Fix protect sql

htdocs/accountancy/admin/accountmodel.php

@@ -442,7 +442,7 @@ if ($id) {
 		} else {
 			$sql .= " WHERE ";
 		}
-		$sql .= " c.rowid = ".$search_country_id;
+		$sql .= " c.rowid = ".((int) $search_country_id);
 	}
 
 	// If sort order is "country", we use country_code instead

htdocs/accountancy/bookkeeping/card.php

@@ -563,7 +563,7 @@ if ($action == 'create') {
 		{
 		 $sqlmid = 'SELECT rowid as ref';
 			$sqlmid .= " FROM ".MAIN_DB_PREFIX."facture as fac";
-			$sqlmid .= " WHERE fac.rowid=" . $object->fk_doc;
+			$sqlmid .= " WHERE fac.rowid=" . ((int) $object->fk_doc);
 			dol_syslog("accountancy/bookkeeping/card.php::sqlmid=" . $sqlmid, LOG_DEBUG);
 			$resultmid = $db->query($sqlmid);
 			if ($resultmid) {

htdocs/accountancy/class/accountancycategory.class.php

@@ -473,7 +473,7 @@ class AccountancyCategory // extends CommonObject
 		$sql .= " SELECT DISTINCT aa.account_number";
 		$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as aa";
 		$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
-		$sql .= " AND asy.rowid = ".$conf->global->CHARTOFACCOUNTS;
+		$sql .= " AND asy.rowid = ".((int) $conf->global->CHARTOFACCOUNTS);
 		$sql .= " AND aa.active = 1";
 		$sql .= " AND aa.entity = ".$conf->entity.")";
 		$sql .= " GROUP BY t.numero_compte, t.label_operation, t.doc_ref";
@@ -562,7 +562,7 @@ class AccountancyCategory // extends CommonObject
 		$sql = "SELECT aa.rowid, aa.account_number";
 		$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as aa";
 		$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
-		$sql .= " AND asy.rowid = ".$conf->global->CHARTOFACCOUNTS;
+		$sql .= " AND asy.rowid = ".((int) $conf->global->CHARTOFACCOUNTS);
 		$sql .= " AND aa.active = 1";
 		$sql .= " AND aa.entity = ".$conf->entity;
 		$sql .= " ORDER BY LENGTH(aa.account_number) DESC;"; // LENGTH is ok with mysql and postgresql
@@ -589,8 +589,8 @@ class AccountancyCategory // extends CommonObject
 				$accountincptsadded[$account_number_formated] = 1;
 				// We found an account number that is in list $cpts of account to add
 				$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_account";
-				$sql .= " SET fk_accounting_category=".$id_cat;
-				$sql .= " WHERE rowid=".$obj->rowid;
+				$sql .= " SET fk_accounting_category=".((int) $id_cat);
+				$sql .= " WHERE rowid=".((int) $obj->rowid);
 				dol_syslog(__METHOD__, LOG_DEBUG);
 				$resqlupdate = $this->db->query($sql);
 				if (!$resqlupdate) {
@@ -629,7 +629,7 @@ class AccountancyCategory // extends CommonObject
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX."accounting_account as aa";
 		$sql .= " SET fk_accounting_category= 0";
-		$sql .= " WHERE aa.rowid= ".$cpt_id;
+		$sql .= " WHERE aa.rowid = ".((int) $cpt_id);
 		$this->db->begin();
 
 		dol_syslog(__METHOD__." sql=".$sql, LOG_DEBUG);

htdocs/accountancy/class/accountingaccount.class.php

@@ -347,10 +347,10 @@ class AccountingAccount extends CommonObject
 		$sql .= " , label = ".($this->label ? "'".$this->db->escape($this->label)."'" : "''");
 		$sql .= " , labelshort = ".($this->labelshort ? "'".$this->db->escape($this->labelshort)."'" : "''");
 		$sql .= " , fk_accounting_category = ".(empty($this->account_category) ? 0 : (int) $this->account_category);
-		$sql .= " , fk_user_modif = ".$user->id;
+		$sql .= " , fk_user_modif = ".((int) $user->id);
 		$sql .= " , active = ".(int) $this->active;
 		$sql .= " , reconcilable = ".(int) $this->reconcilable;
-		$sql .= " WHERE rowid = ".$this->id;
+		$sql .= " WHERE rowid = ".((int) $this->id);
 
 		dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG);
 		$result = $this->db->query($sql);

htdocs/accountancy/class/bookkeeping.class.php

@@ -1860,7 +1860,7 @@ class BookKeeping extends CommonObject
 		$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "accounting_account as aa ON aa.account_number = ab.numero_compte";
 		$sql .= " AND aa.active = 1";
 		$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
-		$sql .= " AND asy.rowid = " . $pcgver;
+		$sql .= " AND asy.rowid = " . ((int) $pcgver);
 		$sql .= " AND ab.entity IN (" . getEntity('accountancy') . ")";
 		$sql .= " ORDER BY account_number ASC";
 		*/
@@ -1893,7 +1893,7 @@ class BookKeeping extends CommonObject
 		$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as aa ON aa.account_number = ab.numero_compte";
 		$sql .= " AND aa.active = 1";
 		$sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
-		$sql .= " AND asy.rowid = ".$pcgver;
+		$sql .= " AND asy.rowid = ".((int) $pcgver);
 		$sql .= " AND ab.entity IN (".getEntity('accountancy').")";
 		$sql .= " ORDER BY account_number ASC";
 

htdocs/accountancy/customer/index.php

@@ -110,13 +110,13 @@ if ($action == 'validatehistory') {
 		$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet";
 		$sql1 .= " SET fk_code_ventilation = accnt.rowid";
 		$sql1 .= " FROM " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
-		$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid  AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
+		$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facturedet.fk_product = p.rowid  AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
 		$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number";
 		$sql1 .= " AND " . MAIN_DB_PREFIX . "facturedet.fk_code_ventilation = 0";
 	} else {
 		$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facturedet as fd, " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
 		$sql1 .= " SET fk_code_ventilation = accnt.rowid";
-		$sql1 .= " WHERE fd.fk_product = p.rowid  AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
+		$sql1 .= " WHERE fd.fk_product = p.rowid  AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
 		$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_sell=accnt.account_number";
 		$sql1 .= " AND fd.fk_code_ventilation = 0";
 	}*/

