Closed CatsEyeXI closed 4 months ago
Looks like sortname
is only used in a couple areas and this looks like GetItemIDByName called by !additem command.
Herm... could it be the single quotes monkeying up the query?
INSERT INTO `item_basic` VALUES (4431,0,'bunch_of_san_dorian_grapes','san_dor._grape',12,1548,@INGREDIENTS,0,19);;
Only question it because I once saw an issue with addresses in a tax records file conversion run that was using single quotes during an extraction. When people put in something like ST. JOHN'S in an address it threw the formatting out of whack.
Just weird to see it cut off right where you have that weirdness we have to watch out for with San d'oria, when it isn't formatted like that in items_basic.
'san_d'or._grape'' in the query
san_dor._grape in the data
This is what we have
This is the error
near 'or._grape' OR sortname LIKE 'san_d'or._grape''
Meaning, it's probably a module override problem, couse we do not have a '
in the item long-name nor short-name
This function is only used in !additem
, so it's likely a module or a GM or something. If you're directly using client extracted strings somewhere it'll probably fail.
hi, seems it is indeed likely that a gm used single quotes in the !additem command. Will close, thanks for looking.
If a user/gm can input arbitrary text directly into a sql statement: this is a very bad thing that should be patched, even if it's gm-only š
I affirm:
OS / platform the server is running (if known)
Windows10/MariaDB 10.6
Branch affected by issue
base
Steps to reproduce
I unfortunately can't gather much context surrounding this error but looks like the formatting contained within this item name is causing SQL errors.
Expected behavior
SQL statements should be formatted to sanely handle this item?