Announcement

Collapse
No announcement yet.

Single quote bug

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ethank
    replied
    Is anyone able to duplicate this? I'm kind of waiting on fixing this bug before I do an update from a 3.0.3 board to a 3.5.1 board.

    I'd rather do an upgrade, but I'm trying to start clean, plus I'm now using prefixes on the tables and the old board does not.

    Leave a comment:


  • ethank
    replied
    Another quote related bug: Forum titles seemed to get imported with the slashes still in the entry in the database. See attached image. I had to go in manually and remove it.
    Attached Files

    Leave a comment:


  • ethank
    replied
    What I meant to say is that the error in Attachments happened at this code section...

    PHP Code:
                    $Db_object->query("
                        INSERT INTO " 
    $tableprefix "attachment
                        (
                            importattachmentid, filename, filedata,
                            dateline, visible, counter, filesize,
                            postid, filehash, userid, extension
                        )
                        VALUES
                        (
                            \"" 
    $this->get_value('mandatory''importattachmentid') . "\",
                            \"" 
    addslashes($this->get_value('mandatory''filename')) . "\",
                            \"\",
                            \"" 
    $this->get_value('nonmandatory''dateline')  . "\",
                            \"" 
    $this->get_value('nonmandatory''visible')  . "\",
                            \"" 
    $this->get_value('nonmandatory''counter')  . "\",
                            \"\",
                            \"" 
    $post_id['postid']  . "\",
                            \"" 
    $this->get_value('nonmandatory''filehash')  . "\",
                            \"" 
    $post_id['userid'] . "\",
                            \"" 
    $this->get_value('nonmandatory''extension')  . "\"
                        )
                    "
    ); 
    This is my fixed code. The error happened because of a single quote within a filename. the same TYPE of error (no slash on a single quote) as happened when importing users. Changing the code to what is above let it work and did a perfect import (except for forum parents being a bit strange).

    Leave a comment:


  • Jerry
    replied
    Originally posted by ethank
    Same error number and cause, I didn't copy it, just fixed it and let it run.
    Well that's going to be a hard one to find, as there is no email handling in importing attachments.

    Leave a comment:


  • ethank
    replied
    Same error number and cause, I didn't copy it, just fixed it and let it run.

    Leave a comment:


  • Jerry
    replied
    Originally posted by ethank
    Like I said, I was first at the User Import stage and then at the Attachment Import stage, importing from VB 3.0.3.
    And the attachment SQL error was ?

    Leave a comment:


  • ethank
    replied
    Like I said, I was first at the User Import stage and then at the Attachment Import stage, importing from VB 3.0.3.

    Leave a comment:


  • Jerry
    replied
    Originally posted by ethank
    It happened during user import and again during attachment import.
    What was that error ?

    Originally posted by ethank
    The problem was caused by SQL errors from having single quotes (') in the filename or a field in the user table.
    I am aware of what the issue was, I need to know where it was.

    Leave a comment:


  • ethank
    replied
    It happened during user import and again during attachment import.

    The problem was caused by SQL errors from having single quotes (') in the filename or a field in the user table.

    Leave a comment:


  • Jerry
    replied
    That is not a workable fix, with out some actual details of what stage of what import you were doing, nothing can be done.

    Leave a comment:


  • ethank
    replied
    Changes that needed to be made:

    $email_match = $Db_object->query_first("SELECT userid FROM " . $tableprefix . "user WHERE email=\"". $this->get_value('mandatory', 'email') . "\"");

    Changed from

    $email_match = $Db_object->query_first("SELECT userid FROM " . $tableprefix . "user WHERE email='". $this->get_value('mandatory', 'email') . "'");

    wherever it appeared

    Leave a comment:


  • ethank
    started a topic Single quote bug

    Single quote bug

    I'm doing some test imports and I just got this message:

    ImpEx Database errormysql error: Invalid SQL: SELECT userid FROM vb_user WHERE email='scott.o'[email protected]'


    Seems like an easy fix (slashes), but I'm amazed it slipped through QA.
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X