this->status)."'").",";
 		$sql.= " ".(! isset($this->batch)?'NULL':"'".$this->db->escape($this->batch)."'").",";
 		$sql.= " ".(! isset($this->eatby) || dol_strlen($this->eatby)==0?'NULL':"'".$this->db->idate($this->eatby)."'").",";
 		$sql.= " ".(! isset($this->sellby) || dol_strlen($this->sellby)==0?'NULL':"'".$this->db->idate($this->sellby)."'")."";
-
-
 		$sql.= ")";
 
 		$this->db->begin();

htdocs/fourn/class/fournisseur.facture.class.php

@@ -2701,17 +2701,17 @@ class SupplierInvoiceLine extends CommonObjectLine
         $sql.= ', fk_multicurrency, multicurrency_code, multicurrency_subprice, multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc';
         $sql.= ')';
         $sql.= " VALUES (".$this->fk_facture_fourn.",";
-        $sql.= " ".($this->fk_parent_line>0?"'".$this->fk_parent_line."'":"null").",";
+        $sql.= " ".($this->fk_parent_line>0?"'".$this->db->escape($this->fk_parent_line)."'":"null").",";
         $sql.= " ".(! empty($this->label)?"'".$this->db->escape($this->label)."'":"null").",";
         $sql.= " '".$this->db->escape($this->desc)."',";
         $sql.= " ".price2num($this->qty).",";
 
-        $sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->vat_src_code."'").",";
+        $sql.= " ".(empty($this->vat_src_code)?"''":"'".$this->db->escape($this->vat_src_code)."'").",";
         $sql.= " ".price2num($this->tva_tx).",";
         $sql.= " ".price2num($this->localtax1_tx).",";
         $sql.= " ".price2num($this->localtax2_tx).",";
-        $sql.= " '".$this->localtax1_type."',";
-        $sql.= " '".$this->localtax2_type."',";
+        $sql.= " '".$this->db->escape($this->localtax1_type)."',";
+        $sql.= " '".$this->db->escape($this->localtax2_type)."',";
         $sql.= ' '.(! empty($this->fk_product)?$this->fk_product:"null").',';
         $sql.= " ".$this->product_type.",";
         $sql.= " ".price2num($this->remise_percent).",";
@@ -2722,7 +2722,7 @@ class SupplierInvoiceLine extends CommonObjectLine
         $sql.= ' '.(!empty($this->fk_code_ventilation)?$this->fk_code_ventilation:0).',';
         $sql.= ' '.$this->rang.',';
         $sql.= ' '.$this->special_code.',';
-        $sql.= " '".$this->info_bits."',";
+        $sql.= " '".$this->db->escape($this->info_bits)."',";
         $sql.= " ".price2num($this->total_ht).",";
         $sql.= " ".price2num($this->total_tva).",";
         $sql.= " ".price2num($this->total_ttc).",";

htdocs/holiday/class/holiday.class.php

@@ -143,14 +143,14 @@ class Holiday extends CommonObject
         $sql.= "fk_user_create,";
         $sql.= "entity";
         $sql.= ") VALUES (";
-        $sql.= "'".$this->fk_user."',";
+        $sql.= "'".$this->db->escape($this->fk_user)."',";
         $sql.= " '".$this->db->idate($now)."',";
         $sql.= " '".$this->db->escape($this->description)."',";
         $sql.= " '".$this->db->idate($this->date_debut)."',";
         $sql.= " '".$this->db->idate($this->date_fin)."',";
         $sql.= " ".$this->halfday.",";
         $sql.= " '1',";
-        $sql.= " '".$this->fk_validator."',";
+        $sql.= " '".$this->db->escape($this->fk_validator)."',";
         $sql.= " ".$this->fk_type.",";
         $sql.= " ".$user->id.",";
         $sql.= " ".$conf->entity;

htdocs/imports/class/import.class.php

@@ -45,7 +45,7 @@ class Import
 
 	var $error;
 	var $errors;
-	
+
 
 	/**
 	 *    Constructor
@@ -242,7 +242,7 @@ class Import
 		$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'import_model (';
 		$sql.= 'fk_user, label, type, field';
 		$sql.= ')';
-		$sql.= " VALUES (".($user->id > 0 ? $user->id : 0).", '".$this->db->escape($this->model_name)."', '".$this->datatoimport."', '".$this->hexa."')";
+		$sql.= " VALUES (".($user->id > 0 ? $user->id : 0).", '".$this->db->escape($this->model_name)."', '".$this->db->escape($this->datatoimport)."', '".$this->db->escape($this->hexa)."')";
 
 		dol_syslog(get_class($this)."::create", LOG_DEBUG);
 		$resql=$this->db->query($sql);

