Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-9371

Where clause creation adds two set of single quotes for some fields


    • Type: Bug
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed/Completed
    • Affects Version/s: 4.0.7
    • Fix Version/s: 4.1.0
    • Component/s: Core CiviCRM
    • Labels:


      In contact/BAO/Query.php some fields (e.g. legal_identifier) are surrounded by two sets of single quotes, one of which is escaped. e.g. a search for legal_identifier 1234 the where clause ends up containing legal_identifier = '\'1234'\' which in turn does not return anything. The fist quotes are added at line 1783:

      if ( $op != 'IN' ) {
      $value = "'$value'";

      Then the buildClause function is called on line 1818. It escapes the singles quotes that where added above and wraps it again with single quotes. Here is the code from line 4043 in the buildClause function that escapes and adds the second quotes:

      if ( isset($dataType) ) {
      $value = CRM_Utils_Type::escape( $value, $dataType );
      if ( $dataType == 'String' ) {
      $value = "'" . strtolower( $value ) . "'";

      I assume the build clause function needs to stay as is since it escapes the string first and then wraps it in quotes. The question then is should the single quote be added on line 1783 or should it just be left alone since the buildClause function will take care of it?

      FYI I was using the v3 API to get contacts based on legal_identifier but I thought this was an issue in the core functionality of contacts since the behavior might be happening with other calls as well.




            • Assignee:
              lobo Donald A. Lobo
              tklawsuc Tom Klawsuc
            • Votes:
              0 Vote for this issue
              0 Start watching this issue


              • Created: