Author: danydb
Date: 2011-04-25 22:35:15 +0200 (Mon, 25 Apr 2011)
New Revision: 4070
Modified:
phpcompta/trunk/include/class_fiche.php
Log:
protect sql
Modified: phpcompta/trunk/include/class_fiche.php
===================================================================
--- phpcompta/trunk/include/class_fiche.php 2011-04-12 20:28:53 UTC (rev
4069)
+++ phpcompta/trunk/include/class_fiche.php 2011-04-25 20:35:15 UTC (rev
4070)
@@ -1018,8 +1018,8 @@
function getName()
{
$sql="select ad_value from fiche_detail
- where ad_id=1 and f_id=".$this->id;
- $Res=$this->cn->exec_sql($sql);
+ where ad_id=1 and f_id=$1";
+ $Res=$this->cn->exec_sql($sql,array($this->id));
$r=Database::fetch_all($Res);
if ( sizeof($r) == 0 )
return 1;
_______________________________________________
Phpcompta-dev mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/phpcompta-dev
