Unescaped Apostrophes

More
5 years 3 weeks ago - 5 years 3 weeks ago #87622 by CEMBTW
CEMBTW created the topic: Unescaped Apostrophes
This seems like it would show up a lot, but I don't see anything in the bug tracker for it.

So I'm wondering if there's something more specifically wrong with my installation...

When submitting an answer with a single apostrophe in Long Text/Comment/etc. forms, I receive an SQL error message about the apostrophe.

For example a comment with "I'm" prompts this error:
Error executing query in dbExecuteAssoc:CDbCommand failed to execute the SQL statement:
SQLSTATE[42000]: [Microsoft][SQL Server Native Client 10.0]
[SQL Server]Incorrect syntax near 'm'.

Escaping the apostrophe with "I''m" (not that I expect end-users to do that changes the last part of the error to
Incorrect syntax near '\'
Last Edit: 5 years 3 weeks ago by CEMBTW.

Please Log in to join the conversation.

More
5 years 3 weeks ago #87738 by helper
helper replied the topic: Unescaped Apostrophes

Please Log in to join the conversation.

More
5 years 3 weeks ago - 5 years 3 weeks ago #87739 by CEMBTW
CEMBTW replied the topic: Unescaped Apostrophes
No one else has experienced this in test runs of their surveys? Ninja'd

What file includes code on input sanitization? Something in the validators folder?

(Note: It also occurs with the text portion of the multiple choice & comment question (and probably with Short Text, Huge Text, etc.) I'd comment on the bugtracks, but my login is finicky right now.
Last Edit: 5 years 3 weeks ago by CEMBTW.

Please Log in to join the conversation.

More
5 years 3 weeks ago #87742 by helper
helper replied the topic: Unescaped Apostrophes
The file is application/helpers/common_helper.php

The bug report was updated - these guys are GOOD and DAMN FAST! Probably show up in the next patch level.

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!