diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 8e618ba0eee1f466c01a0e6b99776649fdd248ab..b69818bbdb124a7bf5fa589b82487f9a8b93a1b6 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -911,8 +911,8 @@ class CommandeFournisseur extends CommonOrder $sql.= " VALUES ("; $sql.= "''"; $sql.= ", '".$this->ref_supplier."'"; - $sql.= ", '".$this->note_private."'"; - $sql.= ", '".$this->note_public."'"; + $sql.= ", '".$this->db->escape($this->note_private)."'"; + $sql.= ", '".$this->db->escape($this->note_public)."'"; $sql.= ", ".$conf->entity; $sql.= ", ".$this->socid; $sql.= ", '".$this->db->idate($now)."'";