diff --git a/ChangeLog b/ChangeLog
index ace6a13363d7ba3b24b51a908ab8049dd929581e..ab0f89efd605659d8b8c19328ee603db167fcf33 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,7 @@ English Dolibarr ChangeLog
- Fix: [ bug #1717 ] Sorting unpaid invoices by amount received brings due amount
- Fix: [ bug #1784 ] MOTD doesn't show up in Amarok theme
- Fix: Tracking number not visible on shipment pdf
+- Fix: [ bug #1819 ] SQL error when searching for an invoice payment
***** ChangeLog for 3.6.2 compared to 3.6.1 *****
- Fix: fix ErrorBadValueForParamNotAString error message in price customer multiprice.
diff --git a/htdocs/compta/paiement/liste.php b/htdocs/compta/paiement/liste.php
index 6e3e1bc54ff39078b8ec128ab3a0424d0b4fd80f..26f5c6eb5da06f036c5495b9bc190e2e2b798a4c 100644
--- a/htdocs/compta/paiement/liste.php
+++ b/htdocs/compta/paiement/liste.php
@@ -3,6 +3,7 @@
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (C) 2013 Cédric Salvador <csalvador@gpcsolutions.fr>
+ * Copyright (C) 2015 Marcos García <marcosgdf@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -53,6 +54,8 @@ $limit = $conf->liste_limit;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="p.rowid";
+$search_ref = GETPOST("search_ref",'int');
+$search_account = GETPOST("search_account",'int');
@@ -109,11 +112,13 @@ else
if ($userid == -1) $sql.= " AND f.fk_user_author IS NULL";
else $sql.= " AND f.fk_user_author = ".$userid;
}
+
+
// Search criteria
- if (GETPOST("search_ref")) $sql .=" AND p.rowid=".GETPOST("search_ref",'int');
- if (GETPOST("search_account") > 0) $sql .=" AND b.fk_account=".GETPOST("search_account",'int');
- if (GETPOST("search_paymenttype") != "") $sql .=" AND c.code='".GETPOST("search_paymenttype")."'";
- if (GETPOST("search_amount")) $sql .=" AND p.amount=".price2num(GETPOST("search_amount"));
+ if ($search_ref) $sql .=" AND p.rowid=".$search_ref;
+ if ($search_account > 0) $sql .=" AND b.fk_account=".$search_account;
+ if (GETPOST("search_paymenttype") != "") $sql .=" AND c.code='".$db->escape(GETPOST("search_paymenttype"))."'";
+ if (GETPOST("search_amount")) $sql .=" AND p.amount='".$db->escape(price2num(GETPOST("search_amount")))."'";
if (GETPOST("search_company")) $sql .= natural_search('s.nom', GETPOST('search_company'));
}
$sql.= $db->order($sortfield,$sortorder);
@@ -129,7 +134,7 @@ if ($resql)
$paramlist='';
$paramlist.=(GETPOST("orphelins")?"&orphelins=1":"");
- $paramlist.=($_REQUEST["search_ref"]?"&search_ref=".$_REQUEST["search_ref"]:"");
+ $paramlist.=($search_ref?"&search_ref=".$search_ref:"");
$paramlist.=($_REQUEST["search_company"]?"&search_company=".$_REQUEST["search_company"]:"");
$paramlist.=($_REQUEST["search_amount"]?"&search_amount=".$_REQUEST["search_amount"]:"");
@@ -154,7 +159,7 @@ if ($resql)
// Lines for filters fields
print '<tr class="liste_titre">';
print '<td align="left">';
- print '<input class="fat" type="text" size="4" name="search_ref" value="'.$_REQUEST["search_ref"].'">';
+ print '<input class="fat" type="text" size="4" name="search_ref" value="'.$search_ref.'">';
print '</td>';
print '<td> </td>';
print '<td align="left">';