htdocs/product/class/product.class.php

@@ -536,12 +536,12 @@ class Product extends CommonObject
 					$sql.= ", ".$this->type;
 					$sql.= ", ".price2num($price_ht);
 					$sql.= ", ".price2num($price_ttc);
-					$sql.= ", '".$this->price_base_type."'";
+					$sql.= ", '".$this->db->escape($this->price_base_type)."'";
 					$sql.= ", ".$this->status;
 					$sql.= ", ".$this->status_buy;
-					$sql.= ", '".$this->accountancy_code_buy."'";
-					$sql.= ", '".$this->accountancy_code_sell."'";
-					$sql.= ", '".$this->canvas."'";
+					$sql.= ", '".$this->db->escape($this->accountancy_code_buy)."'";
+					$sql.= ", '".$this->db->escape($this->accountancy_code_sell)."'";
+					$sql.= ", '".$this->db->escape($this->canvas)."'";
 					$sql.= ", ".((! isset($this->finished) || $this->finished < 0 || $this->finished == '') ? 'null' : (int) $this->finished);
 					$sql.= ", ".((empty($this->status_batch) || $this->status_batch < 0)? '0':$this->status_batch);
 					$sql.= ", ".(!$this->fk_unit ? 'NULL' : $this->fk_unit);
@@ -853,8 +853,8 @@ class Product extends CommonObject
 			$sql.= ", recuperableonly = " . $this->tva_npr;
 			$sql.= ", localtax1_tx = " . $this->localtax1_tx;
 			$sql.= ", localtax2_tx = " . $this->localtax2_tx;
-			$sql.= ", localtax1_type = " . ($this->localtax1_type!=''?"'".$this->localtax1_type."'":"'0'");
-			$sql.= ", localtax2_type = " . ($this->localtax2_type!=''?"'".$this->localtax2_type."'":"'0'");
+			$sql.= ", localtax1_type = " . ($this->localtax1_type!=''?"'".$this->db->escape($this->localtax1_type)."'":"'0'");
+			$sql.= ", localtax2_type = " . ($this->localtax2_type!=''?"'".$this->db->escape($this->localtax2_type)."'":"'0'");
 
 			$sql.= ", barcode = ". (empty($this->barcode)?"null":"'".$this->db->escape($this->barcode)."'");
 			$sql.= ", fk_barcode_type = ". (empty($this->barcode_type)?"null":$this->db->escape($this->barcode_type));
@@ -863,19 +863,19 @@ class Product extends CommonObject
 			$sql.= ", tobuy = " . $this->status_buy;
 			$sql.= ", tobatch = " . ((empty($this->status_batch) || $this->status_batch < 0) ? '0' : $this->status_batch);
 			$sql.= ", finished = " . ((! isset($this->finished) || $this->finished < 0) ? "null" : (int) $this->finished);
-			$sql.= ", weight = " . ($this->weight!='' ? "'".$this->weight."'" : 'null');
-			$sql.= ", weight_units = " . ($this->weight_units!='' ? "'".$this->weight_units."'": 'null');
-			$sql.= ", length = " . ($this->length!='' ? "'".$this->length."'" : 'null');
-			$sql.= ", length_units = " . ($this->length_units!='' ? "'".$this->length_units."'" : 'null');
-			$sql.= ", width= " . ($this->width!='' ? "'".$this->width."'" : 'null');
-			$sql.= ", width_units = " . ($this->width_units!='' ? "'".$this->width_units."'" : 'null');
-			$sql.= ", height = " . ($this->height!='' ? "'".$this->height."'" : 'null');
-			$sql.= ", height_units = " . ($this->height_units!='' ? "'".$this->height_units."'" : 'null');
-			$sql.= ", surface = " . ($this->surface!='' ? "'".$this->surface."'" : 'null');
-			$sql.= ", surface_units = " . ($this->surface_units!='' ? "'".$this->surface_units."'" : 'null');
-			$sql.= ", volume = " . ($this->volume!='' ? "'".$this->volume."'" : 'null');
-			$sql.= ", volume_units = " . ($this->volume_units!='' ? "'".$this->volume_units."'" : 'null');
-			$sql.= ", seuil_stock_alerte = " . ((isset($this->seuil_stock_alerte) && $this->seuil_stock_alerte != '') ? "'".$this->seuil_stock_alerte."'" : "null");
+			$sql.= ", weight = " . ($this->weight!='' ? "'".$this->db->escape($this->weight)."'" : 'null');
+			$sql.= ", weight_units = " . ($this->weight_units!='' ? "'".$this->db->escape($this->weight_units)."'": 'null');
+			$sql.= ", length = " . ($this->length!='' ? "'".$this->db->escape($this->length)."'" : 'null');
+			$sql.= ", length_units = " . ($this->length_units!='' ? "'".$this->db->escape($this->length_units)."'" : 'null');
+			$sql.= ", width= " . ($this->width!='' ? "'".$this->db->escape($this->width)."'" : 'null');
+			$sql.= ", width_units = " . ($this->width_units!='' ? "'".$this->db->escape($this->width_units)."'" : 'null');
+			$sql.= ", height = " . ($this->height!='' ? "'".$this->db->escape($this->height)."'" : 'null');
+			$sql.= ", height_units = " . ($this->height_units!='' ? "'".$this->db->escape($this->height_units)."'" : 'null');
+			$sql.= ", surface = " . ($this->surface!='' ? "'".$this->db->escape($this->surface)."'" : 'null');
+			$sql.= ", surface_units = " . ($this->surface_units!='' ? "'".$this->db->escape($this->surface_units)."'" : 'null');
+			$sql.= ", volume = " . ($this->volume!='' ? "'".$this->db->escape($this->volume)."'" : 'null');
+			$sql.= ", volume_units = " . ($this->volume_units!='' ? "'".$this->db->escape($this->volume_units)."'" : 'null');
+			$sql.= ", seuil_stock_alerte = " . ((isset($this->seuil_stock_alerte) && $this->seuil_stock_alerte != '') ? "'".$this->db->escape($this->seuil_stock_alerte)."'" : "null");
 			$sql.= ", description = '" . $this->db->escape($this->description) ."'";
 			$sql.= ", url = " . ($this->url?"'".$this->db->escape($this->url)."'":'null');
 			$sql.= ", customcode = '" .        $this->db->escape($this->customcode) ."'";
@@ -1439,8 +1439,8 @@ class Product extends CommonObject
 		// Add new price
 		$sql = "INSERT INTO ".MAIN_DB_PREFIX."product_price(price_level,date_price, fk_product, fk_user_author, price, price_ttc, price_base_type,tosell, tva_tx, default_vat_code, recuperableonly,";
 		$sql.= " localtax1_tx, localtax2_tx, localtax1_type, localtax2_type, price_min,price_min_ttc,price_by_qty,entity,fk_price_expression) ";
-		$sql.= " VALUES(".($level?$level:1).", '".$this->db->idate($now)."',".$this->id.",".$user->id.",".$this->price.",".$this->price_ttc.",'".$this->price_base_type."',".$this->status.",".$this->tva_tx.", ".($this->default_vat_code?("'".$this->default_vat_code."'"):"null").",".$this->tva_npr.",";
-		$sql.= " ".$this->localtax1_tx.", ".$this->localtax2_tx.", '".$this->localtax1_type."', '".$this->localtax2_type."', ".$this->price_min.",".$this->price_min_ttc.",".$this->price_by_qty.",".$conf->entity.",".($this->fk_price_expression > 0?$this->fk_price_expression:'null');
+		$sql.= " VALUES(".($level?$level:1).", '".$this->db->idate($now)."',".$this->id.",".$user->id.",".$this->price.",".$this->price_ttc.",'".$this->db->escape($this->price_base_type)."',".$this->status.",".$this->tva_tx.", ".($this->default_vat_code?("'".$this->db->escape($this->default_vat_code)."'"):"null").",".$this->tva_npr.",";
+		$sql.= " ".$this->localtax1_tx.", ".$this->localtax2_tx.", '".$this->db->escape($this->localtax1_type)."', '".$this->db->escape($this->localtax2_type)."', ".$this->price_min.",".$this->price_min_ttc.",".$this->price_by_qty.",".$conf->entity.",".($this->fk_price_expression > 0?$this->fk_price_expression:'null');
 		$sql.= ")";
 
