首頁 探索 說明
登入
iProspective
/
dolibarr
3
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
瀏覽代碼

Fix some sql

Laurent Destailleur 3 年之前
父節點
5aaf8ff8f3
當前提交
b1cb32c743
共有 11 個文件被更改,包括 16 次插入16 次删除
分割檢視 顯示文件統計
  1. 4 4
      htdocs/bom/class/bom.class.php
  2. 1 1
      htdocs/core/tpl/card_presend.tpl.php
  3. 1 1
      htdocs/eventorganization/class/conferenceorbooth.class.php
  4. 1 1
      htdocs/eventorganization/class/conferenceorboothattendee.class.php
  5. 1 1
      htdocs/knowledgemanagement/class/knowledgerecord.class.php
  6. 1 1
      htdocs/modulebuilder/template/class/myobject.class.php
  7. 1 1
      htdocs/mrp/class/mo.class.php
  8. 1 1
      htdocs/partnership/class/partnership.class.php
  9. 3 3
      htdocs/product/class/productfournisseurprice.class.php
  10. 1 1
      htdocs/recruitment/class/recruitmentcandidature.class.php
  11. 1 1
      htdocs/workstation/class/workstation.class.php

+ 4 - 4
htdocs/bom/class/bom.class.php
查看文件 

@@ -431,13 +431,13 @@ class BOM extends CommonObject
 
 		if (count($filter) > 0) {
 
 			foreach ($filter as $key => $value) {
 
 				if ($key == 't.rowid') {
 
-					$sqlwhere[] = $key.'='.$value;
 
+					$sqlwhere[] = $key.' = '.((int) $value);
 
 				} elseif (strpos($key, 'date') !== false) {
 
-					$sqlwhere[] = $key.' = \''.$this->db->idate($value).'\'';
 
+					$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
 
 				} elseif ($key == 'customsql') {
 
 					$sqlwhere[] = $value;
 
 				} else {
 
-					$sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\'';
 
+					$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
 
 				}
 
 			}
 
 		}
 
@@ -946,7 +946,7 @@ class BOM extends CommonObject
 
 		$this->lines = array();
 
 
 		$objectline = new BOMLine($this->db);
 
-		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_bom = '.$this->id));
 
+		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_bom = '.((int) $this->id)));
 
 
 		if (is_numeric($result)) {
 
 			$this->error = $this->error;

+ 1 - 1
htdocs/core/tpl/card_presend.tpl.php
查看文件 

@@ -177,7 +177,7 @@ if ($action == 'presend') {
 
 		$listeuser = array();
 
 		$fuserdest = new User($db);
 
 
-		$result = $fuserdest->fetchAll('ASC', 't.lastname', 0, 0, array('customsql'=>'t.statut=1 AND t.employee=1 AND t.email IS NOT NULL AND t.email<>\'\''), 'AND', true);
 
+		$result = $fuserdest->fetchAll('ASC', 't.lastname', 0, 0, array('customsql'=>"t.statut=1 AND t.employee=1 AND t.email IS NOT NULL AND t.email <> ''"), 'AND', true);
 
 		if ($result > 0 && is_array($fuserdest->users) && count($fuserdest->users) > 0) {
 
 			foreach ($fuserdest->users as $uuserdest) {
 
 				$listeuser[$uuserdest->id] = $uuserdest->user_get_property($uuserdest->id, 'email');

+ 1 - 1
htdocs/eventorganization/class/conferenceorbooth.class.php
查看文件 

@@ -749,7 +749,7 @@ class ConferenceOrBooth extends ActionComm
 
 		$this->lines = array();
 
 
 		$objectline = new ConferenceOrBoothLine($this->db);
 
-		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_conferenceorbooth = '.$this->id));
 
+		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_conferenceorbooth = '.((int) $this->id)));
 
 
 		if (is_numeric($result)) {
 
 			$this->error = $this->error;

+ 1 - 1
htdocs/eventorganization/class/conferenceorboothattendee.class.php
查看文件 

@@ -951,7 +951,7 @@ class ConferenceOrBoothAttendee extends CommonObject
 
 		$this->lines = array();
 
