Announcement

Collapse
No announcement yet.

Single quote bug

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Single quote bug

    I'm doing some test imports and I just got this message:

    ImpEx Database errormysql error: Invalid SQL: SELECT userid FROM vb_user WHERE email='scott.o'[email protected]'


    Seems like an easy fix (slashes), but I'm amazed it slipped through QA.

  • #2
    Changes that needed to be made:

    $email_match = $Db_object->query_first("SELECT userid FROM " . $tableprefix . "user WHERE email=\"". $this->get_value('mandatory', 'email') . "\"");

    Changed from

    $email_match = $Db_object->query_first("SELECT userid FROM " . $tableprefix . "user WHERE email='". $this->get_value('mandatory', 'email') . "'");

    wherever it appeared

    Comment


    • #3
      That is not a workable fix, with out some actual details of what stage of what import you were doing, nothing can be done.
      I wrote ImpEx.

      Blog | Me

      Comment


      • #4
        It happened during user import and again during attachment import.

        The problem was caused by SQL errors from having single quotes (') in the filename or a field in the user table.

        Comment


        • #5
          Originally posted by ethank
          It happened during user import and again during attachment import.
          What was that error ?

          Originally posted by ethank
          The problem was caused by SQL errors from having single quotes (') in the filename or a field in the user table.
          I am aware of what the issue was, I need to know where it was.
          I wrote ImpEx.

          Blog | Me

          Comment


          • #6
            Like I said, I was first at the User Import stage and then at the Attachment Import stage, importing from VB 3.0.3.

            Comment


            • #7
              Originally posted by ethank
              Like I said, I was first at the User Import stage and then at the Attachment Import stage, importing from VB 3.0.3.
              And the attachment SQL error was ?
              I wrote ImpEx.

              Blog | Me

              Comment


              • #8
                Same error number and cause, I didn't copy it, just fixed it and let it run.

                Comment


                • #9
                  Originally posted by ethank
                  Same error number and cause, I didn't copy it, just fixed it and let it run.
                  Well that's going to be a hard one to find, as there is no email handling in importing attachments.
                  I wrote ImpEx.

                  Blog | Me

                  Comment


                  • #10
                    What I meant to say is that the error in Attachments happened at this code section...

                    PHP Code:
                                    $Db_object->query("
                                        INSERT INTO " 
                    $tableprefix "attachment
                                        (
                                            importattachmentid, filename, filedata,
                                            dateline, visible, counter, filesize,
                                            postid, filehash, userid, extension
                                        )
                                        VALUES
                                        (
                                            \"" 
                    $this->get_value('mandatory''importattachmentid') . "\",
                                            \"" 
                    addslashes($this->get_value('mandatory''filename')) . "\",
                                            \"\",
                                            \"" 
                    $this->get_value('nonmandatory''dateline')  . "\",
                                            \"" 
                    $this->get_value('nonmandatory''visible')  . "\",
                                            \"" 
                    $this->get_value('nonmandatory''counter')  . "\",
                                            \"\",
                                            \"" 
                    $post_id['postid']  . "\",
                                            \"" 
                    $this->get_value('nonmandatory''filehash')  . "\",
                                            \"" 
                    $post_id['userid'] . "\",
                                            \"" 
                    $this->get_value('nonmandatory''extension')  . "\"
                                        )
                                    "
                    ); 
                    This is my fixed code. The error happened because of a single quote within a filename. the same TYPE of error (no slash on a single quote) as happened when importing users. Changing the code to what is above let it work and did a perfect import (except for forum parents being a bit strange).

                    Comment


                    • #11
                      Another quote related bug: Forum titles seemed to get imported with the slashes still in the entry in the database. See attached image. I had to go in manually and remove it.
                      Attached Files

                      Comment


                      • #12
                        Is anyone able to duplicate this? I'm kind of waiting on fixing this bug before I do an update from a 3.0.3 board to a 3.5.1 board.

                        I'd rather do an upgrade, but I'm trying to start clean, plus I'm now using prefixes on the tables and the old board does not.

                        Comment

                        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                        Working...
                        X