Skip to content
Snippets Groups Projects
Commit 2c297bbc authored by appchecker's avatar appchecker Committed by GitHub
Browse files

prevent SQLi

parent 98950846
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
htdocs/compta/bank/ligne.php
+ 2
2
View file @ 2c297bbc
......@@ -83,13 +83,13 @@ if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->ban
if ($user->rights->banque->modifier && $action == 'class')
{
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".$_POST["cat1"];
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".intval($_POST["cat1"]);
if (! $db->query($sql))
{
dol_print_error($db);
}
$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".$_POST["cat1"].")";
$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".intval($_POST["cat1"]).")";
if (! $db->query($sql))
{
dol_print_error($db);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment