FIX #yogosha5746 - next step (wip)

htdocs/accountancy/admin/categories_list.php

@@ -149,7 +149,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
 	// Check that all fields are filled
 	$ok = 1;
 	foreach ($listfield as $f => $value) {
-		if ($value == 'formula' && empty($_POST['formula'])) {
+		if ($value == 'formula' && !GETPOST('formula')) {
 			continue;
 		}
 		if ($value == 'range_account' && empty($_POST['range_account'])) {

htdocs/accountancy/class/accountancycategory.class.php

@@ -863,7 +863,7 @@ class AccountancyCategory // extends CommonObject
 		if (!empty($cat_id)) {
 			$sql = "SELECT t.rowid, t.account_number, t.label as account_label";
 			$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t";
-			$sql .= " WHERE t.fk_accounting_category = ".$cat_id;
+			$sql .= " WHERE t.fk_accounting_category = ".((int) $cat_id);
 			$sql .= " AND t.entity = ".$conf->entity;
 			$sql .= " ORDER BY t.account_number";
 		} else {

htdocs/accountancy/class/accountancyexport.class.php

@@ -1644,7 +1644,7 @@ class AccountancyExport
 							// Get new customer invoice ref and company name
 							$sql = 'SELECT f.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture as f';
 							$sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON f.fk_soc = s.rowid';
-							$sql .= ' WHERE f.rowid = ' . $line->fk_doc;
+							$sql .= ' WHERE f.rowid = '.((int) $line->fk_doc);
 							$resql = $this->db->query($sql);
 							if ($resql) {
 								if ($obj = $this->db->fetch_object($resql)) {
@@ -1658,7 +1658,7 @@ class AccountancyExport
 							// Get new supplier invoice ref and company name
 							$sql = 'SELECT ff.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture_fourn as ff';
 							$sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON ff.fk_soc = s.rowid';
-							$sql .= ' WHERE ff.rowid = ' . $line->fk_doc;
+							$sql .= ' WHERE ff.rowid = '.((int) $line->fk_doc);
 							$resql = $this->db->query($sql);
 							if ($resql) {
 								if ($obj = $this->db->fetch_object($resql)) {

htdocs/accountancy/journal/bankjournal.php

@@ -421,7 +421,7 @@ if ($result) {
 					//$tabtp[$obj->rowid][$account_pay_loan] += $obj->amount;
 					$sqlmid = 'SELECT pl.amount_capital, pl.amount_insurance, pl.amount_interest, l.accountancy_account_capital, l.accountancy_account_insurance, l.accountancy_account_interest';
 					$sqlmid .= ' FROM '.MAIN_DB_PREFIX.'payment_loan as pl, '.MAIN_DB_PREFIX.'loan as l';
-					$sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.$obj->rowid;
+					$sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.((int) $obj->rowid);
 
 					dol_syslog("accountancy/journal/bankjournal.php:: sqlmid=".$sqlmid, LOG_DEBUG);
 					$resultmid = $db->query($sqlmid);

htdocs/comm/action/class/actioncomm.class.php

@@ -1367,7 +1367,7 @@ class ActionComm extends CommonObject
 		$sql .= ' fk_user_author,';
 		$sql .= ' fk_user_mod';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a';
-		$sql .= ' WHERE a.id = '.$id;
+		$sql .= ' WHERE a.id = '.((int) $id);
 
 		dol_syslog(get_class($this)."::info", LOG_DEBUG);
 		$result = $this->db->query($sql);

htdocs/comm/propal/class/propal.class.php

@@ -2997,7 +2997,7 @@ class Propal extends CommonObject
 			$this->db->begin();
 
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.'propal';
-			$sql .= ' SET fk_availability = '.$availability_id;
+			$sql .= ' SET fk_availability = '.((int) $availability_id);
 			$sql .= ' WHERE rowid='.((int) $this->id);
 
 			dol_syslog(__METHOD__.' availability('.$availability_id.')', LOG_DEBUG);
@@ -3061,7 +3061,7 @@ class Propal extends CommonObject
 			$this->db->begin();
 
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.'propal';
-			$sql .= ' SET fk_input_reason = '.$demand_reason_id;
+			$sql .= ' SET fk_input_reason = '.((int) $demand_reason_id);
 			$sql .= ' WHERE rowid='.((int) $this->id);
 
 			dol_syslog(__METHOD__.' demand_reason('.$demand_reason_id.')', LOG_DEBUG);

htdocs/comm/propal/class/propalestats.class.php

@@ -100,18 +100,18 @@ class PropaleStats extends Stats
 			$this->where .= " AND p.fk_soc = ".$this->socid;
 		}
 		if ($this->userid > 0) {
-			$this->where .= ' AND fk_user_author = '.$this->userid;
+			$this->where .= ' AND fk_user_author = '.((int) $this->userid);
 		}
 
 		if ($typentid) {
 			$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = p.fk_soc';
-			$this->where .= ' AND s.fk_typent = '.$typentid;
+			$this->where .= ' AND s.fk_typent = '.((int) $typentid);
 		}
 
 		if ($categid) {
 			$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cs ON cs.fk_soc = p.fk_soc';
 			$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as c ON c.rowid = cs.fk_categorie';
-			$this->where .= ' AND c.rowid = '.$categid;
+			$this->where .= ' AND c.rowid = '.((int) $categid);
 		}
 	}
 

htdocs/commande/class/commande.class.php

@@ -2417,7 +2417,7 @@ class Commande extends CommonOrder
 
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
 			$sql .= ' SET remise_percent = '.((float) $remise);
-			$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;';
+			$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT;
 
 			dol_syslog(__METHOD__, LOG_DEBUG);
 			$resql = $this->db->query($sql);
@@ -2743,7 +2743,7 @@ class Commande extends CommonOrder
 			$this->db->begin();
 
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
-			$sql .= ' SET fk_availability = '.$availability_id;
+			$sql .= ' SET fk_availability = '.((int) $availability_id);
 			$sql .= ' WHERE rowid='.((int) $this->id);
 
 			dol_syslog(__METHOD__, LOG_DEBUG);
@@ -2807,7 +2807,7 @@ class Commande extends CommonOrder
 			$this->db->begin();
 
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
-			$sql .= ' SET fk_input_reason = '.$demand_reason_id;
+			$sql .= ' SET fk_input_reason = '.((int) $demand_reason_id);
 			$sql .= ' WHERE rowid='.((int) $this->id);
 
 			dol_syslog(__METHOD__, LOG_DEBUG);

htdocs/commande/class/commandestats.class.php

@@ -100,13 +100,13 @@ class CommandeStats extends Stats
 
 		if ($typentid) {
 			$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = c.fk_soc';
-			$this->where .= ' AND s.fk_typent = '.$typentid;
+			$this->where .= ' AND s.fk_typent = '.((int) $typentid);
 		}
 
 		if ($categid) {
 			$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cats ON cats.fk_soc = c.fk_soc';
 			$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as cat ON cat.rowid = cats.fk_categorie';
-			$this->where .= ' AND cat.rowid = '.$categid;
+			$this->where .= ' AND cat.rowid = '.((int) $categid);
 		}
 	}
 

htdocs/compta/bank/class/paymentvarious.class.php

@@ -572,7 +572,7 @@ class PaymentVarious extends CommonObject
 	public function update_fk_bank($id_bank)
 	{
 		// phpcs:enable
-		$sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.$id_bank;
+		$sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.((int) $id_bank);
 		$sql .= ' WHERE rowid = '.$this->id;
 		$result = $this->db->query($sql);
 		if ($result) {

htdocs/compta/bank/releve.php

@@ -179,7 +179,8 @@ $sqlrequestforbankline = $sql;
 
 if ($action == 'confirm_editbankreceipt' && !empty($oldbankreceipt) && !empty($newbankreceipt)) {
 	// TODO Add a test to check newbankreceipt does not exists yet
-	$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.$id;
+	$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank';
+	$sqlupdate .= ' SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.((int) $id);
 	$result = $db->query($sqlupdate);
 	if ($result < 0) {
 		dol_print_error($db);

htdocs/compta/cashcontrol/class/cashcontrol.class.php

@@ -213,7 +213,7 @@ class CashControl extends CommonObject
 		if (!$error) {
 			$this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."pos_cash_fence");
 
-			$sql = 'UPDATE '.MAIN_DB_PREFIX.'pos_cash_fence SET ref = rowid where rowid = '.$this->id;
+			$sql = 'UPDATE '.MAIN_DB_PREFIX.'pos_cash_fence SET ref = rowid where rowid = '.((int) $this->id);
 			$this->db->query($sql);
 		}
 

htdocs/compta/facture/card.php

@@ -3091,7 +3091,7 @@ if ($action == 'create') {
 
 		$sql = 'SELECT r.rowid, r.titre as title, r.total_ttc';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'facture_rec as r';
-		$sql .= ' WHERE r.fk_soc = '.$invoice_predefined->socid;
+		$sql .= ' WHERE r.fk_soc = '.((int) $invoice_predefined->socid);
 
 		$resql = $db->query($sql);
 		if ($resql) {

htdocs/compta/facture/class/facture-rec.class.php

@@ -1808,7 +1808,7 @@ class FactureRec extends CommonInvoice
 		}
 
 		$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
-		$sql .= ' SET nb_gen_max = '.$nb;
+		$sql .= ' SET nb_gen_max = '.((int) $nb);
 		$sql .= ' WHERE rowid = '.$this->id;
 
 		dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG);
@@ -1835,7 +1835,7 @@ class FactureRec extends CommonInvoice
 		}
 
 		$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
-		$sql .= ' SET auto_validate = '.$validate;
+		$sql .= ' SET auto_validate = '.((int) $validate);
 		$sql .= ' WHERE rowid = '.$this->id;
 
 		dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG);
@@ -1862,7 +1862,7 @@ class FactureRec extends CommonInvoice
 		}
 
 		$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
-		$sql .= ' SET generate_pdf = '.$validate;
+		$sql .= ' SET generate_pdf = '.((int) $validate);
 		$sql .= ' WHERE rowid = '.$this->id;
 
 		dol_syslog(get_class($this)."::setGeneratePdf", LOG_DEBUG);

htdocs/compta/facture/class/facture.class.php

@@ -2282,9 +2282,9 @@ class Facture extends CommonInvoice
 			// Invoice line extrafileds
 			$main = MAIN_DB_PREFIX.'facturedet';
 			$ef = $main."_extrafields";
-			$sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_facture = $rowid)";
+			$sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid);
 			// Delete invoice line
-			$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facturedet WHERE fk_facture = '.$rowid;
+			$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facturedet WHERE fk_facture = '.((int) $rowid);
 
 			dol_syslog(get_class($this)."::delete", LOG_DEBUG);
 
@@ -3585,8 +3585,7 @@ class Facture extends CommonInvoice
 	{
 		$sql = 'SELECT fd.situation_percent FROM '.MAIN_DB_PREFIX.'facturedet fd
 				INNER JOIN '.MAIN_DB_PREFIX.'facture f ON (fd.fk_facture = f.rowid)
-				WHERE fd.fk_prev_id = '.$idline.'
-				AND f.fk_statut <> 0';
+				WHERE fd.fk_prev_id = '.((int) $idline).' AND f.fk_statut <> 0';
 
 		$result = $this->db->query($sql);
 		if (!$result) {
@@ -3663,7 +3662,7 @@ class Facture extends CommonInvoice
 		// Libere remise liee a ligne de facture
 		$sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except';
 		$sql .= ' SET fk_facture_line = NULL';
-		$sql .= ' WHERE fk_facture_line = '.$rowid;
+		$sql .= ' WHERE fk_facture_line = '.((int) $rowid);
 
 		dol_syslog(get_class($this)."::deleteline", LOG_DEBUG);
 		$result = $this->db->query($sql);
@@ -4610,7 +4609,7 @@ class Facture extends CommonInvoice
 
 		$this->db->begin();
 
-		$sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.$this->id;
+		$sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.((int) $this->id);
 
 		dol_syslog(__METHOD__, LOG_DEBUG);
 		$resql = $this->db->query($sql);

htdocs/compta/facture/class/facturestats.class.php

@@ -105,13 +105,13 @@ class FactureStats extends Stats
 
 		if ($typentid) {
 			$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = f.fk_soc';
-			$this->where .= ' AND s.fk_typent = '.$typentid;
+			$this->where .= ' AND s.fk_typent = '.((int) $typentid);
 		}
 
 		if ($categid) {
 			$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cs ON cs.fk_soc = f.fk_soc';
 			$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as c ON c.rowid = cs.fk_categorie';
-			$this->where .= ' AND c.rowid = '.$categid;
+			$this->where .= ' AND c.rowid = '.((int) $categid);
 		}
 	}
 

htdocs/compta/localtax/class/localtax.class.php

@@ -559,8 +559,8 @@ class Localtax extends CommonObject
 	public function update_fk_bank($id)
 	{
 		// phpcs:enable
-		$sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.$id;
-		$sql .= ' WHERE rowid = '.$this->id;
+		$sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.((int) $id);
+		$sql .= ' WHERE rowid = '.((int) $this->id);
 		$result = $this->db->query($sql);
 		if ($result) {
 			return 1;

htdocs/compta/paiement/class/cpaiement.class.php

@@ -187,7 +187,7 @@ class Cpaiement
 			$sql .= ' WHERE t.entity IN ('.getEntity('c_paiement').')';
 			$sql .= " AND t.code = '".$this->db->escape($ref)."'";
 		} else {
-			$sql .= ' WHERE t.id = '.$id;
+			$sql .= ' WHERE t.id = '.((int) $id);
 		}
 
