[CRM-3621] 2.0.6 upgrade Step 6 fails with SQL syntax error due to unescaped quotes - CiviCRM Issue Tracker

Details

Type: Bug
Status: Done/Fixed
Priority: Major
Resolution: Fixed/Completed
Affects Version/s: 2.0
Fix Version/s: 2.1
Component/s: None
Labels:
None

Description

If an event title contains an apostrophe, then upgrade step 6 (miscellaneous) fails on this query at Upgrade/TwoZero/Form/Step6.php line 104:

$query1 = "SELECT civicrm_participant_payment.participant_id,civicrm_participant_payment.contribution_id FROM civicrm_participant, civicrm_participant_payment where civicrm_participant.event_level = '{$level }' AND civicrm_participant_payment.participant_id = civicrm_participant.id";

Note that $level is not escaped, so if it contains an apostrophe then a SQL syntax error results, e.g.:
where civicrm_participant.event_level = 'Why Can't Equalities Communities Reach Us?'

The attached patch worked for me, however I don't know whether this is the Civi way of doing it.

2.0.6 Drupal PHP5

Dave

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

Upgrade_TwoZero_Form_Step6.php.diff
2008-09-26 10:59
1 kB
Dave Jenkins

Activity

People

Assignee:

Kurund Jalmi

Reporter:

Dave Jenkins

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

2008-09-26 10:59

Updated:

2008-12-09 16:24

Resolved:

2008-09-28 23:06