Parentheses arround address fields cause SQL error

uzerpllp / uzerp

uzERP - Open Source Business Management

http://www.uzerp.com

Other

51 stars 26 forks source link

Parentheses arround address fields cause SQL error #65

Closed steveblamey closed 8 years ago

steveblamey commented 8 years ago

Saving an address with text in a field like '(Westfield Avenue)' causes invalid SQL and causes the save to fail and abandons the transaction:

ERROR: Current transaction is aborted, commands ignored until end of transaction block.

steveblamey commented 8 years ago

Extract from postgres log:

2014-08-16 09:20:35 UTC ERROR:  syntax error at or near "Lane" at character 51
2014-08-16 09:20:35 UTC STATEMENT:  SELECT * FROM address WHERE (street1 = (Westfield Lane) AND street2 is NULL AND street3 is NULL AND town = 'Harrow' AND county = 'Middlesex' AND postcode = 'HA3 9RR' AND countrycode = 'GB') AND usercompanyid='1'
2014-08-16 09:20:35 UTC ERROR:  current transaction is aborted, commands ignored until end of transaction block

steveblamey commented 8 years ago

This query is generated by model method Address::check_exists(). While adodb will make sure that strings are quoted properly, the WHERE clause here is generated as a constraint chain. To ensure that address varchar fields are escaped properly, use preg_quote($data[$field]).

steveblamey commented 8 years ago

fixes #65, Parentheses arround address fields cause SQL error

→ <<cset 764dcbfcc4d6>>