 		dol_syslog(get_class($this)."::_log_price", LOG_DEBUG);

htdocs/product/class/productcustomerprice.class.php

@@ -161,19 +161,19 @@ class Productcustomerprice extends CommonObject
 		$sql .= ") VALUES (";
 		$sql .= " " . $conf->entity . ",";
 		$sql .= " '" . $this->db->idate(dol_now()) . "',";
-		$sql .= " " . (! isset($this->fk_product) ? 'NULL' : "'" . $this->fk_product . "'") . ",";
-		$sql .= " " . (! isset($this->fk_soc) ? 'NULL' : "'" . $this->fk_soc . "'") . ",";
-		$sql .= " " . (empty($this->price) ? '0' : "'" . $this->price . "'") . ",";
-		$sql .= " " . (empty($this->price_ttc) ? '0' : "'" . $this->price_ttc . "'") . ",";
-		$sql .= " " . (empty($this->price_min) ? '0' : "'" . $this->price_min . "'") . ",";
-		$sql .= " " . (empty($this->price_min_ttc) ? '0' : "'" . $this->price_min_ttc . "'") . ",";
+		$sql .= " " . (! isset($this->fk_product) ? 'NULL' : "'" . $this->db->escape($this->fk_product) . "'") . ",";
+		$sql .= " " . (! isset($this->fk_soc) ? 'NULL' : "'" . $this->db->escape($this->fk_soc) . "'") . ",";
+		$sql .= " " . (empty($this->price) ? '0' : "'" . $this->db->escape($this->price) . "'") . ",";
+		$sql .= " " . (empty($this->price_ttc) ? '0' : "'" . $this->db->escape($this->price_ttc) . "'") . ",";
+		$sql .= " " . (empty($this->price_min) ? '0' : "'" . $this->db->escape($this->price_min) . "'") . ",";
+		$sql .= " " . (empty($this->price_min_ttc) ? '0' : "'" . $this->db->escape($this->price_min_ttc) . "'") . ",";
 		$sql .= " " . (! isset($this->price_base_type) ? 'NULL' : "'" . $this->db->escape($this->price_base_type) . "'") . ",";
 		$sql .= " ".($this->default_vat_code ? "'".$this->db->escape($this->default_vat_code)."'" : "null").",";
 		$sql .= " " . (! isset($this->tva_tx) ? 'NULL' : (empty($this->tva_tx)?0:$this->tva_tx)) . ",";
-		$sql .= " " . (! isset($this->recuperableonly) ? 'NULL' : "'" . $this->recuperableonly . "'") . ",";
-		$sql .= " " . (empty($this->localtax1_type) ? "'0'" : "'" . $this->localtax1_type . "'") . ",";
+		$sql .= " " . (! isset($this->recuperableonly) ? 'NULL' : "'" . $this->db->escape($this->recuperableonly) . "'") . ",";
+		$sql .= " " . (empty($this->localtax1_type) ? "'0'" : "'" . $this->db->escape($this->localtax1_type) . "'") . ",";
 		$sql .= " " . (! isset($this->localtax1_tx) ? 'NULL' : (empty($this->localtax1_tx)?0:$this->localtax1_tx)) . ",";
-		$sql .= " " . (empty($this->localtax2_type) ? "'0'" : "'" . $this->localtax2_type . "'") . ",";
+		$sql .= " " . (empty($this->localtax2_type) ? "'0'" : "'" . $this->db->escape($this->localtax2_type) . "'") . ",";
 		$sql .= " " . (! isset($this->localtax2_tx) ? 'NULL' : (empty($this->localtax2_tx)?0:$this->localtax2_tx)) . ",";
 		$sql .= " " . $user->id . ",";
 		$sql .= " " . (! isset($this->import_key) ? 'NULL' : "'" . $this->db->escape($this->import_key) . "'") . "";
@@ -660,8 +660,8 @@ class Productcustomerprice extends CommonObject
 		$sql .= " recuperableonly=" . (isset($this->recuperableonly) ? $this->recuperableonly : "null") . ",";
 		$sql .= " localtax1_tx=" . (isset($this->localtax1_tx) ? (empty($this->localtax1_tx)?0:$this->localtax1_tx) : "null") . ",";
 		$sql .= " localtax2_tx=" . (isset($this->localtax2_tx) ? (empty($this->localtax2_tx)?0:$this->localtax2_tx) : "null") . ",";
-		$sql .= " localtax1_type=" . (! empty($this->localtax1_type) ? "'".$this->localtax1_type."'": "'0'") . ",";
-		$sql .= " localtax2_type=" . (! empty($this->localtax2_type) ? "'".$this->localtax2_type."'": "'0'") . ",";
+		$sql .= " localtax1_type=" . (! empty($this->localtax1_type) ? "'".$this->db->escape($this->localtax1_type)."'": "'0'") . ",";
+		$sql .= " localtax2_type=" . (! empty($this->localtax2_type) ? "'".$this->db->escape($this->localtax2_type)."'": "'0'") . ",";
 		$sql .= " fk_user=" . $user->id . ",";
 		$sql .= " import_key=" . (isset($this->import_key) ? "'" . $this->db->escape($this->import_key) . "'" : "null") . "";
 

htdocs/product/class/propalmergepdfproduct.class.php

@@ -33,7 +33,7 @@ class Propalmergepdfproduct extends CommonObject
 {
 	var $element='propal_merge_pdf_product';			//!< Id that identify managed objects
 	var $table_element='propal_merge_pdf_product';		//!< Name of table without prefix where object is stored
-    
+
 	var $fk_product;
 	var $file_name;
 	var $fk_user_author;
@@ -41,10 +41,10 @@ class Propalmergepdfproduct extends CommonObject
 	var $datec='';
 	var $tms='';
 	var $lang;
-	
+
 	var $lines=array();
 
-    
+
 
 
     /**
@@ -72,7 +72,7 @@ class Propalmergepdfproduct extends CommonObject
 		$error=0;
 
 		// Clean parameters
-        
+
 		if (isset($this->fk_product)) $this->fk_product=trim($this->fk_product);
 		if (isset($this->file_name)) $this->file_name=trim($this->file_name);
 		if (isset($this->fk_user_author)) $this->fk_user_author=trim($this->fk_user_author);
@@ -80,14 +80,14 @@ class Propalmergepdfproduct extends CommonObject
 		if (isset($this->lang)) $this->lang=trim($this->lang);
 		if (isset($this->import_key)) $this->import_key=trim($this->import_key);
 
-        
+
 
 		// Check parameters
 		// Put here code to add control on parameters values
 
         // Insert request
 		$sql = "INSERT INTO ".MAIN_DB_PREFIX."propal_merge_pdf_product(";
-		
+
 		$sql.= "fk_product,";
 		$sql.= "file_name,";
 		if ($conf->global->MAIN_MULTILANGS) {
@@ -97,10 +97,10 @@ class Propalmergepdfproduct extends CommonObject
 		$sql.= "fk_user_mod,";
 		$sql.= "datec";
 
-		
+
         $sql.= ") VALUES (";
-        
-		$sql.= " ".(! isset($this->fk_product)?'NULL':"'".$this->fk_product."'").",";
+
+		$sql.= " ".(! isset($this->fk_product)?'NULL':"'".$this->db->escape($this->fk_product)."'").",";
 		$sql.= " ".(! isset($this->file_name)?'NULL':"'".$this->db->escape($this->file_name)."'").",";
 		if ($conf->global->MAIN_MULTILANGS) {
 			$sql.= " ".(! isset($this->lang)?'NULL':"'".$this->db->escape($this->lang)."'").",";
@@ -109,7 +109,7 @@ class Propalmergepdfproduct extends CommonObject
 		$sql.= " ".$user->id.",";
 		$sql.= " '".$this->db->idate(dol_now())."'";
 
-        
+
 		$sql.= ")";
 
 		$this->db->begin();
@@ -164,10 +164,10 @@ class Propalmergepdfproduct extends CommonObject
     function fetch($id)
     {
     	global $langs,$conf;
-    	
+
         $sql = "SELECT";
 		$sql.= " t.rowid,";
-		
+
 		$sql.= " t.fk_product,";
 		$sql.= " t.file_name,";
 		$sql.= " t.lang,";
@@ -177,7 +177,7 @@ class Propalmergepdfproduct extends CommonObject
 		$sql.= " t.tms,";
 		$sql.= " t.import_key";
 
-		
+
         $sql.= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t";
         $sql.= " WHERE t.rowid = ".$id;
 
@@ -190,7 +190,7 @@ class Propalmergepdfproduct extends CommonObject
                 $obj = $this->db->fetch_object($resql);
 