htdocs/accountancy/expensereport/index.php

@@ -103,13 +103,13 @@ if ($action == 'validatehistory') {
 		$sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det";
 		$sql1 .= " SET fk_code_ventilation = accnt.rowid";
 		$sql1 .= " FROM ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst";
-		$sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id  AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=".$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
+		$sql1 .= " WHERE ".MAIN_DB_PREFIX."expensereport_det.fk_c_type_fees = t.id  AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
 		$sql1 .= " AND accnt.active = 1 AND t.accountancy_code = accnt.account_number";
 		$sql1 .= " AND ".MAIN_DB_PREFIX."expensereport_det.fk_code_ventilation = 0";
 	} else {
 		$sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd, ".MAIN_DB_PREFIX."c_type_fees as t, ".MAIN_DB_PREFIX."accounting_account as accnt , ".MAIN_DB_PREFIX."accounting_system as syst";
 		$sql1 .= " SET erd.fk_code_ventilation = accnt.rowid";
-		$sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=".$conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
+		$sql1 .= " WHERE erd.fk_c_type_fees = t.id AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid = ".((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
 		$sql1 .= " AND accnt.active = 1 AND t.accountancy_code=accnt.account_number";
 		$sql1 .= " AND erd.fk_code_ventilation = 0";
 	}

htdocs/accountancy/journal/bankjournal.php

@@ -1323,42 +1323,42 @@ function getSourceDocRef($val, $typerecord)
 	} elseif ($typerecord == 'payment_supplier') {
 		$sqlmid = 'SELECT payfac.fk_facturefourn as id, f.ref';
 		$sqlmid .= " FROM ".MAIN_DB_PREFIX."paiementfourn_facturefourn as payfac, ".MAIN_DB_PREFIX."facture_fourn as f";
-		$sqlmid .= " WHERE payfac.fk_facturefourn = f.rowid AND payfac.fk_paiementfourn=".$val["paymentsupplierid"];
+		$sqlmid .= " WHERE payfac.fk_facturefourn = f.rowid AND payfac.fk_paiementfourn=".((int) $val["paymentsupplierid"]);
 		$ref = $langs->transnoentitiesnoconv("SupplierInvoice");
 	} elseif ($typerecord == 'payment_expensereport') {
 		$sqlmid = 'SELECT e.rowid as id, e.ref';
 		$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_expensereport as pe, ".MAIN_DB_PREFIX."expensereport as e";
-		$sqlmid .= " WHERE pe.rowid=".$val["paymentexpensereport"]." AND pe.fk_expensereport = e.rowid";
+		$sqlmid .= " WHERE pe.rowid=".((int) $val["paymentexpensereport"])." AND pe.fk_expensereport = e.rowid";
 		$ref = $langs->transnoentitiesnoconv("ExpenseReport");
 	} elseif ($typerecord == 'payment_salary') {
 		$sqlmid = 'SELECT s.rowid as ref';
 		$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_salary as s";
-		$sqlmid .= " WHERE s.rowid=".$val["paymentsalid"];
+		$sqlmid .= " WHERE s.rowid=".((int) $val["paymentsalid"]);
 		$ref = $langs->transnoentitiesnoconv("SalaryPayment");
 	} elseif ($typerecord == 'sc') {
 		$sqlmid = 'SELECT sc.rowid as ref';
 		$sqlmid .= " FROM ".MAIN_DB_PREFIX."paiementcharge as sc";
-		$sqlmid .= " WHERE sc.rowid=".$val["paymentscid"];
+		$sqlmid .= " WHERE sc.rowid=".((int) $val["paymentscid"]);
 		$ref = $langs->transnoentitiesnoconv("SocialContribution");
 	} elseif ($typerecord == 'payment_vat') {
 		$sqlmid = 'SELECT v.rowid as ref';
 		$sqlmid .= " FROM ".MAIN_DB_PREFIX."tva as v";
-		$sqlmid .= " WHERE v.rowid=".$val["paymentvatid"];
+		$sqlmid .= " WHERE v.rowid=".((int) $val["paymentvatid"]);
 		$ref = $langs->transnoentitiesnoconv("PaymentVat");
 	} elseif ($typerecord == 'payment_donation') {
 		$sqlmid = 'SELECT payd.fk_donation as ref';
 		$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_donation as payd";
-		$sqlmid .= " WHERE payd.fk_donation=".$val["paymentdonationid"];
+		$sqlmid .= " WHERE payd.fk_donation=".((int) $val["paymentdonationid"]);
 		$ref = $langs->transnoentitiesnoconv("Donation");
 	} elseif ($typerecord == 'payment_loan') {
 		$sqlmid = 'SELECT l.rowid as ref';
 		$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_loan as l";
-		$sqlmid .= " WHERE l.rowid=".$val["paymentloanid"];
+		$sqlmid .= " WHERE l.rowid=".((int) $val["paymentloanid"]);
 		$ref = $langs->transnoentitiesnoconv("LoanPayment");
 	} elseif ($typerecord == 'payment_various') {
 		$sqlmid = 'SELECT v.rowid as ref';
 		$sqlmid .= " FROM ".MAIN_DB_PREFIX."payment_various as v";
-		$sqlmid .= " WHERE v.rowid=".$val["paymentvariousid"];
+		$sqlmid .= " WHERE v.rowid=".((int) $val["paymentvariousid"]);
 		$ref = $langs->transnoentitiesnoconv("VariousPayment");
 	}
 	// Add warning

htdocs/accountancy/supplier/index.php

@@ -118,13 +118,13 @@ if ($action == 'validatehistory') {
 		$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facture_fourn_det";
 		$sql1 .= " SET fk_code_ventilation = accnt.rowid";
 		$sql1 .= " FROM " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
-		$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facture_fourn_det.fk_product = p.rowid  AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
+		$sql1 .= " WHERE " . MAIN_DB_PREFIX . "facture_fourn_det.fk_product = p.rowid  AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
 		$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_buy=accnt.account_number";
 		$sql1 .= " AND " . MAIN_DB_PREFIX . "facture_fourn_det.fk_code_ventilation = 0";
 	} else {
 		$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facture_fourn_det as fd, " . MAIN_DB_PREFIX . "product as p, " . MAIN_DB_PREFIX . "accounting_account as accnt , " . MAIN_DB_PREFIX . "accounting_system as syst";
 		$sql1 .= " SET fk_code_ventilation = accnt.rowid";
-		$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . $conf->global->CHARTOFACCOUNTS.' AND accnt.entity = '.$conf->entity;
+		$sql1 .= " WHERE fd.fk_product = p.rowid AND accnt.fk_pcg_version = syst.pcg_version AND syst.rowid=" . ((int) $conf->global->CHARTOFACCOUNTS).' AND accnt.entity = '.$conf->entity;
 		$sql1 .= " AND accnt.active = 1 AND p.accountancy_code_buy=accnt.account_number";
 		$sql1 .= " AND fd.fk_code_ventilation = 0";
 	}*/

htdocs/adherents/class/adherent.class.php

@@ -1597,8 +1597,8 @@ class Adherent extends CommonObject
 				$inserturlid = $acct->add_url_line($insertid, $this->id, DOL_URL_ROOT.'/adherents/card.php?rowid=', $this->getFullname($langs), 'member');
 				if ($inserturlid > 0) {
 					// Update table subscription
-					$sql = "UPDATE ".MAIN_DB_PREFIX."subscription SET fk_bank=".$insertid;
-					$sql .= " WHERE rowid=".$subscriptionid;
+					$sql = "UPDATE ".MAIN_DB_PREFIX."subscription SET fk_bank=".((int) $insertid);
+					$sql .= " WHERE rowid=".((int) $subscriptionid);
 
 					dol_syslog("subscription::subscription", LOG_DEBUG);
 					$resql = $this->db->query($sql);

htdocs/adherents/class/adherent_type.class.php

@@ -365,7 +365,7 @@ class AdherentType extends CommonObject
 		$sql .= "note = '".$this->db->escape($this->note)."',";
 		$sql .= "vote = ".(integer) $this->db->escape($this->vote).",";
 		$sql .= "mail_valid = '".$this->db->escape($this->mail_valid)."'";
-		$sql .= " WHERE rowid =".$this->id;
+		$sql .= " WHERE rowid =".((int) $this->id);
 
 		$result = $this->db->query($sql);
 		if ($result) {

htdocs/adherents/class/subscription.class.php

@@ -217,7 +217,7 @@ class Subscription extends CommonObject
 		$sql .= " datef,";
 		$sql .= " subscription, note, fk_bank";
 		$sql .= " FROM ".MAIN_DB_PREFIX."subscription";
-		$sql .= "	WHERE rowid=".$rowid;
+		$sql .= "	WHERE rowid=".((int) $rowid);
 
 		dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
 		$resql = $this->db->query($sql);

htdocs/adherents/list.php

@@ -318,7 +318,7 @@ if ($sall) {
 	$sql .= natural_search(array_keys($fieldstosearchall), $sall);
 }
 if ($search_type > 0) {
-	$sql .= " AND t.rowid=".$db->escape($search_type);
+	$sql .= " AND t.rowid=".((int) $search_type);
 }
 if ($search_filter == 'withoutsubscription') {
 	$sql .= " AND (datefin IS NULL OR t.subscription = 0)";

htdocs/adherents/subscription.php

@@ -677,7 +677,7 @@ if ($rowid > 0) {
 		$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d, ".MAIN_DB_PREFIX."subscription as c";
 		$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank as b ON c.fk_bank = b.rowid";
 		$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON b.fk_account = ba.rowid";
-		$sql .= " WHERE d.rowid = c.fk_adherent AND d.rowid=".$rowid;
+		$sql .= " WHERE d.rowid = c.fk_adherent AND d.rowid=".((int) $rowid);
 		$sql .= $db->order($sortfield, $sortorder);
 
 		$result = $db->query($sql);

htdocs/adherents/subscription/list.php

@@ -170,7 +170,7 @@ if (isset($date_select) && $date_select != '') {
 }
 if ($search_ref) {
 	if (is_numeric($search_ref)) {
-		$sql .= " AND (c.rowid = ".$db->escape($search_ref).")";
+		$sql .= " AND c.rowid = ".((int) $search_ref);
 	} else {
 		$sql .= " AND 1 = 2"; // Always wrong
 	}

htdocs/adherents/type.php

@@ -500,7 +500,7 @@ if ($rowid > 0) {
 		$sql .= " FROM ".MAIN_DB_PREFIX."adherent as d, ".MAIN_DB_PREFIX."adherent_type as t";
 		$sql .= " WHERE d.fk_adherent_type = t.rowid ";
 		$sql .= " AND d.entity IN (".getEntity('adherent').")";
-		$sql .= " AND t.rowid = ".$object->id;
+		$sql .= " AND t.rowid = ".((int) $object->id);
 		if ($sall) {
 			$sql .= natural_search(array("f.firstname", "d.lastname", "d.societe", "d.email", "d.login", "d.address", "d.town", "d.note_public", "d.note_private"), $sall);
 		}

htdocs/admin/boxes.php

@@ -156,7 +156,7 @@ if ($action == 'delete') {
 
 		$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes";
 		$sql .= " WHERE entity = ".$conf->entity;
-		$sql .= " AND box_id=".$obj->box_id;
+		$sql .= " AND box_id=".((int) $obj->box_id);
 
 		$resql = $db->query($sql);
 
@@ -255,7 +255,7 @@ if ($resql) {
 		// We renumber the order of the boxes if one of them is in ''
 		// This occurs just after an insert.
 		if ($decalage) {
-			$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($decalage)."' WHERE rowid=".$obj->rowid;
+			$sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($decalage)."' WHERE rowid=".((int) $obj->rowid);
 			$db->query($sql);
 		}
 	}

htdocs/admin/dict.php

@@ -1151,7 +1151,7 @@ if ($id) {
 		$sql .= " WHERE 1 = 1";
 	}
 	if ($search_country_id > 0) {
-		$sql .= " AND c.rowid = ".$search_country_id;
+		$sql .= " AND c.rowid = ".((int) $search_country_id);
 	}
 	if ($search_code != '' && $id == 9) {
 		$sql .= natural_search("code_iso", $search_code);

htdocs/admin/external_rss.php

@@ -136,7 +136,7 @@ if (GETPOST("delete")) {
 
 				$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes";
 				$sql .= " WHERE entity = ".$conf->entity;
-				$sql .= " AND box_id = ".$obj->rowid;
+				$sql .= " AND box_id = ".((int) $obj->rowid);
 				$resql = $db->query($sql);
 
