Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 3.4.0
-
Fix Version/s: 3.4.3
-
Component/s: None
-
Labels:None
Description
Single quotation marks in event fees are not getting escaped in the MySQL when being searched on using the advanced search feature. First discovered this issue in v3.2, but remains in the 3.4 on the sandbox site.
Here's the resulting error:-
Database Error Code: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's fee' AND civicrm_participant.is_test = 0 ) AND (contact_a.is_deleted = 0)' at line 1, 1064
Additional Details:
Array
(
[callback] => Array
(
[0] => CRM_Core_Error
[1] => handle
)
[code] => -2
[message] => DB Error: syntax error
[mode] => 16
[debug_info] => SELECT DISTINCT UPPER(LEFT(contact_a.sort_name, 1)) as sort_name FROM civicrm_contact contact_a LEFT JOIN civicrm_participant ON civicrm_participant.contact_id = contact_a.id INNER JOIN civicrm_event ON civicrm_participant.event_id = civicrm_event.id WHERE ( civicrm_event.id = 1 AND civicrm_participant.fee_level = 'Member's fee' AND civicrm_participant.is_test = 0 ) AND (contact_a.is_deleted = 0) [nativecode=1064 ** You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's fee' AND civicrm_participant.is_test = 0 ) AND (contact_a.is_deleted = 0)' at line 1]
[type] => DB_Error
[user_info] => SELECT DISTINCT UPPER(LEFT(contact_a.sort_name, 1)) as sort_name FROM civicrm_contact contact_a LEFT JOIN civicrm_participant ON civicrm_participant.contact_id = contact_a.id INNER JOIN civicrm_event ON civicrm_participant.event_id = civicrm_event.id WHERE ( civicrm_event.id = 1 AND civicrm_participant.fee_level = 'Member's fee' AND civicrm_participant.is_test = 0 ) AND (contact_a.is_deleted = 0) [nativecode=1064 ** You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's fee' AND civicrm_participant.is_test = 0 ) AND (contact_a.is_deleted = 0)' at line 1]
[to_string] => [db_error: message="DB Error: syntax error" code=-2 mode=callback callback=CRM_Core_Error::handle prefix="" info="SELECT DISTINCT UPPER(LEFT(contact_a.sort_name, 1)) as sort_name FROM civicrm_contact contact_a LEFT JOIN civicrm_participant ON civicrm_participant.contact_id = contact_a.id INNER JOIN civicrm_event ON civicrm_participant.event_id = civicrm_event.id WHERE ( civicrm_event.id = 1 AND civicrm_participant.fee_level = 'Member's fee' AND civicrm_participant.is_test = 0 ) AND (contact_a.is_deleted = 0) [nativecode=1064 ** You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's fee' AND civicrm_participant.is_test = 0 ) AND (contact_a.is_deleted = 0)' at line 1]"]
)