                 $this->id    = $obj->rowid;
-                
+
 				$this->fk_product = $obj->fk_product;
 				$this->file_name = $obj->file_name;
 				if ($conf->global->MAIN_MULTILANGS) {
@@ -202,7 +202,7 @@ class Propalmergepdfproduct extends CommonObject
 				$this->tms = $this->db->jdate($obj->tms);
 				$this->import_key = $obj->import_key;
 
-                
+
             }
             $this->db->free($resql);
 
@@ -215,7 +215,7 @@ class Propalmergepdfproduct extends CommonObject
             return -1;
         }
     }
-    
+
     /**
      *  Load object in memory from the database
      *
@@ -226,10 +226,10 @@ class Propalmergepdfproduct extends CommonObject
     function fetch_by_product($product_id, $lang='')
     {
     	global $langs,$conf;
-    	
+
     	$sql = "SELECT";
     	$sql.= " t.rowid,";
-    
+
     	$sql.= " t.fk_product,";
     	$sql.= " t.file_name,";
     	$sql.= " t.lang,";
@@ -238,14 +238,14 @@ class Propalmergepdfproduct extends CommonObject
     	$sql.= " t.datec,";
     	$sql.= " t.tms,";
     	$sql.= " t.import_key";
-    
-    
+
+
     	$sql.= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t";
     	$sql.= " WHERE t.fk_product = ".$product_id;
     	if ($conf->global->MAIN_MULTILANGS && !empty($lang)) {
     		$sql.= " AND t.lang = '".$lang."'";
     	}
-    
+
     	dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG);
     	$resql=$this->db->query($sql);
     	if ($resql)
@@ -253,11 +253,11 @@ class Propalmergepdfproduct extends CommonObject
     		if ($this->db->num_rows($resql))
     		{
     			while($obj = $this->db->fetch_object($resql)) {
-    
+
     				$line = new PropalmergepdfproductLine();
-    				
+
 	    			$line->id    = $obj->rowid;
-	    
+
 	    			$line->fk_product = $obj->fk_product;
 	    			$line->file_name = $obj->file_name;
 	    			if ($conf->global->MAIN_MULTILANGS) {
@@ -268,21 +268,21 @@ class Propalmergepdfproduct extends CommonObject
 	    			$line->datec = $this->db->jdate($obj->datec);
 	    			$line->tms = $this->db->jdate($obj->tms);
 	    			$line->import_key = $obj->import_key;
-	    			
-	    			
+
+
 	    			if ($conf->global->MAIN_MULTILANGS) {
 	    				$this->lines[$obj->file_name.'_'.$obj->lang]=$line;
 	    			}else {
 	    				$this->lines[$obj->file_name]=$line;
 	    			}
-	    			
-    			
+
+
     			}
-    
-    
+
+
     		}
     		$this->db->free($resql);
-    
+
     		return 1;
     	}
     	else
@@ -307,21 +307,21 @@ class Propalmergepdfproduct extends CommonObject
 		$error=0;
 
 		// Clean parameters
-        
+
 		if (isset($this->fk_product)) $this->fk_product=trim($this->fk_product);
 		if (isset($this->file_name)) $this->file_name=trim($this->file_name);
 		if (isset($this->fk_user_mod)) $this->fk_user_mod=trim($this->fk_user_mod);
 		if (isset($this->lang)) $this->lang=trim($this->lang);
-		
 
-        
+
+
 
 		// Check parameters
 		// Put here code to add a control on parameters values
 
         // Update request
         $sql = "UPDATE ".MAIN_DB_PREFIX."propal_merge_pdf_product SET";
-        
+
 		$sql.= " fk_product=".(isset($this->fk_product)?$this->fk_product:"null").",";
 		$sql.= " file_name=".(isset($this->file_name)?"'".$this->db->escape($this->file_name)."'":"null").",";
 		if ($conf->global->MAIN_MULTILANGS) {
@@ -329,7 +329,7 @@ class Propalmergepdfproduct extends CommonObject
 		}
 		$sql.= " fk_user_mod=".$user->id;
 
-        
+
         $sql.= " WHERE rowid=".$this->id;
 
