search

Les2015 / auto-repair-shop

Automatically exported from code.google.com/p/auto-repair-shop
0 stars 0 forks source link

input should be santized #9

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
- In Find customer view, enter a last name like O'Brien

searchForMatchingCustomer should include some kind of input santization

Original issue reported on code.google.com by fionawhw...@gmail.com on 9 Jun 2009 at 2:50

GoogleCodeExporter commented 9 years ago 
Currently, we'll get stack trace like the following

Traceback (most recent call last):
  File "C:\Program 
Files\Google\google_appengine\google\appengine\ext\webapp\__init__.py", line 
503, in 
__call__
    handler.post(*groups)
  File "C:\Documents and Settings\Wing_Wong\workspace\MaintenanceRecordsSystem_week3
\src\dermico.py", line 55, in post
    MaintAppController.theController().handle_button_events(self, button, tag)
  File "C:\Documents and Settings\Wing_Wong\workspace\MaintenanceRecordsSystem_week3
\src\dermico.py", line 146, in handle_button_events
    dispatch_function(self, reqhandler, bIndex)
  File "C:\Documents and Settings\Wing_Wong\workspace\MaintenanceRecordsSystem_week3
\src\dermico.py", line 381, in doSearch
    searchResults = self.__model.searchForMatchingCustomers(searchCriteria)
  File "C:\Documents and Settings\Wing_Wong\workspace\MaintenanceRecordsSystem_week3
\src\MaintAppModel.py", line 323, in searchForMatchingCustomers
    query = CustomerEnt.gql(query_string)
  File "C:\Program 
Files\Google\google_appengine\google\appengine\ext\db\__init__.py", line 978, 
in gql
    *args, **kwds)
  File "C:\Program 
Files\Google\google_appengine\google\appengine\ext\db\__init__.py", line 1775, 
in 
__init__
    self._proto_query = gql.GQL(query_string, _app=app)
  File "C:\Program 
Files\Google\google_appengine\google\appengine\ext\gql\__init__.py", line 192, 
in 
__init__
    if not self.__Select():
  File "C:\Program 
Files\Google\google_appengine\google\appengine\ext\gql\__init__.py", line 792, 
in 
__Select
    return self.__From()
  File "C:\Program 
Files\Google\google_appengine\google\appengine\ext\gql\__init__.py", line 808, 
in 
__From
    return self.__Where()
  File "C:\Program 
Files\Google\google_appengine\google\appengine\ext\gql\__init__.py", line 823, 
in 
__Where
    return self.__FilterList()
  File "C:\Program 
Files\Google\google_appengine\google\appengine\ext\gql\__init__.py", line 850, 
in 
__FilterList
    return self.__OrderBy()
  File "C:\Program 
Files\Google\google_appengine\google\appengine\ext\gql\__init__.py", line 1044, 
in 
__OrderBy
    return self.__Limit()
  File "C:\Program 
Files\Google\google_appengine\google\appengine\ext\gql\__init__.py", line 1086, 
in 
__Limit
    return self.__Offset()
  File "C:\Program 
Files\Google\google_appengine\google\appengine\ext\gql\__init__.py", line 1105, 
in 
__Offset
    return self.__Hint()
  File "C:\Program 
Files\Google\google_appengine\google\appengine\ext\gql\__init__.py", line 1128, 
in 
__Hint
    return self.__AcceptTerminal()
  File "C:\Program 
Files\Google\google_appengine\google\appengine\ext\gql\__init__.py", line 777, 
in 
__AcceptTerminal
    self.__Error('Expected no additional symbols')
  File "C:\Program 
Files\Google\google_appengine\google\appengine\ext\gql\__init__.py", line 717, 
in 
__Error
    (error_message, self.__symbols[self.__next_symbol]))
BadQueryError: Parse Error: Expected no additional symbols at symbol Brien

Original comment by fionawhw...@gmail.com on 10 Jun 2009 at 6:54