Welcome, Guest
Username: Password: Remember me

TOPIC: Unescaped Apostrophes

Unescaped Apostrophes 1 year 10 months ago #87622

  • CEMBTW
  • CEMBTW's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 2
  • Karma: 0
This seems like it would show up a lot, but I don't see anything in the bug tracker for it.

So I'm wondering if there's something more specifically wrong with my installation...

When submitting an answer with a single apostrophe in Long Text/Comment/etc. forms, I receive an SQL error message about the apostrophe.

For example a comment with "I'm" prompts this error:
Error executing query in dbExecuteAssoc:CDbCommand failed to execute the SQL statement:
SQLSTATE[42000]: [Microsoft][SQL Server Native Client 10.0]
[SQL Server]Incorrect syntax near 'm'.

Escaping the apostrophe with "I''m" (not that I expect end-users to do that changes the last part of the error to
Incorrect syntax near '\'
Last Edit: 1 year 10 months ago by CEMBTW.
The administrator has disabled public write access.

Re: Unescaped Apostrophes 1 year 10 months ago #87738

  • helper
  • helper's Avatar
  • OFFLINE
  • Expert Lime
  • Posts: 126
  • Thank you received: 18
  • Karma: 0
The administrator has disabled public write access.

Re: Unescaped Apostrophes 1 year 10 months ago #87739

  • CEMBTW
  • CEMBTW's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 2
  • Karma: 0
No one else has experienced this in test runs of their surveys? Ninja'd

What file includes code on input sanitization? Something in the validators folder?

(Note: It also occurs with the text portion of the multiple choice & comment question (and probably with Short Text, Huge Text, etc.) I'd comment on the bugtracks, but my login is finicky right now.
Last Edit: 1 year 10 months ago by CEMBTW.
The administrator has disabled public write access.

Re: Unescaped Apostrophes 1 year 10 months ago #87742

  • helper
  • helper's Avatar
  • OFFLINE
  • Expert Lime
  • Posts: 126
  • Thank you received: 18
  • Karma: 0
The file is application/helpers/common_helper.php

The bug report was updated - these guys are GOOD and DAMN FAST! Probably show up in the next patch level.
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.176 seconds
Donation Image