tatty Posted October 15, 2010 Posted October 15, 2010 In the past few weeks, this error has appeared when searching for customers in catalogue/admin/customers.php 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[email protected]'' at line 1 select id, email, foreignkey from phplist_user_user where email = 'john.o'[email protected]' The error always occurs when a customer with an apostrophe in their email address would show up in the search results. The page stops loading the list of results when it hits that customer. Can anybody help, please?
MrPhil Posted October 15, 2010 Posted October 15, 2010 This is from an add-on? Obviously poorly written code. It should be calling addslashes() on the email address string, so that any internal ' turns into \'. Something like $query = "select id, email, foreignkey from phplist_user_user where email='". addslashes($email_address) . "';"); Your example would end up select id, email, foreignkey from phplist_user_user where email = 'john.o\'[email protected]' Damn those Irish! :rolleyes:
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.