 		$resql = $this->db->query($sql);

htdocs/compta/paiement/class/paiement.class.php

@@ -736,7 +736,7 @@ class Paiement extends CommonObject
 	public function update_fk_bank($id_bank)
 	{
 		// phpcs:enable
-		$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.$id_bank;
+		$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.((int) $id_bank);
 		$sql .= ' WHERE rowid = '.$this->id;
 
 		dol_syslog(get_class($this).'::update_fk_bank', LOG_DEBUG);
@@ -855,7 +855,7 @@ class Paiement extends CommonObject
 	 */
 	public function validate(User $user = null)
 	{
-		$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 1 WHERE rowid = '.$this->id;
+		$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 1 WHERE rowid = '.((int) $this->id);
 
 		dol_syslog(get_class($this).'::valide', LOG_DEBUG);
 		$result = $this->db->query($sql);
@@ -876,7 +876,7 @@ class Paiement extends CommonObject
 	 */
 	public function reject(User $user = null)
 	{
-		$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 2 WHERE rowid = '.$this->id;
+		$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 2 WHERE rowid = '.((int) $this->id);
 
 		dol_syslog(get_class($this).'::reject', LOG_DEBUG);
 		$result = $this->db->query($sql);

htdocs/compta/sociales/class/cchargesociales.class.php

@@ -190,7 +190,7 @@ class Cchargesociales
 		if (null !== $ref) {
 			$sql .= " WHERE t.code = '".$this->db->escape($ref)."'";
 		} else {
-			$sql .= ' WHERE t.id = '.$id;
+			$sql .= ' WHERE t.id = '.((int) $id);
 		}
 
 		$resql = $this->db->query($sql);

htdocs/core/class/commoninvoice.class.php

@@ -801,7 +801,7 @@ abstract class CommonInvoice extends CommonObject
 	{
 		// phpcs:enable
 		$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'prelevement_facture_demande';
-		$sql .= ' WHERE rowid = '.$did;
+		$sql .= ' WHERE rowid = '.((int) $did);
 		$sql .= ' AND traite = 0';
 		if ($this->db->query($sql)) {
 			return 0;

htdocs/core/class/commonobject.class.php

@@ -2332,7 +2332,7 @@ abstract class CommonObject
 			$fieldname = 'multicurrency_tx';
 
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
-			$sql .= ' SET '.$fieldname.' = '.$rate;
+			$sql .= ' SET '.$fieldname.' = '.((float) $rate);
 			$sql .= ' WHERE rowid='.((int) $this->id);
 
 			if ($this->db->query($sql)) {
@@ -2617,7 +2617,7 @@ abstract class CommonObject
 			$fieldname = 'retained_warranty_fk_cond_reglement';
 
 			$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
-			$sql .= ' SET '.$fieldname.' = '.$id;
+			$sql .= ' SET '.$fieldname.' = '.((int) $id);
 			$sql .= ' WHERE rowid='.((int) $this->id);
 
 			if ($this->db->query($sql)) {
@@ -3062,11 +3062,11 @@ abstract class CommonObject
 				$fieldposition = 'position';
 			}
 
-			$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.$rang;
+			$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang);
 			$sql .= ' WHERE '.$this->fk_element.' = '.$this->id;
 			$sql .= ' AND rang = '.($rang - 1);
 			if ($this->db->query($sql)) {
-				$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang - 1);
+				$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang - 1));
 				$sql .= ' WHERE rowid = '.((int) $rowid);
 				if (!$this->db->query($sql)) {
 					dol_print_error($this->db);
@@ -3093,11 +3093,11 @@ abstract class CommonObject
 				$fieldposition = 'position';
 			}
 
-			$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.$rang;
+			$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang);
 			$sql .= ' WHERE '.$this->fk_element.' = '.$this->id;
-			$sql .= ' AND rang = '.($rang + 1);
+			$sql .= ' AND rang = '.((int) ($rang + 1));
 			if ($this->db->query($sql)) {
-				$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang + 1);
+				$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang + 1));
 				$sql .= ' WHERE rowid = '.((int) $rowid);
 				if (!$this->db->query($sql)) {
 					dol_print_error($this->db);
@@ -4221,7 +4221,7 @@ abstract class CommonObject
 	public function getSpecialCode($lineid)
 	{
 		$sql = 'SELECT special_code FROM '.MAIN_DB_PREFIX.$this->table_element_line;
-		$sql .= ' WHERE rowid = '.$lineid;
+		$sql .= ' WHERE rowid = '.((int) $lineid);
 		$resql = $this->db->query($sql);
 		if ($resql) {
 			$row = $this->db->fetch_row($resql);
@@ -7656,7 +7656,7 @@ abstract class CommonObject
 	public static function commonReplaceThirdparty(DoliDB $db, $origin_id, $dest_id, array $tables, $ignoreerrors = 0)
 	{
 		foreach ($tables as $table) {
-			$sql = 'UPDATE '.MAIN_DB_PREFIX.$table.' SET fk_soc = '.$dest_id.' WHERE fk_soc = '.$origin_id;
+			$sql = 'UPDATE '.MAIN_DB_PREFIX.$table.' SET fk_soc = '.((int) $dest_id).' WHERE fk_soc = '.((int) $origin_id);
 
 			if (!$db->query($sql)) {
 				if ($ignoreerrors) {

htdocs/core/class/dolreceiptprinter.class.php

@@ -879,7 +879,7 @@ class dolReceiptPrinter extends Printer
 		$error = 0;
 		$sql = 'SELECT rowid, name, fk_type, fk_profile, parameter';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'printer_receipt';
-		$sql .= ' WHERE rowid = '.$printerid;
+		$sql .= ' WHERE rowid = '.((int) $printerid);
 		$sql .= ' AND entity = '.$conf->entity;
 		$resql = $this->db->query($sql);
 		if ($resql) {

htdocs/core/modules/expensereport/mod_expensereport_jade.php

@@ -163,7 +163,7 @@ class mod_expensereport_jade extends ModeleNumRefExpenseReport
 			}
 			$newref = str_replace(' ', '_', $user_author_infos).$expld_car.$prefix.$newref.$expld_car.dol_print_date($object->date_debut, '%y%m%d');
 
-			$sqlbis = 'UPDATE '.MAIN_DB_PREFIX.'expensereport SET ref_number_int = '.$ref_number_int.' WHERE rowid = '.$object->id;
+			$sqlbis = 'UPDATE '.MAIN_DB_PREFIX.'expensereport SET ref_number_int = '.((int) $ref_number_int).' WHERE rowid = '.((int) $object->id);
 			$resqlbis = $db->query($sqlbis);
 			if (!$resqlbis) {
 				dol_print_error($resqlbis);

htdocs/core/modules/import/import_csv.modules.php

@@ -790,7 +790,7 @@ class ImportCsv extends ModeleImports
 								if (empty($keyfield)) {
 									$keyfield = 'rowid';
 								}
-								$sqlSelect .= ' WHERE '.$keyfield.' = '.$lastinsertid;
+								$sqlSelect .= ' WHERE '.$keyfield.' = '.((int) $lastinsertid);
 
 								$resql = $this->db->query($sqlSelect);
 								if ($resql) {
@@ -824,7 +824,7 @@ class ImportCsv extends ModeleImports
 								if (empty($keyfield)) {
 									$keyfield = 'rowid';
 								}
-								$sqlend = ' WHERE '.$keyfield.' = '.$lastinsertid;
+								$sqlend = ' WHERE '.$keyfield.' = '.((int) $lastinsertid);
 
 								$sql = $sqlstart.$sqlend;
 

htdocs/core/modules/import/import_xlsx.modules.php

@@ -830,7 +830,7 @@ class ImportXlsx extends ModeleImports
 								if (empty($keyfield)) {
 									$keyfield = 'rowid';
 								}
-								$sqlSelect .= ' WHERE ' . $keyfield . ' = ' . $lastinsertid;
+								$sqlSelect .= ' WHERE ' . $keyfield . ' = ' .((int) $lastinsertid);
 
 								$resql = $this->db->query($sqlSelect);
 								if ($resql) {
@@ -864,7 +864,7 @@ class ImportXlsx extends ModeleImports
 								if (empty($keyfield)) {
 									$keyfield = 'rowid';
 								}
-								$sqlend = ' WHERE ' . $keyfield . ' = ' . $lastinsertid;
+								$sqlend = ' WHERE ' . $keyfield . ' = '.((int) $lastinsertid);
 
 								$sql = $sqlstart . $sqlend;
 

htdocs/don/class/donstats.class.php

@@ -85,7 +85,7 @@ class DonationStats extends Stats
 		//$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity;
 		$this->where .= " AND d.entity = ".$conf->entity;
 		if ($this->userid > 0) {
-			$this->where .= ' WHERE c.fk_user_author = '.$this->userid;
+			$this->where .= ' WHERE c.fk_user_author = '.((int) $this->userid);
 		}
 	}
 

htdocs/eventorganization/class/conferenceorbooth.class.php

@@ -694,7 +694,7 @@ class ConferenceOrBooth extends ActionComm
 		$sql = 'SELECT rowid, datec as datec, tms as datem,';
 		$sql .= ' fk_user_author, fk_user_mod';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t';
-		$sql .= ' WHERE t.id = '.$id;
+		$sql .= ' WHERE t.id = '.((int) $id);
 		$result = $this->db->query($sql);
 		if ($result) {
 			if ($this->db->num_rows($result)) {

htdocs/expedition/class/expeditionstats.class.php

@@ -77,10 +77,10 @@ class ExpeditionStats extends Stats
 			$this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
 		}
 		if ($this->socid) {
-			$this->where .= " AND c.fk_soc = ".$this->socid;
+			$this->where .= " AND c.fk_soc = ".((int) $this->socid);
 		}
 		if ($this->userid > 0) {
-			$this->where .= ' AND c.fk_user_author = '.$this->userid;
+			$this->where .= ' AND c.fk_user_author = '.((int) $this->userid);
 		}
 	}
 

htdocs/expensereport/class/expensereport.class.php

@@ -973,7 +973,7 @@ class ExpenseReport extends CommonObject
 	{
 		$sql = 'SELECT tt.total_ht, tt.total_ttc, tt.total_tva';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as tt';
-		$sql .= ' WHERE tt.'.$this->fk_element.' = '.$id;
+		$sql .= ' WHERE tt.'.$this->fk_element.' = '.((int) $id);
 
 		$total_ht = 0; $total_tva = 0; $total_ttc = 0;
 
@@ -2757,7 +2757,7 @@ class ExpenseReportLine
 		$sql = 'SELECT SUM(d.total_ttc) as total_amount';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'expensereport_det d';
 		$sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'expensereport e ON (d.fk_expensereport = e.rowid)';
-		$sql .= ' WHERE e.fk_user_author = '.$fk_user;
+		$sql .= ' WHERE e.fk_user_author = '.((int) $fk_user);
 		if (!empty($this->id)) {
 			$sql .= ' AND d.rowid <> '.$this->id;
 		}

htdocs/expensereport/class/expensereport_rule.class.php

@@ -167,7 +167,7 @@ class ExpenseReportRule extends CoreObject
 		if ($fk_user > 0) {
 			$sql .= ' AND (er.is_for_all = 1';
 			$sql .= ' OR er.fk_user = '.$fk_user;
-			$sql .= ' OR er.fk_usergroup IN (SELECT ugu.fk_usergroup FROM '.MAIN_DB_PREFIX.'usergroup_user ugu WHERE ugu.fk_user = '.$fk_user.') )';
+			$sql .= ' OR er.fk_usergroup IN (SELECT ugu.fk_usergroup FROM '.MAIN_DB_PREFIX.'usergroup_user ugu WHERE ugu.fk_user = '.((int) $fk_user).') )';
 		}
 		$sql .= ' ORDER BY er.is_for_all, er.fk_usergroup, er.fk_user';
 

htdocs/fichinter/class/fichinterrec.class.php

@@ -784,8 +784,8 @@ class FichinterRec extends Fichinter
 		}
 
 		$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
-		$sql .= ' SET nb_gen_max = '.$nb;
-		$sql .= ' WHERE rowid = '.$this->id;
+		$sql .= ' SET nb_gen_max = '.((int) $nb);
+		$sql .= ' WHERE rowid = '.((int) $this->id);
 
 		dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG);
 		if ($this->db->query($sql)) {
@@ -811,8 +811,8 @@ class FichinterRec extends Fichinter
 		}
 
 		$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
-		$sql .= ' SET auto_validate = '.$validate;
-		$sql .= ' WHERE rowid = '.$this->id;
+		$sql .= ' SET auto_validate = '.((int) $validate);
+		$sql .= ' WHERE rowid = '.((int) $this->id);
 
 		dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG);
 		if ($this->db->query($sql)) {

htdocs/fichinter/class/fichinterstats.class.php

@@ -78,10 +78,10 @@ class FichinterStats extends Stats
 		$this->where .= ($this->where ? ' AND ' : '')."c.entity IN (".getEntity('fichinter').')';
 
 		if ($this->socid) {
-			$this->where .= " AND c.fk_soc = ".$this->socid;
+			$this->where .= " AND c.fk_soc = ".((int) $this->socid);
 		}
 		if ($this->userid > 0) {
-			$this->where .= ' AND c.fk_user_author = '.$this->userid;
+			$this->where .= ' AND c.fk_user_author = '.((int) $this->userid);
 		}
 	}
 

htdocs/fourn/class/fournisseur.commande.dispatch.class.php

@@ -674,8 +674,10 @@ class CommandeFournisseurDispatch extends CommonObject
 					$sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\'';
 				} elseif ($key == 't.datec' || $key == 't.tms' || $key == 't.eatby' || $key == 't.sellby' || $key == 't.batch') {
 					$sqlwhere [] = $key.' = \''.$this->db->escape($value).'\'';
+				} elseif ($key == 'qty') {
+					$sqlwhere [] = $key.' = '.((float) $value);
 				} else {
-					$sqlwhere [] = $key.' = '.$this->db->escape($value);
+					$sqlwhere [] = $key.' = '.((int) $value);
 				}
 			}
 		}

htdocs/fourn/class/fournisseur.facture.class.php

@@ -1181,7 +1181,7 @@ class FactureFournisseur extends CommonInvoice
 		if (!$error) {
 			// If invoice was converted into a discount not yet consumed, we remove discount
 			$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'societe_remise_except';
-			$sql .= ' WHERE fk_invoice_supplier_source = '.$rowid;
+			$sql .= ' WHERE fk_invoice_supplier_source = '.((int) $rowid);
 			$sql .= ' AND fk_invoice_supplier_line IS NULL';
 			$resql = $this->db->query($sql);
 
@@ -2092,7 +2092,7 @@ class FactureFournisseur extends CommonInvoice
 		// Libere remise liee a ligne de facture
 		$sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except';
 		$sql .= ' SET fk_invoice_supplier_line = NULL';
-		$sql .= ' WHERE fk_invoice_supplier_line = '.$rowid;
+		$sql .= ' WHERE fk_invoice_supplier_line = '.((int) $rowid);
 
 		dol_syslog(get_class($this)."::deleteline", LOG_DEBUG);
 		$result = $this->db->query($sql);

htdocs/install/lib/repair.lib.php

@@ -106,7 +106,7 @@ function checkLinkedElements($sourcetype, $targettype)
 		foreach ($elements as $key => $element) {
 			if (!checkElementExist($element[$sourcetype], $sourcetable) || !checkElementExist($element[$targettype], $targettable)) {
 				$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'element_element';
-				$sql .= ' WHERE rowid = '.$key;
+				$sql .= ' WHERE rowid = '.((int) $key);
 				$resql = $db->query($sql);
 				$deleted++;
 			}

htdocs/install/repair.php

@@ -1347,8 +1347,8 @@ if ($ok && GETPOST('repair_link_dispatch_lines_supplier_order_lines')) {
 				$qty_for_line = min($remaining_qty, $obj_line->qty);
 				if ($first_iteration) {
 					$sql_attach = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch';
-					$sql_attach .= ' SET fk_commandefourndet = '.$obj_line->rowid.', qty = '.$qty_for_line;
-					$sql_attach .= ' WHERE rowid = '.$obj_dispatch->rowid;
+					$sql_attach .= ' SET fk_commandefourndet = '.((int) $obj_line->rowid).', qty = '.((float) $qty_for_line);
+					$sql_attach .= ' WHERE rowid = '.((int) $obj_dispatch->rowid);
 					$first_iteration = false;
 				} else {
 					$sql_attach_values = array(

htdocs/install/upgrade2.php

@@ -1342,7 +1342,7 @@ function migrate_paiementfourn_facturefourn($db, $langs, $conf)
 				// Verifier si la ligne est deja dans la nouvelle table. On ne veut pas inserer de doublons.
 				$check_sql = 'SELECT fk_paiementfourn, fk_facturefourn';
 				$check_sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn';
-				$check_sql .= ' WHERE fk_paiementfourn = '.$select_obj->rowid.' AND fk_facturefourn = '.$select_obj->fk_facture_fourn;
+				$check_sql .= ' WHERE fk_paiementfourn = '.$select_obj->rowid.' AND fk_facturefourn = '.((int) $select_obj->fk_facture_fourn);
 				$check_resql = $db->query($check_sql);
 				if ($check_resql) {
 					$check_num = $db->num_rows($check_resql);

htdocs/multicurrency/class/multicurrency.class.php

@@ -591,7 +591,7 @@ class MultiCurrency extends CommonObject
 	{
 		global $db;
 
-		$sql = 'SELECT multicurrency_tx FROM '.MAIN_DB_PREFIX.$table.' WHERE rowid = '.$fk_facture;
+		$sql = 'SELECT multicurrency_tx FROM '.MAIN_DB_PREFIX.$table.' WHERE rowid = '.((int) $fk_facture);
 
 		dol_syslog(__METHOD__, LOG_DEBUG);
 		$resql = $db->query($sql);

htdocs/product/class/product.class.php

@@ -3862,7 +3862,7 @@ class Product extends CommonObject
 
 		// Check not already father of id_pere (to avoid father -> child -> father links)
 		$sql = 'SELECT fk_product_pere from '.MAIN_DB_PREFIX.'product_association';
-		$sql .= ' WHERE fk_product_pere  = '.$id_fils.' AND fk_product_fils = '.$id_pere;
+		$sql .= ' WHERE fk_product_pere  = '.((int) $id_fils).' AND fk_product_fils = '.((int) $id_pere);
 		if (!$this->db->query($sql)) {
 			dol_print_error($this->db);
 			return -1;
@@ -3875,7 +3875,7 @@ class Product extends CommonObject
 					return -1;
 				} else {
 					$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'product_association(fk_product_pere,fk_product_fils,qty,incdec)';
-					$sql .= ' VALUES ('.$id_pere.', '.$id_fils.', '.$qty.', '.$incdec.')';
+					$sql .= ' VALUES ('.((int) $id_pere).', '.((int) $id_fils).', '.((float) $qty).', '.((int) $incdec).')';
 					if (!$this->db->query($sql)) {
 						 dol_print_error($this->db);
 						 return -1;

htdocs/product/class/productfournisseurprice.class.php

@@ -181,10 +181,8 @@ class ProductFournisseurPrice extends CommonObject
 		if (empty($conf->multicompany->enabled) && isset($this->fields['entity'])) $this->fields['entity']['enabled'] = 0;
 
 		// Unset fields that are disabled
-		foreach ($this->fields as $key => $val)
-		{
-			if (isset($val['enabled']) && empty($val['enabled']))
-			{
+		foreach ($this->fields as $key => $val) {
+			if (isset($val['enabled']) && empty($val['enabled'])) {
 				unset($this->fields[$key]);
 			}
 		}
@@ -241,14 +239,11 @@ class ProductFournisseurPrice extends CommonObject
 		if (property_exists($object, 'date_modification')) { $object->date_modification = null; }
 		// ...
 		// Clear extrafields that are unique
-		if (is_array($object->array_options) && count($object->array_options) > 0)
-		{
+		if (is_array($object->array_options) && count($object->array_options) > 0) {
 			$extrafields->fetch_name_optionals_label($this->table_element);
-			foreach ($object->array_options as $key => $option)
-			{
+			foreach ($object->array_options as $key => $option) {
 				$shortkey = preg_replace('/options_/', '', $key);
-				if (!empty($extrafields->attributes[$this->table_element]['unique'][$shortkey]))
-				{
+				if (!empty($extrafields->attributes[$this->table_element]['unique'][$shortkey])) {
 					//var_dump($key); var_dump($clonedObj->array_options[$key]); exit;
 					unset($object->array_options[$key]);
 				}
@@ -264,20 +259,16 @@ class ProductFournisseurPrice extends CommonObject
 			$this->errors = $object->errors;
 		}
 
-		if (!$error)
-		{
+		if (!$error) {
 			// copy internal contacts
-			if ($this->copy_linked_contact($object, 'internal') < 0)
-			{
+			if ($this->copy_linked_contact($object, 'internal') < 0) {
 				$error++;
 			}
 		}
 
-		if (!$error)
-		{
+		if (!$error) {
 			// copy external contacts if same company
-			if (property_exists($this, 'socid') && $this->socid == $object->socid)
-			{
+			if (property_exists($this, 'socid') && $this->socid == $object->socid) {
 				if ($this->copy_linked_contact($object, 'external') < 0)
 					$error++;
 			}
@@ -362,8 +353,7 @@ class ProductFournisseurPrice extends CommonObject
 		if ($resql) {
 			$num = $this->db->num_rows($resql);
 			$i = 0;
-			while ($i < ($limit ? min($limit, $num) : $num))
-			{
+			while ($i < ($limit ? min($limit, $num) : $num)) {
 				$obj = $this->db->fetch_object($resql);
 
 				$record = new self($this->db);
@@ -424,8 +414,7 @@ class ProductFournisseurPrice extends CommonObject
 		$error = 0;
 
 		// Protection
-		if ($this->status == self::STATUS_VALIDATED)
-		{
+		if ($this->status == self::STATUS_VALIDATED) {
 			dol_syslog(get_class($this)."::validate action abandonned: already validated", LOG_WARNING);
 			return 0;
 		}
@@ -435,8 +424,7 @@ class ProductFournisseurPrice extends CommonObject
 		$this->db->begin();
 
 		// Define new ref
-		if (!$error && (preg_match('/^[\(]?PROV/i', $this->ref) || empty($this->ref))) // empty should not happened, but when it occurs, the test save life
-		{
+		if (!$error && (preg_match('/^[\(]?PROV/i', $this->ref) || empty($this->ref))) { // empty should not happened, but when it occurs, the test save life
 			$num = $this->getNextNumRef();
 		} else {
 			$num = $this->ref;
@@ -454,15 +442,13 @@ class ProductFournisseurPrice extends CommonObject
 
 			dol_syslog(get_class($this)."::validate()", LOG_DEBUG);
 			$resql = $this->db->query($sql);
-			if (!$resql)
-			{
+			if (!$resql) {
 				dol_print_error($this->db);
 				$this->error = $this->db->lasterror();
 				$error++;
 			}
 
-			if (!$error && !$notrigger)
-			{
+			if (!$error && !$notrigger) {
 				// Call trigger
 				$result = $this->call_trigger('PRODUCTFOURNISSEURPRICE_VALIDATE', $user);
 				if ($result < 0) $error++;
@@ -470,13 +456,11 @@ class ProductFournisseurPrice extends CommonObject
 			}
 		}
 
-		if (!$error)
-		{
+		if (!$error) {
 			$this->oldref = $this->ref;
 
 			// Rename directory if dir was a temporary ref
-			if (preg_match('/^[\(]?PROV/i', $this->ref))
-			{
+			if (preg_match('/^[\(]?PROV/i', $this->ref)) {
 				// Now we rename also files into index
 				$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'productfournisseurprice/".$this->db->escape($this->newref)."'";
 				$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'productfournisseurprice/".$this->db->escape($this->ref)."' and entity = ".$conf->entity;
@@ -488,17 +472,14 @@ class ProductFournisseurPrice extends CommonObject
 				$newref = dol_sanitizeFileName($num);
 				$dirsource = $conf->buypricehistory->dir_output.'/productfournisseurprice/'.$oldref;
 				$dirdest = $conf->buypricehistory->dir_output.'/productfournisseurprice/'.$newref;
-				if (!$error && file_exists($dirsource))
-				{
+				if (!$error && file_exists($dirsource)) {
 					dol_syslog(get_class($this)."::validate() rename dir ".$dirsource." into ".$dirdest);
 
-					if (@rename($dirsource, $dirdest))
-					{
+					if (@rename($dirsource, $dirdest)) {
 						dol_syslog("Rename ok");
 						// Rename docs starting with $oldref with $newref
 						$listoffiles = dol_dir_list($conf->buypricehistory->dir_output.'/productfournisseurprice/'.$newref, 'files', 1, '^'.preg_quote($oldref, '/'));
-						foreach ($listoffiles as $fileentry)
-						{
+						foreach ($listoffiles as $fileentry) {
 							$dirsource = $fileentry['name'];
 							$dirdest = preg_replace('/^'.preg_quote($oldref, '/').'/', $newref, $dirsource);
 							$dirsource = $fileentry['path'].'/'.$dirsource;
@@ -511,14 +492,12 @@ class ProductFournisseurPrice extends CommonObject
 		}
 
 		// Set new ref and current status
-		if (!$error)
-		{
+		if (!$error) {
 			$this->ref = $num;
 			$this->status = self::STATUS_VALIDATED;
 		}
 
-		if (!$error)
-		{
+		if (!$error) {
 			$this->db->commit();
 			return 1;
 		} else {
@@ -538,8 +517,7 @@ class ProductFournisseurPrice extends CommonObject
 	public function setDraft($user, $notrigger = 0)
 	{
 		// Protection
-		if ($this->status <= self::STATUS_DRAFT)
-		{
+		if ($this->status <= self::STATUS_DRAFT) {
 			return 0;
 		}
 
@@ -556,8 +534,7 @@ class ProductFournisseurPrice extends CommonObject
 	public function cancel($user, $notrigger = 0)
 	{
 		// Protection
-		if ($this->status != self::STATUS_VALIDATED)
-		{
+		if ($this->status != self::STATUS_VALIDATED) {
 			return 0;
 		}
 
@@ -574,8 +551,7 @@ class ProductFournisseurPrice extends CommonObject
 	public function reopen($user, $notrigger = 0)
 	{
 		// Protection
-		if ($this->status != self::STATUS_CANCELED)
-		{
+		if ($this->status != self::STATUS_CANCELED) {
 			return 0;
 		}
 
@@ -609,8 +585,7 @@ class ProductFournisseurPrice extends CommonObject
 
 		$url = dol_buildpath('/buypricehistory/productfournisseurprice_card.php', 1).'?id='.$this->id;
 
-		if ($option != 'nolink')
-		{
+		if ($option != 'nolink') {
 			// Add param to save lastsearch_values or not
 			$add_save_lastsearch_values = ($save_lastsearch_value == 1 ? 1 : 0);
 			if ($save_lastsearch_value == -1 && preg_match('/list\.php/', $_SERVER["PHP_SELF"])) $add_save_lastsearch_values = 1;
@@ -618,10 +593,8 @@ class ProductFournisseurPrice extends CommonObject
 		}
 
 		$linkclose = '';
-		if (empty($notooltip))
-		{
-			if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))
-			{
+		if (empty($notooltip)) {
+			if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) {
 				$label = $langs->trans("ShowProductFournisseurPrice");
 				$linkclose .= ' alt="'.dol_escape_htmltag($label, 1).'"';
 			}
@@ -699,8 +672,7 @@ class ProductFournisseurPrice extends CommonObject
 	public function LibStatut($status, $mode = 0)
 	{
 		// phpcs:enable
-		if (empty($this->labelStatus) || empty($this->labelStatusShort))
-		{
+		if (empty($this->labelStatus) || empty($this->labelStatusShort)) {
 			global $langs;
 			//$langs->load("buypricehistory@buypricehistory");
 			$this->labelStatus[self::STATUS_DRAFT] = $langs->trans('Draft');
@@ -729,30 +701,25 @@ class ProductFournisseurPrice extends CommonObject
 		$sql = 'SELECT rowid, date_creation as datec, tms as datem,';
 		$sql .= ' fk_user_creat, fk_user_modif';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t';
-		$sql .= ' WHERE t.rowid = '.$id;
+		$sql .= ' WHERE t.rowid = '.((int) $id);
 		$result = $this->db->query($sql);
-		if ($result)
-		{
-			if ($this->db->num_rows($result))
-			{
+		if ($result) {
+			if ($this->db->num_rows($result)) {
 				$obj = $this->db->fetch_object($result);
 				$this->id = $obj->rowid;
-				if ($obj->fk_user_author)
-				{
+				if ($obj->fk_user_author) {
 					$cuser = new User($this->db);
 					$cuser->fetch($obj->fk_user_author);
 					$this->user_creation = $cuser;
 				}
 
-				if ($obj->fk_user_valid)
-				{
+				if ($obj->fk_user_valid) {
 					$vuser = new User($this->db);
 					$vuser->fetch($obj->fk_user_valid);
 					$this->user_validation = $vuser;
 				}
 
-				if ($obj->fk_user_cloture)
-				{
+				if ($obj->fk_user_cloture) {
 					$cluser = new User($this->db);
 					$cluser->fetch($obj->fk_user_cloture);
 					$this->user_cloture = $cluser;
@@ -794,8 +761,7 @@ class ProductFournisseurPrice extends CommonObject
 			$conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON = 'mod_productfournisseurprice_standard';
 		}
 
-		if (!empty($conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON))
-		{
+		if (!empty($conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON)) {
 			$mybool = false;
 
 			$file = $conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON.".php";
@@ -803,16 +769,14 @@ class ProductFournisseurPrice extends CommonObject
 
 			// Include file with class
 			$dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']);
-			foreach ($dirmodels as $reldir)
-			{
+			foreach ($dirmodels as $reldir) {
 				$dir = dol_buildpath($reldir."core/modules/buypricehistory/");
 
 				// Load file with numbering class (if found)
 				$mybool |= @include_once $dir.$file;
 			}
 
-			if ($mybool === false)
-			{
+			if ($mybool === false) {
 				dol_print_error('', "Failed to include file ".$file);
 				return '';
 			}
@@ -821,8 +785,7 @@ class ProductFournisseurPrice extends CommonObject
 				$obj = new $classname();
 				$numref = $obj->getNextValue($this);
 
-				if ($numref != '' && $numref != '-1')
-				{
+				if ($numref != '' && $numref != '-1') {
 					return $numref;
 				} else {
 					$this->error = $obj->error;

htdocs/product/fournisseurs.php

@@ -290,7 +290,7 @@ if (empty($reshook)) {
 						foreach ($extrafield_values as $key => $value) {
 							$sql .= str_replace('options_', '', $key).' = "'.$value.'", ';
 						}
-						$sql = substr($sql, 0, strlen($sql) - 2).' WHERE fk_object = '.$object->product_fourn_price_id;
+						$sql = substr($sql, 0, strlen($sql) - 2).' WHERE fk_object = '.((int) $object->product_fourn_price_id);
 					}
 
 					// Execute the sql command from above

htdocs/product/stock/class/entrepot.class.php

@@ -782,7 +782,7 @@ class Entrepot extends CommonObject
 		$parentid = $this->fk_parent; // If parent_id not defined on current object, we do not start consecutive searches of parents
 		$i = 0;
 		while ($parentid > 0 && $i < $protection) {
-			$sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'entrepot WHERE rowid = '.$parentid;
+			$sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'entrepot WHERE rowid = '.((int) $parentid);
 			$resql = $this->db->query($sql);
 			if ($resql) {
 				$objarbo = $this->db->fetch_object($resql);
@@ -817,7 +817,7 @@ class Entrepot extends CommonObject
 
 		$sql = 'SELECT rowid
 				FROM '.MAIN_DB_PREFIX.'entrepot
-				WHERE fk_parent = '.$id;
+				WHERE fk_parent = '.((int) $id);
 
 		$resql = $this->db->query($sql);
 		if ($resql) {

htdocs/product/stock/class/mouvementstock.class.php

@@ -896,7 +896,7 @@ class MouvementStock extends CommonObject
 		$nb = 0;
 
 		$sql = 'SELECT SUM(value) as nb from '.MAIN_DB_PREFIX.'stock_mouvement';
-		$sql .= ' WHERE fk_product = '.$productidselected;
+		$sql .= ' WHERE fk_product = '.((int) $productidselected);
 		$sql .= " AND datem < '".$this->db->idate($datebefore)."'";
 
 		dol_syslog(get_class($this).__METHOD__.'', LOG_DEBUG);

htdocs/product/stock/class/productstockentrepot.class.php

@@ -196,7 +196,7 @@ class ProductStockEntrepot extends CommonObject
 		if (!empty($id)) {
 			$sql .= ' WHERE t.rowid = '.((int) $id);
 		} else {
-			$sql .= ' WHERE t.fk_product = '.$fk_product.' AND t.fk_entrepot = '.$fk_entrepot;
+			$sql .= ' WHERE t.fk_product = '.((int) $fk_product).' AND t.fk_entrepot = '.((int) $fk_entrepot);
 		}
 
 		$resql = $this->db->query($sql);

htdocs/product/stock/lib/replenishment.lib.php

@@ -39,7 +39,7 @@ function dolDispatchToDo($order_id)
 
 	// Count nb of quantity dispatched per product
 	$sql = 'SELECT fk_product, SUM(qty) FROM '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch';
-	$sql .= ' WHERE fk_commande = '.$order_id;
+	$sql .= ' WHERE fk_commande = '.((int) $order_id);
 	$sql .= ' GROUP BY fk_product';
 	$sql .= ' ORDER by fk_product';
 	$resql = $db->query($sql);
@@ -51,7 +51,7 @@ function dolDispatchToDo($order_id)
 
 	// Count nb of quantity to dispatch per product
 	$sql = 'SELECT fk_product, SUM(qty) FROM '.MAIN_DB_PREFIX.'commande_fournisseurdet';
-	$sql .= ' WHERE fk_commande = '.$order_id;
+	$sql .= ' WHERE fk_commande = '.((int) $order_id);
 	$sql .= ' AND fk_product > 0';
 	if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) {
 		$sql .= ' AND product_type = 0';

htdocs/product/stock/replenish.php

@@ -756,7 +756,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
 		if (!empty($conf->global->MAIN_MULTILANGS)) {
 			$sql = 'SELECT label,description';
 			$sql .= ' FROM '.MAIN_DB_PREFIX.'product_lang';
-			$sql .= ' WHERE fk_product = '.$objp->rowid;
+			$sql .= ' WHERE fk_product = '.((int) $objp->rowid);
 			$sql .= ' AND lang = "'.$langs->getDefaultLang().'"';
 			$sql .= ' LIMIT 1';
 

htdocs/product/stock/stockatdate.php

@@ -487,7 +487,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
 		{
 			$sql = 'SELECT label,description';
 			$sql .= ' FROM '.MAIN_DB_PREFIX.'product_lang';
-			$sql .= ' WHERE fk_product = '.$objp->rowid;
+			$sql .= ' WHERE fk_product = '.((int) $objp->rowid);
 			$sql .= ' AND lang = "'.$langs->getDefaultLang().'"';
 			$sql .= ' LIMIT 1';
 

htdocs/projet/tasks/time.php

@@ -428,7 +428,7 @@ if ($action == 'confirm_generateinvoice') {
 					$lineid = $tmpinvoice->addline($langs->trans("TimeSpentForInvoice", $username).' : '.$qtyhourtext, $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0));
 
 					// Update lineid into line of timespent
-					$sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id;
+					$sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id);
 					$sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).') AND fk_user = '.((int) $userid);
 					$result = $db->query($sql);
 					if (!$result) {
@@ -467,7 +467,7 @@ if ($action == 'confirm_generateinvoice') {
 					$lineid = $tmpinvoice->addline($value['note'], $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0));
 
 					// Update lineid into line of timespent
-					$sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id;
+					$sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id);
 					$sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).') AND fk_user = '.((int) $userid);
 					$result = $db->query($sql);
 					if (!$result) {
@@ -503,7 +503,7 @@ if ($action == 'confirm_generateinvoice') {
 					$lineid = $tmpinvoice->addline($lineName, $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0));
 
 					// Update lineid into line of timespent
-					$sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id;
+					$sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id);
 					$sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).')';
 					$result = $db->query($sql);
 					if (!$result) {

htdocs/public/emailing/mailing-read.php

@@ -122,19 +122,19 @@ if (!empty($tag)) {
 
 	//Update status of target
 	$statut = '2';
-	$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE rowid = ".((int) $obj->rowid);
+	$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".((int) $statut)." WHERE rowid = ".((int) $obj->rowid);
 	$resql = $db->query($sql);
 	if (!$resql) dol_print_error($db);
 
 	//Update status communication of thirdparty prospect
 	if ($obj->source_id > 0 && $obj->source_type == 'thirdparty' && $obj->entity) {
-		$sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid = '.$obj->source_id;
+		$sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid = '.((int) $obj->source_id);
 		$resql = $db->query($sql);
 	}
 
 	//Update status communication of contact prospect
 	if ($obj->source_id > 0 && $obj->source_type == 'contact' && $obj->entity) {
-		$sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.$obj->source_id.')';
+		$sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '((int) $obj->source_id).')';
 		$resql = $db->query($sql);
 	}
 }

htdocs/salaries/class/salary.class.php

@@ -463,7 +463,7 @@ class Salary extends CommonObject
 	public function update_fk_bank($id_bank)
 	{
         // phpcs:enable
-		$sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.$id_bank;
+		$sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.((int) $id_bank);
 		$sql .= ' WHERE rowid = '.$this->id;
 		$result = $this->db->query($sql);
 		if ($result) {

htdocs/societe/class/societe.class.php

@@ -4620,7 +4620,7 @@ class Societe extends CommonObject
 
 		$resql = $db->query($sql);
 		while ($obj = $db->fetch_object($resql)) {
-			$db->query('DELETE FROM '.MAIN_DB_PREFIX.'societe_commerciaux WHERE rowid = '.$obj->rowid);
+			$db->query('DELETE FROM '.MAIN_DB_PREFIX.'societe_commerciaux WHERE rowid = '.((int) $obj->rowid));
 		}
 
 		/**

htdocs/supplier_proposal/class/supplier_proposal.class.php

@@ -1777,7 +1777,7 @@ class SupplierProposal extends CommonObject
 		$price = price2num($product->subprice * $product->qty, 'MU');
 		$unitPrice = price2num($product->subprice, 'MU');
 
-		$sql = 'UPDATE '.MAIN_DB_PREFIX.'product_fournisseur_price SET '.(!empty($product->ref_fourn) ? 'ref_fourn = "'.$product->ref_fourn.'", ' : '').' price ='.$price.', unitprice ='.$unitPrice.' WHERE rowid = '.$idProductFournPrice;
+		$sql = 'UPDATE '.MAIN_DB_PREFIX.'product_fournisseur_price SET '.(!empty($product->ref_fourn) ? 'ref_fourn = "'.$this->db->escape($product->ref_fourn).'", ' : '').' price ='.((float) $price).', unitprice ='.((float) $unitPrice).' WHERE rowid = '.((int) $idProductFournPrice);
 
 		$resql = $this->db->query($sql);
 		if (!$resql) {

htdocs/variants/class/ProductAttribute.class.php

@@ -319,7 +319,7 @@ class ProductAttribute extends CommonObject
 			$newrang = $this->rang + 1;
 		}
 
-		$sql = 'UPDATE '.MAIN_DB_PREFIX.'product_attribute SET rang = '.$this->rang.' WHERE rang = '.$newrang;
+		$sql = 'UPDATE '.MAIN_DB_PREFIX.'product_attribute SET rang = '.((int) $this->rang).' WHERE rang = '.((int) $newrang);
 
 		if (!$this->db->query($sql)) {
 			$this->db->rollback();

htdocs/website/class/websitepage.class.php

@@ -407,7 +407,7 @@ class WebsitePage extends CommonObject
 		$sql .= " t.object_type,";
 		$sql .= " t.fk_object";
 		$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t';
-		$sql .= ' WHERE t.fk_website = '.$websiteid;
+		$sql .= ' WHERE t.fk_website = '.((int) $websiteid);
 		// Manage filter (same than into countAll)
 		$sqlwhere = array();
 		if (count($filter) > 0) {
@@ -509,7 +509,7 @@ class WebsitePage extends CommonObject
 
 		$sql = 'SELECT COUNT(t.rowid) as nb';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t';
-		$sql .= ' WHERE t.fk_website = '.$websiteid;
+		$sql .= ' WHERE t.fk_website = '.((int) $websiteid);
 		// Manage filter (same than into fetchAll)
 		$sqlwhere = array();
 		if (count($filter) > 0) {

htdocs/zapier/class/hook.class.php

@@ -416,13 +416,13 @@ class Hook extends CommonObject
 		$sql .= ' t.rowid';
 		// TODO Get all fields
 		$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t';
-		$sql .= ' WHERE t.entity = '.$conf->entity;
+		$sql .= ' WHERE t.entity = '.((int) $conf->entity);
 		// Manage filter
 		$sqlwhere = array();
 		if (count($filter) > 0) {
 			foreach ($filter as $key => $value) {
 				if ($key == 't.rowid') {
-					$sqlwhere[] = $key.'='.$value;
+					$sqlwhere[] = $key.' = '.((int) $value);
 				} elseif (strpos($key, 'date') !== false) {
 					$sqlwhere[] = $key.' = \''.$this->db->idate($value).'\'';
 				} elseif ($key == 'customsql') {