Extra fields break if single quote in 'Field Name' - 68 Classifieds Forums

		68 Classifieds Forums > Project Tools > 68 Classifieds > Bug
Extra fields break if single quote in 'Field Name'

Issue Type Bug Project 68 Classifieds

Extra fields break if single quote in 'Field Name'

Issue Tools

Putting a ' in the field Name results in a SQL error

Category Admin Control Panel

Affected Version 3.1.7

Priority 4

Status Closed (Fixed)

Fixed Version (none)

Users able to reproduce bug 0

Submitted 08-22-2007

Attachments 0

Users unable to reproduce bug 0

Assigned Users (none)

Tags (none)

08-22-2007 12:00 PM

planet gundog planet gundog is offline

Junior Member

Extra fields break if single quote in 'Field Name'

Putting a ' in the field Name results in a SQL error

In a nutshell, data in the query isn't being escaped.

To reproduce:
Create a new Text Single Line field, and set the Field Name to boy's father.

Submit.

An error like the following will appear:

Code:

Notice: Query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's father', fType='S', fDefault='', fRequired='N', fSeen='Y', fSearch='Y', fGloba' at line 1 SQL: UPDATE `class_fields` SET fname='boy's father', fType='S', fDefault='', fRequired='N', fSeen='Y', fSearch='Y', fGlobal='', fRange='N',fRangeValue='0|0|0',fExtensions='' WHERE fID=2 in /var/www/foo/htdocs/includes/classes/database/mysql.php on line 135

This is using the Extra Fields patch from the download area, on 3.1.7

08-30-2007 05:29 PM

Issue Changed by suzkaw

Status changed from Unconfirmed to Closed (Fixed)

Issue Tools
Subscribe to this issue

All times are GMT -4. The time now is 04:55 PM.