SQL error occurs when specifying quotes inside search pattern (in this example "p)

user error: You have an error in your SQL syntax near 'p%" OR c.comment LIKE "%"p%") ORDER BY c.timestamp DESC LIMIT 0, 26' at line 1
query: SELECT c.*, u.name FROM comments c INNER JOIN users u ON c.uid = u.uid WHERE c.status = 0 AND (c.subject LIKE "%"p%" OR c.comment LIKE "%"p%") ORDER BY c.timestamp DESC LIMIT 0, 26 in /home/cantincoro/includes/database.mysql.inc on line 125.

Matteo

CommentFileSizeAuthor
#4 trip_search.patch339 bytesmpd
#1 trip_search_quotes.patch744 bytesmatteo

Comments

matteo’s picture

matteo commented
Assigned: Unassigned » matteo
StatusFileSize
new trip_search_quotes.patch744 bytes

Wrote a patch to correct the problem.
Here it is

Matteo

michalska’s picture

michalska commented
Version: 4.5.x-1.x-dev » 4.6.x-1.x-dev

Do you have this patch for 4.6? I get the same error. I need to include quotes and apostrophes in my searches, they are not escaped.

matteo’s picture

matteo commented

Unfortunately not, module has been radically changed..

mpd’s picture

mpd commented
StatusFileSize
new trip_search.patch339 bytes

For my purposes, this patch fixed single quotes in 4.6.

nedjo’s picture

nedjo
he/him/his
Primary language English
commented

Thanks Mike, pls go ahead and apply (ideally to 4.6 and to HEAD, although HEAD isn't being updated).

joel_guesclin’s picture

joel_guesclin commented
Status: Needs review » Closed (fixed)

In principle this should be fixed in the 4.7 version. I'm closing all requests raised on the 4.6 version since I don't intend to continue maintaining this. Hope this causes no problems.