 		$this->db->begin();
@@ -430,7 +430,7 @@ class Propalmergepdfproduct extends CommonObject
 			return 1;
 		}
 	}
-	
+
 	/**
 	 *  Delete object in database
 	 *
@@ -444,16 +444,16 @@ class Propalmergepdfproduct extends CommonObject
 	{
 		global $conf, $langs;
 		$error=0;
-	
+
 		$this->db->begin();
-	
+
 		if (! $error)
 		{
 			if (! $notrigger)
 			{
 				// Uncomment this and change MYOBJECT to your own tag if you
 				// want this action calls a trigger.
-	
+
 				//// Call triggers
 				//include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
 				//$interface=new Interfaces($this->db);
@@ -462,21 +462,21 @@ class Propalmergepdfproduct extends CommonObject
 				//// End call triggers
 			}
 		}
-	
+
 		if (! $error)
 		{
 			$sql = "DELETE FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product";
 			$sql.= " WHERE fk_product=".$product_id;
-			
+
 			if ($conf->global->MAIN_MULTILANGS && !empty($lang_id)) {
 				$sql.= " AND lang='".$lang_id."'";
 			}
-	
+
 			dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG);
 			$resql = $this->db->query($sql);
 			if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); }
 		}
-	
+
 		// Commit or rollback
 		if ($error)
 		{
@@ -494,7 +494,7 @@ class Propalmergepdfproduct extends CommonObject
 			return 1;
 		}
 	}
-	
+
 	/**
 	 *  Delete object in database
 	 *
@@ -505,16 +505,16 @@ class Propalmergepdfproduct extends CommonObject
 	{
 		global $conf, $langs;
 		$error=0;
-	
+
 		$this->db->begin();
-	
+
 		if (! $error)
 		{
 			if (! $notrigger)
 			{
 				// Uncomment this and change MYOBJECT to your own tag if you
 				// want this action calls a trigger.
-	
+
 				//// Call triggers
 				//include_once DOL_DOCUMENT_ROOT . '/core/class/interfaces.class.php';
 				//$interface=new Interfaces($this->db);
@@ -523,17 +523,17 @@ class Propalmergepdfproduct extends CommonObject
 				//// End call triggers
 			}
 		}
-	
+
 		if (! $error)
 		{
 			$sql = "DELETE FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product";
 			$sql.= " WHERE fk_product=".$this->fk_product." AND file_name='".$this->db->escape($this->file_name)."'";
-	
+
 			dol_syslog(get_class($this)."::".__METHOD__, LOG_DEBUG);
 			$resql = $this->db->query($sql);
 			if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); }
 		}
-	
+
 		// Commit or rollback
 		if ($error)
 		{
@@ -617,7 +617,7 @@ class Propalmergepdfproduct extends CommonObject
 	function initAsSpecimen()
 	{
 		$this->id=0;
-		
+
 		$this->fk_product='';
 		$this->file_name='';
 		$this->fk_user_author='';
@@ -626,7 +626,7 @@ class Propalmergepdfproduct extends CommonObject
 		$this->tms='';
 		$this->import_key='';
 
-		
+
 	}
 
 }
@@ -637,7 +637,7 @@ class Propalmergepdfproduct extends CommonObject
 class PropalmergepdfproductLine
 {
 	var $id;
-	
+
 	var $fk_product;
 	var $file_name;
 	var $lang;

htdocs/projet/class/task.class.php

@@ -301,7 +301,7 @@ class Task extends CommonObject
         // Update request
         $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET";
         $sql.= " fk_projet=".(isset($this->fk_project)?$this->fk_project:"null").",";
-		$sql.= " ref=".(isset($this->ref)?"'".$this->db->escape($this->ref)."'":"'".$this->id."'").",";
+		$sql.= " ref=".(isset($this->ref)?"'".$this->db->escape($this->ref)."'":"'".$this->db->escape($this->id)."'").",";
         $sql.= " fk_task_parent=".(isset($this->fk_task_parent)?$this->fk_task_parent:"null").",";
         $sql.= " label=".(isset($this->label)?"'".$this->db->escape($this->label)."'":"null").",";
         $sql.= " description=".(isset($this->description)?"'".$this->db->escape($this->description)."'":"null").",";
@@ -1251,7 +1251,7 @@ class Task extends CommonObject
             $newDuration = $this->timespent_duration - $this->timespent_old_duration;
 
             $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task";
-            $sql.= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".$this->id.")";
+            $sql.= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".$this->db->escape($this->id).")";
             $sql.= " WHERE rowid = ".$this->id;
 
             dol_syslog(get_class($this)."::updateTimeSpent", LOG_DEBUG);
@@ -1303,7 +1303,7 @@ class Task extends CommonObject
         if (! $error)
         {
             $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task";
-            $sql.= " SET duration_effective = duration_effective - '".$this->timespent_duration."'";
+            $sql.= " SET duration_effective = duration_effective - ".$this->db->escape($this->timespent_duration?$this->timespent_duration:0);
             $sql.= " WHERE rowid = ".$this->id;
 
             dol_syslog(get_class($this)."::delTimeSpent", LOG_DEBUG);
@@ -1899,7 +1899,7 @@ class TaskComment extends CommonObject
 		$sql.= ", '".(isset($this->fk_task)?$this->fk_task:"null")."'";
 		$sql.= ", '".(isset($this->fk_user)?$this->fk_user:"null")."'";
 		$sql.= ", ".(!empty($this->entity)?$this->entity:'1');
-		$sql.= ", ".(!empty($this->import_key)?"'".$this->import_key."'":"null");
+		$sql.= ", ".(!empty($this->import_key)?"'".$this->db->escape($this->import_key)."'":"null");
 		$sql.= ")";
 
 		//var_dump($this->db);
@@ -2024,7 +2024,7 @@ class TaskComment extends CommonObject
 		$sql.= " fk_task=".(isset($this->fk_task)?$this->fk_task:"null").",";
 		$sql.= " fk_user=".(isset($this->fk_user)?$this->fk_user:"null").",";
 		$sql.= " entity=".(!empty($this->entity)?$this->entity:'1').",";
-		$sql.= " import_key=".(!empty($this->import_key)?"'".$this->import_key."'":"null");
+		$sql.= " import_key=".(!empty($this->import_key)?"'".$this->db->escape($this->import_key)."'":"null");
 		$sql.= " WHERE rowid=".$this->id;
 
