Posted on: 04/02/04 12:03pm
By: wfzimmerman
I am getting error log messages whenever a user submits a search containing a single quote character to the search form. Why aren't these escaped in 1.3.9? Can I hack around this?
why aren't single quotes escaped from the search form?
Posted on: 04/02/04 12:26pm
By: Dirk
They are escaped, though maybe not in all of the plugins. Try to find out what actually causes the SQL error (e.g. by pasting the SQL error here ...).
bye, Dirk
1064 error
Posted on: 04/05/04 01:00pm
By: wfzimmerman
here is the error message. It appears to have something to do with static pages.
Fri Apr 2 12:00:57 2004 - 1064: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 's Dracula%' OR sp_content like 'Bram Stoker's Dracula%' OR sp_c. SQL in question: SELECT *,UNIX_TIMESTAMP(sp_date) as day FROM gl_staticpage WHERE (sp_php != '1' AND((sp_content like '%Bram Stoker's Dracula%' OR sp_content like 'Bram Stoker's Dracula%' OR sp_content like '%Bram Stoker's Dracula') OR (sp_title like '%Bram Stoker's Dracula%' OR sp_title like 'Bram Stoker's Dracula%' OR sp_title like '%Bram Stoker's Dracula'))) ORDER BY sp_date desc
Fri Apr 2 12:43:10 2004 - 1064: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 's The Publisher%' OR sp_content like 'Micheael H Thomson's The . SQL in question: SELECT *,UNIX_TIMESTAMP(sp_date) as day FROM gl_staticpage WHERE (sp_php != '1' AND((sp_content like '%Micheael H Thomson's The Publisher%' OR sp_content like 'Micheael H Thomson's The Publisher%' OR sp_content like '%Micheael H Thomson's The Publisher') OR (sp_title like '%Micheael H Thomson's The Publisher%' OR sp_title like 'Micheael H Thomson's The Publisher%' OR sp_title like '%Micheael H Thomson's The Publisher'))) ORDER BY sp_date desc