search

arnaudcoquelet / fusionpbx

Automatically exported from code.google.com/p/fusionpbx
0 stars 0 forks source link

SQL statments need to escape data properly #877

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
SQL not escaping properly, when saving a voicemail with callerid that has a 
single qoute

2015-03-09 19:30:28.688053 [ERR] switch_core_sqldb.c:586 NATIVE SQL ERR 
[unrecognized token: "'
) "]
INSERT INTO v_voicemail_messages
(
voicemail_message_uuid,
domain_uuid,
voicemail_uuid,
created_epoch,
caller_id_name,
caller_id_number,
message_length
)
VALUES
(
'5d75b1c4-c6cd-11e4-b8e5-119c1e91238c',
'dbd115e2-a367-460e-a488-1839e36b7a61',
'd7ab6004-8bdf-4046-91c0-5b96cbc74aec',
'142595XXXX',
'Erin O'Meara',
'425785XXXX',
'10'
)
2015-03-09 19:30:28.688053 [ERR] freeswitch_lua.cpp:446 DBH NOT Connected.

Original issue reported on code.google.com by erin.ome...@salmonbaytechnology.com on 10 Mar 2015 at 2:33

GoogleCodeExporter commented 9 years ago 
Might be helpful to know what branch and revision you're on.

Have potentially addressed the issue with r7963.  Please update and advise.

Thanks.

Original comment by sevenate on 15 Mar 2015 at 9:17