Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

apostrophe causing Syntax errors in Helpdesk 1.0


Guest

Recommended Posts

Could anyone help me please to fix this?

If a customer uses an apostrophe when they are submitting a meesage using the Helpdesk v1.0 contribution, the apostrophe caused a syntax error. If the apostrophe is not used the message is ok and can be submitted.

This is on a live working shop

 

1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'NEW','Tue Aug 30, 2005 08:29:47','Medium')' at line 1

INSERT INTO helpdesk VALUES ('','test user','[email protected]','test'','','NEW','Tue Aug 30, 2005 08:29:47','Medium');

[TEP STOP]

Link to comment
Share on other sites

Check the mysql statement that stores the customer info if the string is filtered with an addslashes function. You may need to add it.

Link to comment
Share on other sites

I found this code in helpdesk_submit.php

 

 ?$curdate = date("D M d, Y h:i:s");
?$query = "INSERT INTO helpdesk VALUES ('','$name','$email','$problem','','NEW','$curdate','$priority');";
?$result = tep_db_query($query);

 

I tried this but it didnt work:

 

$curdate = date("D M d, Y h:i:s");
 $query = stripslashes ("INSERT INTO helpdesk VALUES ('','$name','$email','$problem','','NEW','$curdate','$priority');");
 $result = tep_db_query($query);

Link to comment
Share on other sites

It depends on your php settings (you can check this using phpinfo() ). Check whether magic_quotes_gpc, magic_quotes_runtime, and/or magic_quotes_sybase are on. Depending on the combination of these you have, you'll either be fine with OSC as is; need to add slashes using addslashes in various locations peppered throughout the OSC code; need to remove slashes using stripslashes in various locations peppered throughtout your code; or need to get your hosting provider to change your settings for these three variables to match OSC's assumptions so you don't have to make any changes to the code.

 

My buest guess, based on the problems I am / have been having, is that OSC 2.2M2 is expecting magic_quotes_gpc to be on, and the other two variables to be off. But I may be wrong about that.

 

Regards,

 

--Grayson

Grayson Morris

Link to comment
Share on other sites

It depends on your php settings (you can check this using phpinfo() ). Check whether magic_quotes_gpc, magic_quotes_runtime, and/or magic_quotes_sybase are on.  Depending on the combination of these you have, you'll either be fine with OSC as is; need to add slashes using addslashes in various locations peppered throughout the OSC code; need to remove slashes using stripslashes in various locations peppered throughtout your code; or need to get your hosting provider to change your settings for these three variables to match OSC's assumptions so you don't have to make any changes to the code.

 

My buest guess, based on the problems I am / have been having, is that OSC 2.2M2 is expecting magic_quotes_gpc to be on, and the other two variables to be off. But I may be wrong about that.

 

Regards,

 

--Grayson

 

Hi all three are off, I will contact my host provider and ask them to switch on magic_quotes_gpc and let you know cheers.

Link to comment
Share on other sites

Grayson I cant thank you enought, switching on magic_quotes_gpc has solved the problem :)

 

There is a forward slash before the apostrophe now in the message, is there a way to get rid of the slashes?

 

test' becomes

 

test\'\'

Link to comment
Share on other sites

Scott,

 

I'm glad that worked for you! I know that feeling of relief :-).

 

What I've done is go into the php file for the page that's inserting the slashes and find where the field in question is being displayed. I then add a call to stripslashes on that field. I've found that the input part seems to work perfectly (that is, input text is properly stored in the database with no extraneous slashes), but that here and there in the OSC code, the output (to e-mail or webpage) ends up with an extra slash (often when it's direct input from webpage sent to e-mail without storing it in the DB first, for example). For example, in contact_us.php, the subject and text the user types in are e-mailed out with slashes in them. I just replaced the references to $whatever_variable with stripslashes($whatever_variable) for fields where that was likely to be a problem (names, texts, but not e-mail addresses or numeric IDs).

 

Regards,

 

--Grayson

Grayson Morris

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...