Hi newuser990,
(03-05-2014, 06:22 PM)newuser990 Wrote: At many places, While inputting data it checks for special characters like single quote (') and it is entered in DB with a "/" in front of the single quote in the SQL table. But while retrieving data, the same single quote is not handled properly and it is causing SQL syntax error due to the single quote.
This is a known issue and it is correct, it can occur in multiple places in the code. There will be some work submitted on this - in the mean time there are some isolated fixes.
Quote: This single quote was causing a problem in the sQL syntax when I was trying to reverse the GRN. I guess the single quote was not handled when the data was read back from the DB.
This indeed is serious, and caused big issues for my client. I have provided an isolated fix in the code specific for this error for them. I will push it to the subversion repository until we have a more generalised fix for this type of thing.
Cheers,
Jo
I have pushed a fix for this problem to ReverseGRN.php to the subversion code repository.
This is really fixing a symptom of a more widespread issue but will prevent the GRN issue on reversing due to bad data.
Line 136 has been changed to:
PHP Code:
stat_comment = CONCAT('" . Date($_SESSION['DefaultDateFormat']) . ' ' . _('GRN Reversed for') . ' ' . mysql_real_escape_string(stripslashes($GRN['itemdescription'])) . ' ' . _('by') . ' ' . $_SESSION['UsersRealName'] . "<br />', stat_comment )