 				$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def";

htdocs/admin/security.php

@@ -71,7 +71,7 @@ if ($action == 'activate_encrypt') {
 			if (dol_hash($obj->pass)) {
 				$sql = "UPDATE ".MAIN_DB_PREFIX."user";
 				$sql .= " SET pass_crypted = '".dol_hash($obj->pass)."', pass = NULL";
-				$sql .= " WHERE rowid=".$obj->rowid;
+				$sql .= " WHERE rowid=".((int) $obj->rowid);
 				//print $sql;
 
 				$resql2 = $db->query($sql);

htdocs/asset/class/asset_type.class.php

@@ -188,7 +188,7 @@ class AssetType extends CommonObject
 		$sql .= "accountancy_code_depreciation_asset = '".$this->db->escape($this->accountancy_code_depreciation_asset)."',";
 		$sql .= "accountancy_code_depreciation_expense = '".$this->db->escape($this->accountancy_code_depreciation_expense)."',";
 		$sql .= "note = '".$this->db->escape($this->note)."'";
-		$sql .= " WHERE rowid =".$this->id;
+		$sql .= " WHERE rowid = ".((int) $this->id);
 
 		$result = $this->db->query($sql);
 		if ($result) {

htdocs/blockedlog/class/authority.class.php

@@ -148,7 +148,7 @@ class BlockedLogAuthority
 
 		global $langs;
 
-		dol_syslog(get_class($this)."::fetch id=".$id, LOG_DEBUG);
+		dol_syslog(get_class($this)."::fetch id=".((int) $id), LOG_DEBUG);
 
 		if (empty($id) && empty($signature)) {
 			$this->error = 'BadParameter';

htdocs/bookmarks/class/bookmark.class.php

@@ -219,7 +219,7 @@ class Bookmark extends CommonObject
 		$sql .= " ,title = '".$this->db->escape($this->title)."'";
 		$sql .= " ,favicon = '".$this->db->escape($this->favicon)."'";
 		$sql .= " ,position = ".(int) $this->position;
-		$sql .= " WHERE rowid = ".$this->id;
+		$sql .= " WHERE rowid = ".((int) $this->id);
 
 		dol_syslog("Bookmark::update", LOG_DEBUG);
 		if ($this->db->query($sql)) {

htdocs/categories/class/categorie.class.php

@@ -1470,7 +1470,7 @@ class Categorie extends CommonObject
 			// Load bank categories
 			$sql = "SELECT c.label, c.rowid";
 			$sql .= " FROM ".MAIN_DB_PREFIX."bank_class as a, ".MAIN_DB_PREFIX."bank_categ as c";
-			$sql .= " WHERE a.lineid=".$id." AND a.fk_categ = c.rowid";
+			$sql .= " WHERE a.lineid=".((int) $id)." AND a.fk_categ = c.rowid";
 			$sql .= " AND c.entity IN (".getEntity('category').")";
 			$sql .= " ORDER BY c.label";
 

htdocs/comm/action/class/actioncomm.class.php

@@ -2436,7 +2436,7 @@ class ActionComm extends CommonObject
 
 		$sql = "UPDATE ".MAIN_DB_PREFIX."actioncomm ";
 		$sql .= " SET percent = ".(int) $percent;
-		$sql .= " WHERE id=".$id;
+		$sql .= " WHERE id = ".((int) $id);
 
 		if ($this->db->query($sql)) {
 			$this->db->commit();

htdocs/comm/action/index.php

@@ -720,7 +720,7 @@ if ($action == 'show_day') {
 	$sql .= ')';
 }
 if ($type) {
-	$sql .= " AND ca.id = ".$type;
+	$sql .= " AND ca.id = ".((int) $type);
 }
 if ($status == '0') {
 	$sql .= " AND a.percent = 0";

htdocs/comm/action/pertype.php

@@ -592,7 +592,7 @@ if ($action == 'show_day') {
 	$sql .= ')';
 }
 if ($type) {
-	$sql .= " AND ca.id = ".$type;
+	$sql .= " AND ca.id = ".((int) $type);
 }
 if ($status == '0') {
 	$sql .= " AND a.percent = 0";

htdocs/comm/action/peruser.php

@@ -613,7 +613,7 @@ if ($action == 'show_day') {
 	$sql .= ')';
 }
 if ($type) {
-	$sql .= " AND ca.id = ".$type;
+	$sql .= " AND ca.id = ".((int) $type);
 }
 if ($status == '0') {
 	$sql .= " AND a.percent = 0";

htdocs/comm/index.php

@@ -219,7 +219,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
 		$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 	}
 	if ($socid) {
-		$sql .= " AND s.rowid = ".$socid;
+		$sql .= " AND s.rowid = ".((int) $socid);
 	}
 
 	$resql = $db->query($sql);
@@ -605,7 +605,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S
 		$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 	}
 	if ($socid) {
-		$sql .= " AND s.rowid = ".$socid;
+		$sql .= " AND s.rowid = ".((int) $socid);
 	}
 	$sql .= " ORDER BY s.datec DESC";
 	$sql .= $db->plimit($max, 0);
@@ -711,7 +711,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T
 		$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 	}
 	if ($socid) {
-		$sql .= " AND s.rowid = ".$socid;
+		$sql .= " AND s.rowid = ".((int) $socid);
 	}
 	$sql .= " ORDER BY c.tms DESC";
 	$sql .= $db->plimit($max + 1, 0);
@@ -786,7 +786,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
 		$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 	}
 	if ($socid) {
-		$sql .= " AND s.rowid = ".$socid;
+		$sql .= " AND s.rowid = ".((int) $socid);
 	}
 	$sql .= " ORDER BY p.rowid DESC";
 
