Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Special characters like ' (single quote) is not handled properly
03-05-2014, 06:22 PM,
#1
Special characters like ' (single quote) is not handled properly
At many places, While inputting data it checks for special characters like single quote (') and it is entered in DB with a "/" in front of the single quote in the SQL table. But while retrieving data, the same single quote is not handled properly and it is causing SQL syntax error due to the single quote.
This caused a problem when I had entered a product description with single quote in the supplier's pricelist. This single quote was causing a problem in the sQL syntax when I was trying to reverse the GRN. I guess the single quote was not handled when the data was read back from the DB.
May be this kind of errors can be there in other pages too.
May be it is good to remove or restrict such characters which can cause errors in SQL syntax. This way the code for checking the data at multiple places can be avoided.
Reply
03-05-2014, 07:05 PM, (This post was last modified: 03-05-2014, 07:18 PM by icedlava.)
#2
RE: Special characters like ' (single quote) is not handled properly
Hi newuser990,

(03-05-2014, 06:22 PM)newuser990 Wrote: At many places, While inputting data it checks for special characters like single quote (') and it is entered in DB with a "/" in front of the single quote in the SQL table. But while retrieving data, the same single quote is not handled properly and it is causing SQL syntax error due to the single quote.
This is a known issue and it is correct, it can occur in multiple places in the code. There will be some work submitted on this - in the mean time there are some isolated fixes.
Quote: This single quote was causing a problem in the sQL syntax when I was trying to reverse the GRN. I guess the single quote was not handled when the data was read back from the DB.
This indeed is serious, and caused big issues for my client. I have provided an isolated fix in the code specific for this error for them. I will push it to the subversion repository until we have a more generalised fix for this type of thing.

Cheers,
Jo

I have pushed a fix for this problem to ReverseGRN.php to the subversion code repository.

This is really fixing a symptom of a more widespread issue but will prevent the GRN issue on reversing due to bad data.

Line 136 has been changed to:

PHP Code:
stat_comment CONCAT('" . Date($_SESSION['DefaultDateFormat']) . ' ' . _('GRN Reversed for') . ' '  .  mysql_real_escape_string(stripslashes($GRN['itemdescription'])) . ' ' . _('by') . ' ' . $_SESSION['UsersRealName'] . "<br />'stat_comment 
Reply
03-06-2014, 04:29 AM,
#3
RE: Special characters like ' (single quote) is not handled properly
Thanks Icedlava.
Appreciate the quick fix. I have made the changes and seems to be working fine.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)