s.probst/OpenXE
1
0
Fork 0
mirror of https://github.com/OpenXE-org/OpenXE.git synced 2024-11-15 04:27:14 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #150 from exciler/bugfix_shopimport

Browse Source 
Shopimport: Fix sql escaping
This commit is contained in:
OpenXE-ERP 2024-08-27 12:13:06 +02:00 committed by GitHub
commit da8e007531
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
www/lib/class.erpapi.php
View File

@ -16624,9 +16624,10 @@ function Gegenkonto($ust_befreit,$ustid='', $doctype = '', $doctypeId = 0)
$check = $this->app->DB->Select("SELECT $key FROM adresse WHERE id='$adresse' LIMIT 1"); $check = $this->app->DB->Select("SELECT $key FROM adresse WHERE id='$adresse' LIMIT 1");
if($check!=${$key}) if($check!=${$key})
{ {
$this->app->DB->Update("UPDATE adresse SET $key='".${$key}."' WHERE id='$adresse' LIMIT 1"); $val = $this->app->DB->real_escape_string(${$key});
$this->app->DB->Update("UPDATE adresse SET $key='$val' WHERE id='$adresse' LIMIT 1");
$logfile = $this->app->DB->Select("SELECT `logfile` FROM adresse WHERE id='$adresse' LIMIT 1"); $logfile = $this->app->DB->Select("SELECT `logfile` FROM adresse WHERE id='$adresse' LIMIT 1");
$this->app->DB->Update("UPDATE adresse SET `logfile`='".$logfile." Update Feld $key alt:$check neu:".${$key}.";' WHERE id='$adresse' LIMIT 1"); $this->app->DB->Update("UPDATE adresse SET `logfile`='".$logfile." Update Feld $key alt:$check neu:".$val.";' WHERE id='$adresse' LIMIT 1");
} }
} }