 
 		$objectline = new ConferenceOrBoothAttendeeLine($this->db);
 
-		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_conferenceorboothattendee = '.$this->id));
 
+		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_conferenceorboothattendee = '.((int) $this->id)));
 
 
 		if (is_numeric($result)) {
 
 			$this->error = $this->error;

+ 1 - 1
htdocs/knowledgemanagement/class/knowledgerecord.class.php
查看文件 

@@ -899,7 +899,7 @@ class KnowledgeRecord extends CommonObject
 
 		$this->lines = array();
 
 
 		$objectline = new KnowledgeRecordLine($this->db);
 
-		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_knowledgerecord = '.$this->id));
 
+		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_knowledgerecord = '.((int) $this->id)));
 
 
 		if (is_numeric($result)) {
 
 			$this->error = $this->error;

+ 1 - 1
htdocs/modulebuilder/template/class/myobject.class.php
查看文件 

@@ -958,7 +958,7 @@ class MyObject extends CommonObject
 
 		$this->lines = array();
 
 
 		$objectline = new MyObjectLine($this->db);
 
-		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_myobject = '.$this->id));
 
+		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_myobject = '.((int) $this->id)));
 
 
 		if (is_numeric($result)) {
 
 			$this->error = $this->error;

+ 1 - 1
htdocs/mrp/class/mo.class.php
查看文件 

@@ -1188,7 +1188,7 @@ class Mo extends CommonObject
 
 		$this->lines = array();
 
 
 		$objectline = new MoLine($this->db);
 
-		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_mo = '.$this->id));
 
+		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_mo = '.((int) $this->id)));
 
 
 		if (is_numeric($result)) {
 
 			$this->error = $this->error;

+ 1 - 1
htdocs/partnership/class/partnership.class.php
查看文件 

@@ -1157,7 +1157,7 @@ class Partnership extends CommonObject
 
 		$this->lines = array();
 
 
 		$objectline = new PartnershipLine($this->db);
 
-		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_partnership = '.$this->id));
 
+		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_partnership = '.((int) $this->id)));
 
 
 		if (is_numeric($result)) {
 
 			$this->error = $this->error;

+ 3 - 3
htdocs/product/class/productfournisseurprice.class.php
查看文件 

@@ -326,15 +326,15 @@ class ProductFournisseurPrice extends CommonObject
 
 		if (count($filter) > 0) {
 
 			foreach ($filter as $key => $value) {
 
 				if ($key == 't.rowid') {
 
-					$sqlwhere[] = $key.'='.$value;
 
+					$sqlwhere[] = $key.' = '.((int) $value);
 
 				} elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
 
-					$sqlwhere[] = $key.' = \''.$this->db->idate($value).'\'';
 
+					$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
 
 				} elseif ($key == 'customsql') {
 
 					$sqlwhere[] = $value;
 
 				} elseif (strpos($value, '%') === false) {
 
 					$sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')';
 
 				} else {
 
-					$sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\'';
 
+					$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
 
 				}
 
 			}
 
 		}

+ 1 - 1
htdocs/recruitment/class/recruitmentcandidature.class.php
查看文件 

@@ -893,7 +893,7 @@ class RecruitmentCandidature extends CommonObject
 
 		$this->lines = array();
 
 
 		$objectline = new RecruitmentCandidatureLine($this->db);
 
-		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_recruitmentcandidature = '.$this->id));
 
+		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_recruitmentcandidature = '.((int) $this->id)));
 
 
 		if (is_numeric($result)) {
 
 			$this->error = $this->error;

+ 1 - 1
htdocs/workstation/class/workstation.class.php
查看文件 

@@ -928,7 +928,7 @@ class Workstation extends CommonObject
 
 		$this->lines = array();
 
 
 		$objectline = new WorkstationLine($this->db);
 
-		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_workstation = '.$this->id));
 
+		$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_workstation = '.((int) $this->id)));
 
 
 		if (is_numeric($result)) {
 
 			$this->error = $this->error;