@@ -902,7 +902,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
 		$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 	}
 	if ($socid) {
-		$sql .= " AND s.rowid = ".$socid;
+		$sql .= " AND s.rowid = ".((int) $socid);
 	}
 	$sql .= " ORDER BY c.rowid DESC";
 

htdocs/comm/mailing/advtargetemailing.php

@@ -379,7 +379,7 @@ if ($action == 'deletefilter') {
 
 if ($action == 'delete') {
 	// Ici, rowid indique le destinataire et id le mailing
-	$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid=".$rowid;
+	$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid = ".((int) $rowid);
 	$resql = $db->query($sql);
 	if ($resql) {
 		if (!empty($id)) {

htdocs/comm/mailing/cibles.php

@@ -167,7 +167,7 @@ if (GETPOST('exportcsv', 'int')) {
 
 if ($action == 'delete') {
 	// Ici, rowid indique le destinataire et id le mailing
-	$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid=".$rowid;
+	$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid = ".((int) $rowid);
 	$resql = $db->query($sql);
 	if ($resql) {
 		if (!empty($id)) {

htdocs/comm/propal/class/propal.class.php

@@ -1477,7 +1477,7 @@ class Propal extends CommonObject
 			$sql .= " WHERE p.entity IN (".getEntity('propal').")"; // Dont't use entity if you use rowid
 			$sql .= " AND p.ref='".$this->db->escape($ref)."'";
 		} else {
-			$sql .= " WHERE p.rowid=".$rowid;
+			$sql .= " WHERE p.rowid = ".((int) $rowid);
 		}
 
 		dol_syslog(get_class($this)."::fetch", LOG_DEBUG);

htdocs/comm/prospect/index.php

@@ -194,7 +194,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) {
 		$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 	}
 	if ($socid) {
-		$sql .= " AND s.rowid = ".$socid;
+		$sql .= " AND s.rowid = ".((int) $socid);
 	}
 	$sql .= " ORDER BY p.rowid DESC";
 	$sql .= $db->plimit(5, 0);

htdocs/commande/class/commande.class.php

@@ -1807,7 +1807,7 @@ class Commande extends CommonOrder
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON c.fk_incoterms = i.rowid';
 
 		if ($id) {
-			$sql .= " WHERE c.rowid=".$id;
+			$sql .= " WHERE c.rowid=".((int) $id);
 		} else {
 			$sql .= " WHERE c.entity IN (".getEntity('commande').")"; // Dont't use entity if you use rowid
 		}
@@ -2687,7 +2687,7 @@ class Commande extends CommonOrder
 			$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 		}
 		if ($socid) {
-			$sql .= " AND s.rowid = ".$socid;
+			$sql .= " AND s.rowid = ".((int) $socid);
 		}
 		if ($draft) {
 			$sql .= " AND c.fk_statut = ".self::STATUS_DRAFT;

htdocs/commande/customer.php

@@ -105,7 +105,7 @@ if (dol_strlen($begin)) {
 	$sql .= " AND s.nom like '".$db->escape($begin)."'";
 }
 if ($socid > 0) {
-	$sql .= " AND s.rowid = ".$socid;
+	$sql .= " AND s.rowid = ".((int) $socid);
 }
 $sql .= " AND c.fk_statut in (1, 2) AND c.facture = 0";
 $sql .= " GROUP BY s.nom";

htdocs/compta/bank/class/account.class.php

@@ -509,6 +509,7 @@ class Account extends CommonObject
 		}
 
 		// Clean parameters
+		$label =
 		$emetteur = trim($emetteur);
 		$banque = trim($banque);
 
@@ -516,7 +517,7 @@ class Account extends CommonObject
 
 		if (is_numeric($oper)) {    // Clean operation to have a code instead of a rowid
 			$sql = "SELECT code FROM ".MAIN_DB_PREFIX."c_paiement";
-			$sql .= " WHERE id=".$oper;
+			$sql .= " WHERE id = ".((int) $oper);
 			$sql .= " AND entity IN (".getEntity('c_paiement').")";
 			$resql = $this->db->query($sql);
 			if ($resql) {
@@ -1223,7 +1224,7 @@ class Account extends CommonObject
 		$sql .= " AND (ba.rappro = 1 AND ba.courant != 2)"; // Compte rapprochable
 		$sql .= " AND clos = 0";
 		if ($filteraccountid) {
-			$sql .= " AND ba.rowid = ".$filteraccountid;
+			$sql .= " AND ba.rowid = ".((int) $filteraccountid);
 		}
 
 		$resql = $this->db->query($sql);
@@ -1278,7 +1279,7 @@ class Account extends CommonObject
 		$sql .= " AND (ba.rappro = 1 AND ba.courant != 2)"; // Compte rapprochable
 		$sql .= " AND clos = 0";
 		if ($filteraccountid) {
-			$sql .= " AND ba.rowid = ".$filteraccountid;
+			$sql .= " AND ba.rowid = ".((int) $filteraccountid);
 		}
 
 		$resql = $this->db->query($sql);

htdocs/compta/bank/line.php

@@ -268,7 +268,7 @@ $sql = "SELECT b.rowid,b.dateo as do,b.datev as dv, b.amount, b.label, b.rappro,
 $sql .= " b.num_releve, b.fk_user_author, b.num_chq, b.fk_type, b.fk_account, b.fk_bordereau as receiptid,";
 $sql .= " b.emetteur,b.banque";
 $sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
-$sql .= " WHERE rowid=".$rowid;
+$sql .= " WHERE rowid=".((int) $rowid);
 $sql .= " ORDER BY dateo ASC";
 $result = $db->query($sql);
 if ($result) {

htdocs/compta/cashcontrol/report.php

@@ -342,7 +342,7 @@ if ($resql) {
 	$sql .= "SET";
 	$sql .= " cash='".$db->escape($cash)."'";
 	$sql .= ", card='".$db->escape($bank)."'";
-	$sql .= " where rowid=".$id;
+	$sql .= " where rowid = ".((int) $id);
 	$db->query($sql);
 	*/
 

htdocs/compta/clients.php

@@ -127,7 +127,7 @@ if (dol_strlen($begin)) {
 	$sql .= natural_search("s.nom", $begin);
 }
 if ($socid) {
-	$sql .= " AND s.rowid = ".$socid;
+	$sql .= " AND s.rowid = ".((int) $socid);
 }
 $sql .= " ORDER BY $sortfield $sortorder ";
 $sql .= $db->plimit($conf->liste_limit + 1, $offset);

htdocs/compta/facture/class/facture.class.php

@@ -1604,7 +1604,7 @@ class Facture extends CommonInvoice
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON f.fk_incoterms = i.rowid';
 
 		if ($rowid) {
-			$sql .= " WHERE f.rowid=".$rowid;
+			$sql .= " WHERE f.rowid=".((int) $rowid);
 		} else {
 			$sql .= ' WHERE f.entity IN ('.getEntity('invoice').')'; // Dont't use entity if you use rowid
 			if ($ref) {

htdocs/compta/prelevement/class/bonprelevement.class.php

@@ -290,7 +290,7 @@ class BonPrelevement extends CommonObject
 		$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons as p";
 		$sql .= " WHERE p.entity IN (".getEntity('invoice').")";
 		if ($rowid > 0) {
-			$sql .= " AND p.rowid = ".$rowid;
+			$sql .= " AND p.rowid = ".((int) $rowid);
 		} else {
 			$sql .= " AND p.ref = '".$this->db->escape($ref)."'";
 		}

htdocs/compta/prelevement/class/ligneprelevement.class.php

@@ -79,7 +79,7 @@ class LignePrelevement
 		$sql .= ", pl.statut, pl.fk_soc";
 		$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes as pl";
 		$sql .= ", ".MAIN_DB_PREFIX."prelevement_bons as p";
-		$sql .= " WHERE pl.rowid=".$rowid;
+		$sql .= " WHERE pl.rowid=".((int) $rowid);
 		$sql .= " AND p.rowid = pl.fk_prelevement_bons";
 		$sql .= " AND p.entity = ".$conf->entity;
 

htdocs/compta/prelevement/list.php

@@ -125,7 +125,7 @@ if ($type == 'bank-transfer') {
 $sql .= " AND f.fk_soc = s.rowid";
 $sql .= " AND f.entity IN (".getEntity('invoice').")";
 if ($socid) {
-	$sql .= " AND s.rowid = ".$socid;
+	$sql .= " AND s.rowid = ".((int) $socid);
 }
 if ($search_line) {
 	$sql .= " AND pl.rowid = '".$db->escape($search_line)."'";

htdocs/compta/prelevement/rejets.php

@@ -99,7 +99,7 @@ if ($type == 'bank-transfer') {
 	$sql .= " AND p.type = 'debit-order'";
 }
 if ($socid) {
-	$sql .= " AND s.rowid = ".$socid;
+	$sql .= " AND s.rowid = ".((int) $socid);
 }
 $sql .= $db->order($sortfield, $sortorder);
 $sql .= $db->plimit($limit + 1, $offset);

htdocs/compta/sociales/class/chargesociales.class.php

@@ -147,7 +147,7 @@ class ChargeSociales extends CommonObject
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as p ON cs.fk_mode_reglement = p.id';
 		$sql .= ' WHERE cs.entity IN ('.getEntity('tax').')';
 		if ($ref) {
-			$sql .= " AND cs.rowid = ".$ref;
+			$sql .= " AND cs.ref = '".$this->db->escape($ref)."'";
 		} else {
 			$sql .= " AND cs.rowid = ".((int) $id);
 		}

htdocs/compta/sociales/list.php

@@ -195,7 +195,7 @@ $sql .= " WHERE cs.fk_type = c.id";
 $sql .= " AND cs.entity = ".$conf->entity;
 // Search criteria
 if ($search_ref) {
-	$sql .= " AND cs.rowid=".$db->escape($search_ref);
+	$sql .= " AND cs.ref = '".$db->escape($search_ref)."'";
 }
 if ($search_label) {
 	$sql .= natural_search("cs.libelle", $search_label);

htdocs/contact/list.php

@@ -513,7 +513,7 @@ if ($type == "o") {        // filtre sur type
 	$sql .= " AND s.client IN (2, 3)";
 }
 if (!empty($socid)) {
-	$sql .= " AND s.rowid = ".$socid;
+	$sql .= " AND s.rowid = ".((int) $socid);
 }
 // Add where from extra fields
 include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php';

htdocs/contrat/index.php

@@ -323,11 +323,11 @@ if (!$user->rights->societe->client->voir && !$socid) {
 	$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 }
 if ($socid) {
-	$sql .= " AND s.rowid = ".$socid;
+	$sql .= " AND s.rowid = ".((int) $socid);
 }
 $sql .= " GROUP BY c.rowid, c.ref, c.datec, c.tms, c.statut, s.nom, s.rowid";
 $sql .= " ORDER BY c.tms DESC";
-$sql .= " LIMIT ".$max;
+$sql .= $db->plimit($max);
 
 dol_syslog("contrat/index.php", LOG_DEBUG);
 $result = $db->query($sql);
@@ -398,7 +398,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
 	$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 }
 if ($socid) {
-	$sql .= " AND s.rowid = ".$socid;
+	$sql .= " AND s.rowid = ".((int) $socid);
 }
 $sql .= " ORDER BY cd.tms DESC";
 
@@ -480,7 +480,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
 	$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 }
 if ($socid) {
-	$sql .= " AND s.rowid = ".$socid;
+	$sql .= " AND s.rowid = ".((int) $socid);
 }
 $sql .= " ORDER BY cd.tms DESC";
 
@@ -562,7 +562,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
 	$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 }
 if ($socid) {
-	$sql .= " AND s.rowid = ".$socid;
+	$sql .= " AND s.rowid = ".((int) $socid);
 }
 $sql .= " ORDER BY cd.tms DESC";
 

htdocs/contrat/services_list.php

@@ -288,7 +288,7 @@ if ($search_service) {
 	$sql .= " AND (p.ref LIKE '%".$db->escape($search_service)."%' OR p.description LIKE '%".$db->escape($search_service)."%' OR cd.description LIKE '%".$db->escape($search_service)."%')";
 }
 if ($socid > 0) {
-	$sql .= " AND s.rowid = ".$socid;
+	$sql .= " AND s.rowid = ".((int) $socid);
 }
 
 $filter_dateouvertureprevue_start = dol_mktime(0, 0, 0, $opouvertureprevuemonth, $opouvertureprevueday, $opouvertureprevueyear);

htdocs/core/class/commoninvoice.class.php

@@ -604,10 +604,10 @@ abstract class CommonInvoice extends CommonObject
 		$sqltemp = 'SELECT c.type_cdr, c.nbjour, c.decalage';
 		$sqltemp .= ' FROM '.MAIN_DB_PREFIX.'c_payment_term as c';
 		if (is_numeric($cond_reglement)) {
-			$sqltemp .= " WHERE c.rowid=".$cond_reglement;
+			$sqltemp .= " WHERE c.rowid=".((int) $cond_reglement);
 		} else {
 			$sqltemp .= " WHERE c.entity IN (".getEntity('c_payment_term').")";
-			$sqltemp .= " AND c.code='".$this->db->escape($cond_reglement)."'";
+			$sqltemp .= " AND c.code = '".$this->db->escape($cond_reglement)."'";
 		}
 
 		dol_syslog(get_class($this).'::calculate_date_lim_reglement', LOG_DEBUG);

htdocs/core/class/commonobject.class.php

@@ -3969,7 +3969,7 @@ abstract class CommonObject
 			$sql = "DELETE FROM " . MAIN_DB_PREFIX . "element_element";
 			$sql .= " WHERE";
 			if ($rowid > 0) {
-				$sql .= " rowid = " . $rowid;
+				$sql .= " rowid = " . ((int) $rowid);
 			} else {
 				if ($deletesource) {
 					$sql .= " fk_source = " . $sourceid . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'";
@@ -5012,7 +5012,7 @@ abstract class CommonObject
 		$this->db->begin();
 
 		$sql = "DELETE FROM ".MAIN_DB_PREFIX."element_resources";
-		$sql .= " WHERE rowid=".$rowid;
+		$sql .= " WHERE rowid = ".((int) $rowid);
 
 		dol_syslog(get_class($this)."::delete_resource", LOG_DEBUG);
 

htdocs/core/lib/company.lib.php

@@ -504,11 +504,11 @@ function getCountry($searchkey, $withcode = '', $dbtouse = 0, $outputlangs = '',
 
 	$sql = "SELECT rowid, code, label FROM ".MAIN_DB_PREFIX."c_country";
 	if (is_numeric($searchkey)) {
-		$sql .= " WHERE rowid=".$searchkey;
+		$sql .= " WHERE rowid = ".((int) $searchkey);
 	} elseif (!empty($searchkey)) {
-		$sql .= " WHERE code='".$db->escape($searchkey)."'";
+		$sql .= " WHERE code = '".$db->escape($searchkey)."'";
 	} else {
-		$sql .= " WHERE label='".$db->escape($searchlabel)."'";
+		$sql .= " WHERE label = '".$db->escape($searchlabel)."'";
 	}
 
 	$resql = $dbtouse->query($sql);

htdocs/core/modules/movement/doc/pdf_standard.modules.php

@@ -295,7 +295,7 @@ class pdf_stdandard extends ModelePDFMovement
 		$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON m.batch = pl.batch AND m.fk_product = pl.fk_product";
 		$sql .= " WHERE m.fk_product = p.rowid";
 		if ($msid > 0) {
-			$sql .= " AND m.rowid = ".$msid;
+			$sql .= " AND m.rowid = ".((int) $msid);
 		}
 		$sql .= " AND m.fk_entrepot = e.rowid";
 		$sql .= " AND e.entity IN (".getEntity('stock').")";

htdocs/core/website.inc.php

@@ -94,7 +94,7 @@ if ($_SERVER['PHP_SELF'] != DOL_URL_ROOT.'/website/index.php') {	// If we browsi
 		$sql = "SELECT wp.rowid, wp.lang, wp.pageurl, wp.fk_page";
 		$sql .= " FROM ".MAIN_DB_PREFIX."website_page as wp";
 		$sql .= " WHERE wp.fk_website = ".((int) $website->id);
-		$sql .= " AND (wp.fk_page = ".$pageid." OR wp.rowid  = ".$pageid;
+		$sql .= " AND (wp.fk_page = ".((int) $pageid)." OR wp.rowid  = ".((int) $pageid);
 		if (is_object($websitepage) && $websitepage->fk_page > 0) {
 			$sql .= " OR wp.fk_page = ".$websitepage->fk_page." OR wp.rowid = ".$websitepage->fk_page;
 		}

htdocs/don/class/don.class.php

@@ -612,7 +612,7 @@ class Don extends CommonObject
 		$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON d.fk_country = c.rowid";
 		$sql .= " WHERE d.entity IN (".getEntity('donation').")";
 		if (!empty($id)) {
-			$sql .= " AND d.rowid=".$id;
+			$sql .= " AND d.rowid=".((int) $id);
 		} elseif (!empty($ref)) {
 			$sql .= " AND d.ref='".$this->db->escape($ref)."'";
 		}

htdocs/expedition/class/expedition.class.php

@@ -545,7 +545,7 @@ class Expedition extends CommonObject
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_shipment_mode as s ON e.fk_shipping_method = s.rowid';
 		$sql .= " WHERE e.entity IN (".getEntity('expedition').")";
 		if ($id) {
-			$sql .= " AND e.rowid=".$id;
+			$sql .= " AND e.rowid = ".((int) $id);
 		}
 		if ($ref) {
 			$sql .= " AND e.ref='".$this->db->escape($ref)."'";
@@ -2033,7 +2033,7 @@ class Expedition extends CommonObject
 		$sql = "SELECT em.rowid, em.code, em.libelle as label, em.description, em.tracking, em.active";
 		$sql .= " FROM ".MAIN_DB_PREFIX."c_shipment_mode as em";
 		if ($id != '') {
-			$sql .= " WHERE em.rowid=".$id;
+			$sql .= " WHERE em.rowid=".((int) $id);
 		}
 
 		$resql = $this->db->query($sql);
@@ -2072,7 +2072,7 @@ class Expedition extends CommonObject
 			$sql .= ",libelle='".$this->db->escape($this->update['libelle'])."'";
 			$sql .= ",description='".$this->db->escape($this->update['description'])."'";
 			$sql .= ",tracking='".$this->db->escape($this->update['tracking'])."'";
-			$sql .= " WHERE rowid=".$id;
+			$sql .= " WHERE rowid=".((int) $id);
 			$resql = $this->db->query($sql);
 		}
 		if ($resql < 0) {
@@ -2952,7 +2952,7 @@ class ExpeditionLigne extends CommonObjectLine
 					// delete lot expedition line
 					$sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet_batch";
 					$sql .= " WHERE fk_expeditiondet = ".$this->id;
-					$sql .= " AND rowid = ".$expedition_batch_id;
+					$sql .= " AND rowid = ".((int) $expedition_batch_id);
 
 					if (!$this->db->query($sql)) {
 						$this->errors[] = $this->db->lasterror()." - sql=$sql";

htdocs/fichinter/card-rec.php

@@ -771,7 +771,7 @@ if ($action == 'create') {
 		$sql .= " WHERE f.fk_soc = s.rowid";
 		$sql .= " AND f.entity = ".$conf->entity;
 		if ($socid) {
-			$sql .= " AND s.rowid = ".$socid;
+			$sql .= " AND s.rowid = ".((int) $socid);
 		}
 		if (!$user->rights->societe->client->voir && !$socid) {
 			$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;

