CRM-3048 2.0 activity upgrade Step 4 fails with SQL syntax error due to unescaped quotes

what version of mysql are you using. I suspect this might be a mysql version bug.

Can you email deepak at webaccess.co.in the db and we can try to reproduce it

thanx

lobo

also can you attach the chnges you made which fixed this error

thanx

lobo

MySQL version 5.0.22.
PHP version 5.1.6

I'll have to ask the client for permission to send the db, or produce a simple test case. However the error seems unsurprising given that the code doesn't escape strings. Is it possible that the code was tested in an environment with the PHP variable magic_quotes_runtime on? It's off in my setup and is deprecated.

http://php.net/manual/en/function.mysql-real-escape-string.php :
mysql_real_escape_string...
This function must always (with few exceptions) be used to make data safe before sending a query to MySQL

http://uk3.php.net/manual/en/security.magicquotes.php
Magic Quotes...
This feature has been DEPRECATED and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged...
It's preferred to code with magic quotes off and to instead escape the data at runtime, as needed...
magic_quotes_runtime If enabled, most functions that return data from an external source, including databases and text files, will have quotes escaped with a backslash. Can be set at runtime, and defaults to off in PHP.

I'll attach a diff of my changes, this was just a quick fix in ignorance of Civi coding styles and with no thought to rdbms independence.

Diff against 2.0.2 to escape quotes in activity summary.

The file "CRM/Upgrade/TwoZero/Form/Step4.php" has gone through a few changes from 2.0.2 -> 2.0.3.

Check - http://svn.civicrm.org/civicrm/branches/v2.0/CRM/Upgrade/TwoZero/Form/Step4.php

The new approach is much better and takes care of the problem.

Closing, since already handled in 2.0.3