Check out the LimeSurvey source code on GitHub!

Unescaped Apostrophes

More
4 years 2 months ago - 4 years 2 months ago #87622 by CEMBTW
This seems like it would show up a lot, but I don't see anything in the Bug Tracker for it.

So I'm wondering if there's something more specifically wrong with my installation...

When submitting an answer with a single apostrophe in Long Text/Comment/etc. forms, I receive an SQL error message about the apostrophe.

For example a comment with "I'm" prompts this error:
Error executing query in dbExecuteAssoc:CDbCommand failed to execute the SQL statement:
SQLSTATE[42000]: [Microsoft][SQL Server Native Client 10.0]
[SQL Server]Incorrect syntax near 'm'.

Escaping the apostrophe with "I''m" (not that I expect end-users to do that changes the last part of the error to
Incorrect syntax near '\'
Last Edit: 4 years 2 months ago by CEMBTW.

Please Log in to join the conversation.

More
4 years 2 months ago #87738 by helper

Please Log in to join the conversation.

More
4 years 2 months ago - 4 years 2 months ago #87739 by CEMBTW
No one else has experienced this in test runs of their surveys? Ninja'd

What file includes code on input sanitization? Something in the validators folder?

(Note: It also occurs with the text portion of the multiple choice & comment question (and probably with Short Text, Huge Text, etc.) I'd comment on the bugtracks, but my login is finicky right now.
Last Edit: 4 years 2 months ago by CEMBTW.

Please Log in to join the conversation.

More
4 years 2 months ago #87742 by helper
The file is application/helpers/common_helper.php

The bug report was updated - these guys are GOOD and DAMN FAST! Probably show up in the next patch level.

Please Log in to join the conversation.

Imprint                   Privacy policy         General Terms & Conditions         Revocation information and revocation form