htdocs/fichinter/class/fichinter.class.php

@@ -432,7 +432,7 @@ class Fichinter extends CommonObject
 			$sql .= " WHERE f.entity IN (".getEntity('intervention').")";
 			$sql .= " AND f.ref='".$this->db->escape($ref)."'";
 		} else {
-			$sql .= " WHERE f.rowid=".$rowid;
+			$sql .= " WHERE f.rowid=".((int) $rowid);
 		}
 
 		dol_syslog(get_class($this)."::fetch", LOG_DEBUG);

htdocs/fichinter/list.php

@@ -282,7 +282,7 @@ if (!$user->rights->societe->client->voir && empty($socid)) {
 	$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 }
 if ($socid) {
-	$sql .= " AND s.rowid = ".$socid;
+	$sql .= " AND s.rowid = ".((int) $socid);
 }
 if ($sall) {
 	$sql .= natural_search(array_keys($fieldstosearchall), $sall);

htdocs/fourn/class/fournisseur.commande.class.php

@@ -331,7 +331,7 @@ class CommandeFournisseur extends CommonOrder
 		if (empty($id)) {
 			$sql .= " WHERE c.entity IN (".getEntity('supplier_order').")";
 		} else {
-			$sql .= " WHERE c.rowid=".$id;
+			$sql .= " WHERE c.rowid=".((int) $id);
 		}
 
 		if ($ref) {

htdocs/loan/list.php

@@ -113,7 +113,7 @@ if ($search_amount) {
 	$sql .= natural_search("l.capital", $search_amount, 1);
 }
 if ($search_ref) {
-	$sql .= " AND l.rowid = ".$db->escape($search_ref);
+	$sql .= " AND l.rowid = ".((int) $search_ref);
 }
 if ($search_label) {
 	$sql .= natural_search("l.label", $search_label);

htdocs/mrp/mo_movements.php

@@ -441,7 +441,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
 	$sql .= " WHERE m.fk_product = p.rowid";
 	$sql .= " AND m.origintype = 'mo' AND m.fk_origin = ".(int) $object->id;
 	if ($msid > 0) {
-		$sql .= " AND m.rowid = ".$msid;
+		$sql .= " AND m.rowid = ".((int) $msid);
 	}
 	$sql .= " AND m.fk_entrepot = e.rowid";
 	$sql .= " AND e.entity IN (".getEntity('stock').")";

htdocs/product/class/product.class.php

@@ -1679,11 +1679,11 @@ class Product extends CommonObject
 	{
 		// phpcs:enable
 		$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty";
-		$sql .= " WHERE fk_product_price=".$rowid;
+		$sql .= " WHERE fk_product_price=".((int) $rowid);
 		$resql = $this->db->query($sql);
 
 		$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price";
-		$sql .= " WHERE rowid=".$rowid;
+		$sql .= " WHERE rowid=".((int) $rowid);
 		$resql = $this->db->query($sql);
 		if ($resql) {
 			return 1;

htdocs/product/stock/stockatdate.php

@@ -266,7 +266,7 @@ $reshook = $hookmanager->executeHooks('printFieldListJoin', $parameters); // Not
 $sql .= $hookmanager->resPrint;
 $sql .= ' WHERE p.entity IN ('.getEntity('product').')';
 if ($productid > 0) {
-	$sql .= " AND p.rowid = ".$productid;
+	$sql .= " AND p.rowid = ".((int) $productid);
 }
 if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) {
 	$sql .= " AND p.fk_product_type = 0";

htdocs/projet/list.php

@@ -424,7 +424,7 @@ if ($search_public != '') {
 	$sql .= " AND p.public = ".$db->escape($search_public);
 }
 // For external user, no check is done on company permission because readability is managed by public status of project and assignement.
-//if ($socid > 0) $sql.= " AND s.rowid = ".$socid;
+//if ($socid > 0) $sql.= " AND s.rowid = ".((int) $socid);
 if ($search_sale > 0) {
 	$sql .= " AND sc.fk_user = ".((int) $search_sale);
 }

htdocs/reception/class/reception.class.php

@@ -384,7 +384,7 @@ class Reception extends CommonObject
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON e.fk_incoterms = i.rowid';
 		$sql .= " WHERE e.entity IN (".getEntity('reception').")";
 		if ($id) {
-			$sql .= " AND e.rowid=".$id;
+			$sql .= " AND e.rowid=".((int) $id);
 		}
 		if ($ref) {
 			$sql .= " AND e.ref='".$this->db->escape($ref)."'";
@@ -1356,7 +1356,7 @@ class Reception extends CommonObject
 			$sql .= ",libelle='".$this->db->escape($this->update['libelle'])."'";
 			$sql .= ",description='".$this->db->escape($this->update['description'])."'";
 			$sql .= ",tracking='".$this->db->escape($this->update['tracking'])."'";
-			$sql .= " WHERE rowid=".$id;
+			$sql .= " WHERE rowid=".((int) $id);
 			$resql = $this->db->query($sql);
 		}
 		if ($resql < 0) {

htdocs/societe/index.php

@@ -274,7 +274,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
 	$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 }
 if ($socid) {
-	$sql .= " AND s.rowid = ".$socid;
+	$sql .= " AND s.rowid = ".((int) $socid);
 }
 if (!$user->rights->fournisseur->lire) {
 	$sql .= " AND (s.fournisseur != 1 OR s.client != 0)";

htdocs/supplier_proposal/class/supplier_proposal.class.php

@@ -1938,7 +1938,7 @@ class SupplierProposal extends CommonObject
 			$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 		}
 		if ($socid) {
-			$sql .= " AND s.rowid = ".$socid;
+			$sql .= " AND s.rowid = ".((int) $socid);
 		}
 		if ($draft) {
 			$sql .= " AND p.fk_statut = 0";

htdocs/supplier_proposal/index.php

@@ -315,7 +315,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
 		$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
 	}
 	if ($socid) {
-		$sql .= " AND s.rowid = ".$socid;
+		$sql .= " AND s.rowid = ".((int) $socid);
 	}
 	$sql .= " ORDER BY p.rowid DESC";
 

htdocs/user/class/usergroup.class.php

@@ -504,7 +504,7 @@ class UserGroup extends CommonObject
 					}
 
 					$sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_rights";
-					$sql .= " WHERE fk_usergroup = $this->id AND fk_id=".$nid;
+					$sql .= " WHERE fk_usergroup = $this->id AND fk_id=".((int) $nid);
 					$sql .= " AND entity = ".$entity;
 					if (!$this->db->query($sql)) {
 						$error++;