Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.I have just installed the new SQL Search in my Drupal 4.6 and get the following SQL Error when I try to execute the Search:
user error: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'na.grant_view = 1 AND CONCAT(na.realm, na.gid) IN ('all0') AND
query: SELECT DISTINCT(n.nid), n.title,n.type,n.body,n.sticky,nc.totalcount FROM drup_node n INNER JOIN drup_node_access na ON na.nid = n.nid INNER JOIN drup_node_counter nc ON n.nid = nc.nid WHERE n.status = 1 na.grant_view = 1 AND CONCAT(na.realm, na.gid) IN ('all0') AND (n.title LIKE "%%rss%%" OR n.body LIKE "%%rss%%") ORDER BY nc.totalcount DESC,n.sticky DESC,n.created DESC LIMIT 0, 500 in /www/htdocs/owlbpte/includes/database.mysql.inc on line 66.
The interesting thing is, that the search is working perfectly, while being logged in. But it does show the above error when
not being logged in.
If you want to try out, goto: http://www.rssowl.org/trip_search
Regards,
Ben
Comments
Comment #1
nedjoThanks for the note. Problem comes from use of _node_access_where_sql(), which sometimes returns something (and therefore needs an "AND" before it) and sometimes doesn't. I'm not sure how this is handled elsewhere... In any case, I fixed this issue but found that unauthenticated users couldn't see any results. So I've removed the _node_access* stuff altogether as an interim fix. Open question: Do we need the node_access tests? If so, how should they be used?
Comment #2
moshe weitzman commentedI will submit a patch which properly implements node access control. You no longer have to call node_access_x() functions. Instead, you write a typical node listing query and wrap in a call to db_rewrite_sql(). That function adds the necessary access control clauses.
Comment #3
nedjoThanks for the changes applied to HEAD and also to 4.6.
Comment #4
(not verified) commented