 		$this->db->begin();

htdocs/resource/class/dolresource.class.php

@@ -33,7 +33,7 @@ class Dolresource extends CommonObject
 	public $element='dolresource';			//!< Id that identify managed objects
 	public $table_element='resource';	//!< Name of table without prefix where object is stored
     public $picto = 'resource';
-    
+
 	public $resource_id;
 	public $resource_type;
 	public $element_id;
@@ -843,7 +843,7 @@ class Dolresource extends CommonObject
         // Update request
         $sql = "UPDATE ".MAIN_DB_PREFIX."element_resources SET";
 		$sql.= " resource_id=".(isset($this->resource_id)?"'".$this->db->escape($this->resource_id)."'":"null").",";
-		$sql.= " resource_type=".(isset($this->resource_type)?"'".$this->resource_type."'":"null").",";
+		$sql.= " resource_type=".(isset($this->resource_type)?"'".$this->db->escape($this->resource_type)."'":"null").",";
 		$sql.= " element_id=".(isset($this->element_id)?$this->element_id:"null").",";
 		$sql.= " element_type=".(isset($this->element_type)?"'".$this->db->escape($this->element_type)."'":"null").",";
 		$sql.= " busy=".(isset($this->busy)?$this->busy:"null").",";
@@ -1019,8 +1019,8 @@ class Dolresource extends CommonObject
         $result.=$link.$this->ref.$linkend;
         return $result;
     }
-    
-    
+
+
     /**
      *  Retourne le libelle du status d'un user (actif, inactif)
      *
@@ -1031,7 +1031,7 @@ class Dolresource extends CommonObject
     {
         return $this->LibStatut($this->status,$mode);
     }
-    
+
     /**
      *  Return the status
      *
@@ -1042,7 +1042,7 @@ class Dolresource extends CommonObject
     static function LibStatut($status,$mode=0)
     {
         global $langs;
-    
+
         return '';
-    }    
+    }
 }

htdocs/societe/class/societe.class.php

@@ -859,13 +859,13 @@ class Societe extends CommonObject
             $sql .= ",idprof5 = '". $this->db->escape($this->idprof5) ."'";
             $sql .= ",idprof6 = '". $this->db->escape($this->idprof6) ."'";
 
-            $sql .= ",tva_assuj = ".($this->tva_assuj!=''?"'".$this->tva_assuj."'":"null");
+            $sql .= ",tva_assuj = ".($this->tva_assuj!=''?"'".$this->db->escape($this->tva_assuj)."'":"null");
             $sql .= ",tva_intra = '" . $this->db->escape($this->tva_intra) ."'";
             $sql .= ",status = " .$this->status;
 
             // Local taxes
-            $sql .= ",localtax1_assuj = ".($this->localtax1_assuj!=''?"'".$this->localtax1_assuj."'":"null");
-            $sql .= ",localtax2_assuj = ".($this->localtax2_assuj!=''?"'".$this->localtax2_assuj."'":"null");
+            $sql .= ",localtax1_assuj = ".($this->localtax1_assuj!=''?"'".$this->db->escape($this->localtax1_assuj)."'":"null");
+            $sql .= ",localtax2_assuj = ".($this->localtax2_assuj!=''?"'".$this->db->escape($this->localtax2_assuj)."'":"null");
             if($this->localtax1_assuj==1)
             {
             	if($this->localtax1_value!='')
@@ -1565,7 +1565,7 @@ class Societe extends CommonObject
             // Positionne remise courante
             $sql = "UPDATE ".MAIN_DB_PREFIX."societe ";
             $sql.= " SET remise_client = '".$this->db->escape($remise)."'";
-            $sql.= " WHERE rowid = " . $this->id .";";
+            $sql.= " WHERE rowid = " . $this->id;
             $resql=$this->db->query($sql);
             if (! $resql)
             {
@@ -1698,7 +1698,7 @@ class Societe extends CommonObject
         else
         	$sql.= " WHERE entity in (0, ".$conf->entity.")";
 
-        $sql.= " AND u.rowid = sc.fk_user AND sc.fk_soc =".$this->id;
+        $sql.= " AND u.rowid = sc.fk_user AND sc.fk_soc = ".$this->id;
 
         $resql = $this->db->query($sql);
         if ($resql)
@@ -1751,7 +1751,7 @@ class Societe extends CommonObject
 
             $sql  = "INSERT INTO ".MAIN_DB_PREFIX."societe_prices";
             $sql .= " (datec, fk_soc, price_level, fk_user_author)";
-            $sql .= " VALUES ('".$this->db->idate($now)."',".$this->id.",'".$this->db->escape($price_level)."',".$user->id.")";
+            $sql .= " VALUES ('".$this->db->idate($now)."', ".$this->id.", '".$this->db->escape($price_level)."', ".$user->id.")";
 
             if (! $this->db->query($sql))
             {
@@ -2947,17 +2947,17 @@ class Societe extends CommonObject
     }
 
     /**
-     *  Charge la liste des categories fournisseurs
+     *  Insert link supplier - category
      *
      *	@param	int		$categorie_id		Id of category
      *  @return int      					0 if success, <> 0 if error
      */
     function AddFournisseurInCategory($categorie_id)
     {
-        if ($categorie_id > 0)
+        if ($categorie_id > 0 && $this->id > 0)
         {
             $sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie_fournisseur (fk_categorie, fk_soc) ";
-            $sql.= " VALUES ('".$categorie_id."','".$this->id."');";
+            $sql.= " VALUES (".$categorie_id.", ".$this->id.")";
 
             if ($resql=$this->db->query($sql)) return 0;
         }

htdocs/supplier_proposal/class/supplier_proposal.class.php

@@ -2829,27 +2829,27 @@ class SupplierProposalLine extends CommonObjectLine
         $sql.= ' ref_fourn,';
 		$sql.= ' fk_multicurrency, multicurrency_code, multicurrency_subprice, multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc, fk_unit)';
         $sql.= " VALUES (".$this->fk_supplier_proposal.",";
-        $sql.= " ".($this->fk_parent_line>0?"'".$this->fk_parent_line."'":"null").",";
+        $sql.= " ".($this->fk_parent_line>0?"'".$this->db->escape($this->fk_parent_line)."'":"null").",";
         $sql.= " ".(! empty($this->label)?"'".$this->db->escape($this->label)."'":"null").",";
         $sql.= " '".$this->db->escape($this->desc)."',";
-        $sql.= " ".($this->fk_product?"'".$this->fk_product."'":"null").",";
-        $sql.= " '".$this->product_type."',";
-        $sql.= " ".($this->fk_remise_except?"'".$this->fk_remise_except."'":"null").",";
+        $sql.= " ".($this->fk_product?"'".$this->db->escape($this->fk_product)."'":"null").",";
+        $sql.= " '".$this->db->escape($this->product_type)."',";
+        $sql.= " ".($this->fk_remise_except?"'".$this->db->escape($this->fk_remise_except)."'":"null").",";
         $sql.= " ".price2num($this->qty).",";
         $sql.= " ".price2num($this->tva_tx).",";
         $sql.= " ".price2num($this->localtax1_tx).",";
         $sql.= " ".price2num($this->localtax2_tx).",";
-		$sql.= " '".$this->localtax1_type."',";
-		$sql.= " '".$this->localtax2_type."',";
+		$sql.= " '".$this->db->escape($this->localtax1_type)."',";
+		$sql.= " '".$this->db->escape($this->localtax2_type)."',";
         $sql.= " ".(!empty($this->subprice)?price2num($this->subprice):"null").",";
         $sql.= " ".price2num($this->remise_percent).",";
-        $sql.= " ".(isset($this->info_bits)?"'".$this->info_bits."'":"null").",";
+        $sql.= " ".(isset($this->info_bits)?"'".$this->db->escape($this->info_bits)."'":"null").",";
         $sql.= " ".price2num($this->total_ht).",";
         $sql.= " ".price2num($this->total_tva).",";
         $sql.= " ".price2num($this->total_localtax1).",";
         $sql.= " ".price2num($this->total_localtax2).",";
         $sql.= " ".price2num($this->total_ttc).",";
-        $sql.= " ".(!empty($this->fk_fournprice)?"'".$this->fk_fournprice."'":"null").",";
+        $sql.= " ".(!empty($this->fk_fournprice)?"'".$this->db->escape($this->fk_fournprice)."'":"null").",";
         $sql.= " ".(isset($this->pa_ht)?"'".price2num($this->pa_ht)."'":"null").",";
         $sql.= ' '.$this->special_code.',';
         $sql.= ' '.$this->rang.',';
@@ -3025,7 +3025,7 @@ class SupplierProposalLine extends CommonObjectLine
             $sql.= " , total_localtax1=".price2num($this->total_localtax1)."";
             $sql.= " , total_localtax2=".price2num($this->total_localtax2)."";
         }
-		$sql.= " , fk_product_fournisseur_price=".(! empty($this->fk_fournprice)?"'".$this->fk_fournprice."'":"null");
+		$sql.= " , fk_product_fournisseur_price=".(! empty($this->fk_fournprice)?"'".$this->db->escape($this->fk_fournprice)."'":"null");
 		$sql.= " , buy_price_ht=".price2num($this->pa_ht);
         if (strlen($this->special_code)) $sql.= " , special_code=".$this->special_code;
         $sql.= " , fk_parent_line=".($this->fk_parent_line>0?$this->fk_parent_line:"null");

htdocs/websites/class/website.class.php

@@ -140,7 +140,7 @@ class Website extends CommonObject
 		$sql .= ' '.(! isset($this->description)?'NULL':"'".$this->db->escape($this->description)."'").',';
 		$sql .= ' '.(! isset($this->status)?'NULL':$this->status).',';
 		$sql .= ' '.(! isset($this->fk_default_home)?'NULL':$this->fk_default_home).',';
-		$sql .= ' '.(! isset($this->virtualhost)?'NULL':"'".$this->virtualhost)."',";
+		$sql .= ' '.(! isset($this->virtualhost)?'NULL':"'".$this->db->escape($this->virtualhost)."'").",";
 		$sql .= ' '.(! isset($this->fk_user_create)?$user->id:$this->fk_user_create).',';
 		$sql .= ' '.(! isset($this->date_creation) || dol_strlen($this->date_creation)==0?'NULL':"'".$this->db->idate($this->date_creation)."'").",";
 		$sql .= ' '.(! isset($this->date_modification) || dol_strlen($this->date_modification)==0?'NULL':"'".$this->db->idate($this->date_creation)."'");

test/phpunit/CodingPhpTest.php

@@ -177,10 +177,10 @@ class CodingPhpTest extends PHPUnit_Framework_TestCase
             $ok=true;
             $matches=array();
             // Check string   ='".$this->xxx   with xxx that is not 'escape'. It means we forget a db->escape when forging sql request.
-            preg_match_all('/=\s*\'"\s*\.\s*\$this->(....)/', $filecontent, $matches, PREG_SET_ORDER);
+            preg_match_all('/(=|sql.+)\s*\'"\s*\.\s*\$this->(....)/', $filecontent, $matches, PREG_SET_ORDER);
             foreach($matches as $key => $val)
             {
-                if ($val[1] != 'db->' && $val[1] != 'esca')
+                if ($val[2] != 'db->' && $val[2] != 'esca')
                 {
                     $ok=false;
                     break;