MySQL Update to phplist Database Errors out if field included single quote apostrophe
| Project: | phplist Integration Module |
| Version: | 5.x-1.1 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
First of all - great module!
Secondly - I recently ran into a little bug with this module when a user named Marcus O'Vell signed up for a Drupal account. I have the phplist integration module hooked up to sync the first and last name fields from Drupal over to phplist, and when I ran the synchronization, the whole process errored out....
user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Vell')' at line 1 query: REPLACE INTO phplist_user_user_attribute VALUES(5, 140, 'O'Vell') in /var/www/vhosts/datafiredev.com/subdomains/cbe01/httpdocs/includes/database.mysql.inc on line 174.
Obviously, mysql doesn't like the apostrophe in Mr. O'Vell's name.
My quick fix for this issue was to an additional line above the insert statement on line 673 of phplist.module so it puts an escape character in before the apostrophe. This fixed the error and made all the villagers rejoice.
// Add attribute
$attr_val = str_replace ("'","\'", $attr_val);
db_query("REPLACE INTO $strprefix"."user_user_attribute VALUES(%d, %d, '$attr_val')", $drupalid, $uid);In case anyone else runs into this problem, I hope this helps!
#1
Hi datafire,
Thanks for pointing this out. Whilst I am not actively developing the D5 module now, I have found the same problem in the D6 version, so I have taken to the opportunity to kill 2 birds with 1 stone!
Regards,
- Paul
#2
#3
Automatically closed -- issue fixed for 2 weeks with no activity.