From 7acbf1dd92112dfbdfdc6228ac4e8f0660531a90 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?=
 <marcosgdf@gmail.com>
Date: Sun, 10 Apr 2016 01:00:27 +0200
Subject: [PATCH] FIX #4874 SQL error when listing users

Close #4874
---
 htdocs/user/index.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/htdocs/user/index.php b/htdocs/user/index.php
index 8710dc87e04..3d787762a8c 100644
--- a/htdocs/user/index.php
+++ b/htdocs/user/index.php
@@ -3,6 +3,7 @@
  * Copyright (C) 2004-2015 Laurent Destailleur  <eldy@users.sourceforge.net>
  * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
  * Copyright (C) 2015      Alexandre Spangaro   <aspangaro.dolibarr@gmail.com>
+ * Copyright (C) 2016      Marcos GarcĂ­a        <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -201,7 +202,9 @@ if ($search_login != '')      $sql.= natural_search("u.login", $search_login);
 if ($search_lastname != '')   $sql.= natural_search("u.lastname", $search_lastname);
 if ($search_firstname != '')  $sql.= natural_search("u.firstname", $search_firstname);
 if ($search_gender != '' && $search_gender != '-1')     $sql.= " AND u.gender = '".$search_gender."'";
-if ($search_employee >= 0)    $sql.= natural_search("u.employee", $search_employee);
+if (is_numeric($search_employee) && $search_employee >= 0)    {
+	$sql .= ' AND u.employee = '.(int) $search_employee;
+}
 if ($search_accountancy_code != '')  $sql.= natural_search("u.accountancy_code", $search_accountancy_code);
 if ($search_email != '')  $sql.= natural_search("u.email", $search_email);
 if ($search_statut != '' && $search_statut >= 0) $sql.= " AND (u.statut=".$search_statut.")";
-- 
GitLab