CRM-8265 Single quote not escaped in MySQL for event fee search

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Major
          • Resolution: Fixed/Completed
          • Affects Version/s: 3.4.0
          • Fix Version/s: 3.4.3
          • Component/s: None
          • Labels:
            None

            Description

            Single quotation marks in event fees are not getting escaped in the MySQL when being searched on using the advanced search feature. First discovered this issue in v3.2, but remains in the 3.4 on the sandbox site.

            Here's the resulting error:-

            Database Error Code: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's fee' AND civicrm_participant.is_test = 0 ) AND (contact_a.is_deleted = 0)' at line 1, 1064
            Additional Details:
            Array
            (
            [callback] => Array
            (
            [0] => CRM_Core_Error
            [1] => handle
            )

            [code] => -2
            [message] => DB Error: syntax error
            [mode] => 16
            [debug_info] => SELECT DISTINCT UPPER(LEFT(contact_a.sort_name, 1)) as sort_name FROM civicrm_contact contact_a LEFT JOIN civicrm_participant ON civicrm_participant.contact_id = contact_a.id INNER JOIN civicrm_event ON civicrm_participant.event_id = civicrm_event.id WHERE ( civicrm_event.id = 1 AND civicrm_participant.fee_level = 'Member's fee' AND civicrm_participant.is_test = 0 ) AND (contact_a.is_deleted = 0) [nativecode=1064 ** You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's fee' AND civicrm_participant.is_test = 0 ) AND (contact_a.is_deleted = 0)' at line 1]
            [type] => DB_Error
            [user_info] => SELECT DISTINCT UPPER(LEFT(contact_a.sort_name, 1)) as sort_name FROM civicrm_contact contact_a LEFT JOIN civicrm_participant ON civicrm_participant.contact_id = contact_a.id INNER JOIN civicrm_event ON civicrm_participant.event_id = civicrm_event.id WHERE ( civicrm_event.id = 1 AND civicrm_participant.fee_level = 'Member's fee' AND civicrm_participant.is_test = 0 ) AND (contact_a.is_deleted = 0) [nativecode=1064 ** You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's fee' AND civicrm_participant.is_test = 0 ) AND (contact_a.is_deleted = 0)' at line 1]
            [to_string] => [db_error: message="DB Error: syntax error" code=-2 mode=callback callback=CRM_Core_Error::handle prefix="" info="SELECT DISTINCT UPPER(LEFT(contact_a.sort_name, 1)) as sort_name FROM civicrm_contact contact_a LEFT JOIN civicrm_participant ON civicrm_participant.contact_id = contact_a.id INNER JOIN civicrm_event ON civicrm_participant.event_id = civicrm_event.id WHERE ( civicrm_event.id = 1 AND civicrm_participant.fee_level = 'Member's fee' AND civicrm_participant.is_test = 0 ) AND (contact_a.is_deleted = 0) [nativecode=1064 ** You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's fee' AND civicrm_participant.is_test = 0 ) AND (contact_a.is_deleted = 0)' at line 1]"]
            )

              Attachments

                Activity

                [CRM-8265] Single quote not escaped in MySQL for event fee search
                Donald A. Lobo added a comment -

                Hey Andy:

                can you please try the patch attached to this issue

                thanx

                  People

                  • Assignee:
                    Donald A. Lobo
                    Reporter:
                    Andy Carter

                    Dates

                    • Created:
                      Updated:
                      Resolved: