CiviCRM
  1. CiviCRM
  2. CRM-9371

Where clause creation adds two set of single quotes for some fields

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Trivial Trivial
    • Resolution: Fixed/Completed
    • Affects Version/s: 4.0.7
    • Fix Version/s: 4.1.0
    • Component/s: Core CiviCRM
    • Labels:
      None
    • Is MIH?:
      No
    • Code Sprint:
      No

      Description

      In contact/BAO/Query.php some fields (e.g. legal_identifier) are surrounded by two sets of single quotes, one of which is escaped. e.g. a search for legal_identifier 1234 the where clause ends up containing legal_identifier = '\'1234'\' which in turn does not return anything. The fist quotes are added at line 1783:

      if ( $op != 'IN' ) {
        $value = "'$value'";
      }

      Then the buildClause function is called on line 1818. It escapes the singles quotes that where added above and wraps it again with single quotes. Here is the code from line 4043 in the buildClause function that escapes and adds the second quotes:

      if ( isset($dataType) ) {
        $value = CRM_Utils_Type::escape( $value, $dataType );
      }
      if ( $dataType == 'String' ) {
        $value = "'" . strtolower( $value ) . "'";
      }

      I assume the build clause function needs to stay as is since it escapes the string first and then wraps it in quotes. The question then is should the single quote be added on line 1783 or should it just be left alone since the buildClause function will take care of it?

      FYI I was using the v3 API to get contacts based on legal_identifier but I thought this was an issue in the core functionality of contacts since the behavior might be happening with other calls as well.

        Activity

        Hide
        Donald A. Lobo added a comment -

        This hs been fixed in 4.1 where we dont add the quotes and allow buildClause to do so. I suspect we might end up double escaping stuff in some cases still
        Show
        Donald A. Lobo added a comment - This hs been fixed in 4.1 where we dont add the quotes and allow buildClause to do so. I suspect we might end up double escaping stuff in some cases still

          People

          • Assignee:
            Donald A. Lobo
            Reporter:
            Tom Klawsuc
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development