[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Dolibarr-cvs] dolibarr/htdocs product.class.php
From: |
Regis Houssin |
Subject: |
[Dolibarr-cvs] dolibarr/htdocs product.class.php |
Date: |
Fri, 09 Jun 2006 07:57:53 +0000 |
CVSROOT: /cvsroot/dolibarr
Module name: dolibarr
Changes by: Regis Houssin <hregis> 06/06/09 07:57:53
Modified files:
htdocs : product.class.php
Log message:
Fix: bug #16777
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/dolibarr/htdocs/product.class.php?cvsroot=dolibarr&r1=1.113&r2=1.114
Patches:
Index: product.class.php
===================================================================
RCS file: /cvsroot/dolibarr/dolibarr/htdocs/product.class.php,v
retrieving revision 1.113
retrieving revision 1.114
diff -u -b -r1.113 -r1.114
--- product.class.php 8 Jun 2006 19:55:43 -0000 1.113
+++ product.class.php 9 Jun 2006 07:57:53 -0000 1.114
@@ -17,7 +17,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
- * $Id: product.class.php,v 1.113 2006/06/08 19:55:43 eldy Exp $
+ * $Id: product.class.php,v 1.114 2006/06/09 07:57:53 hregis Exp $
* $Source: /cvsroot/dolibarr/dolibarr/htdocs/product.class.php,v $
*/
@@ -25,7 +25,7 @@
\file htdocs/product.class.php
\ingroup produit
\brief Fichier de la classe des produits prédéfinis
- \version $Revision: 1.113 $
+ \version $Revision: 1.114 $
*/
@@ -376,17 +376,17 @@
if (mysql_num_rows($result)) // si aucune ligne
dans la base
{
$sql2 = "UPDATE
".MAIN_DB_PREFIX."product_det";
- $sql2.= " SET
label='".$this->libelle."',";
- $sql2.= "
description='".$this->description."',";
- $sql2.= " note='".$this->note."'";
+ $sql2.= " SET
label='".addslashes($this->libelle)."',";
+ $sql2.= "
description='".addslashes($this->description)."',";
+ $sql2.= "
note='".addslashes($this->note)."'";
$sql2.= " WHERE
fk_product=".$this->id." AND lang='".$value."'";
}
else
{
$sql2 = "INSERT INTO
".MAIN_DB_PREFIX."product_det (fk_product, lang, label, description, note)";
- $sql2.= "
VALUES(".$this->id.",'".$value."','". $this->libelle;
- $sql2.= "','".$this->description;
- $sql2.= "','".$this->note."')";
+ $sql2.= "
VALUES(".$this->id.",'".$value."','". addslashes($this->libelle);
+ $sql2.=
"','".addslashes($this->description);
+ $sql2.=
"','".addslashes($this->note)."')";
}
if (!$this->db->query($sql2)) return -1;
}
@@ -395,17 +395,17 @@
if (mysql_num_rows($result)) // si aucune ligne
dans la base
{
$sql2 = "UPDATE
".MAIN_DB_PREFIX."product_det";
- $sql2.= " SET
label='".$this->multilangs["$value"]["libelle"]."',";
- $sql2.= "
description='".$this->multilangs["$value"]["description"]."',";
- $sql2.= "
note='".$this->multilangs["$value"]["note"]."'";
+ $sql2.= " SET
label='".addslashes($this->multilangs["$value"]["libelle"])."',";
+ $sql2.= "
description='".addslashes($this->multilangs["$value"]["description"])."',";
+ $sql2.= "
note='".addslashes($this->multilangs["$value"]["note"])."'";
$sql2.= " WHERE
fk_product=".$this->id." AND lang='".$value."'";
}
else
{
$sql2 = "INSERT INTO
".MAIN_DB_PREFIX."product_det (fk_product, lang, label, description, note)";
- $sql2.= "
VALUES(".$this->id.",'".$value."','". $this->multilangs["$value"]["libelle"];
- $sql2.=
"','".$this->multilangs["$value"]["description"];
- $sql2.=
"','".$this->multilangs["$value"]["note"]."')";
+ $sql2.= "
VALUES(".$this->id.",'".$value."','".
addslashes($this->multilangs["$value"]["libelle"]);
+ $sql2.=
"','".addslashes($this->multilangs["$value"]["description"]);
+ $sql2.=
"','".addslashes($this->multilangs["$value"]["note"])."')";
}
// on ne sauvegarde pas des champs vides
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Dolibarr-cvs] dolibarr/htdocs product.class.php,
Regis Houssin <=