View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 6
IDProjectCategoryView StatusDate SubmittedLast Update
04201Bug reportsAuthenticationpublic2010-03-15 12:192010-03-15 22:38
ReporterSchelm Assigned Toc_schmitz  
PrioritynormalSeverityminor 
Status closedResolutionunable to reproduce 
Product Version1.87+ 
Summary04201: SQL-Error after Login
Description

On my productive system (see specs below) I got an SQL-error after an attempt to login:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1:SELECT define_questions, edit_survey_property, delete_survey FROM lime_surveys_rights WHERE sid=1984839014933 AND uid =

I don't know why the uid is empty and this thread:
http://www.limesurvey.org/support/forums/9-german-forum/27747-sql-anmeldefehler
recommends to set session.save_dir properly and to disable Suhosin, but my session.save_dir has 777 permissions.
Disabling Suhosin oviously can't be a good solution (especially since I think that it is disabled anyways on my server).

I figured that admin/database.php line 68 causes this problem, because the SQL-statement doesn't have good error-handling. If uid is a string, you have to encapsulate uid in apostrophes. Otherwise, you have to make sure that it is 0, when it is treated as an int (and not empty).

Possible Solution:
Line 68: $actsurquery = "SELECT define_questions, edit_survey_property, delete_survey FROM {$dbprefix}surveys_rights WHERE sid=$surveyid AND uid = ".$_SESSION['loginID']; //Getting rights for this survey

Fix: $actsurquery = "SELECT define_questions, edit_survey_property, delete_survey FROM {$dbprefix}surveys_rights WHERE sid=$surveyid AND uid = '".$_SESSION['loginID']."'"; //Getting rights for this survey

Obviously, you should check if this is an appropriate solution, since I have no clue how uid is obtained, but it seems to work for me.

TagsNo tags attached.
Bug heat6
Complete LimeSurvey version number (& build)8472
I will donate to the project if issue is resolved
Browser
Database type & versionMySQL
Server OS (if known)Debian Lenny
Webserver software & version (if known)Apache2
PHP Version5+

Relationships

Relationship GraphDependency Graph
parent of 04199 closedc_schmitz A Cookie named "sid" messes things up 
related to 04968 closedc_schmitz Issue ID # 4199 (also related 4201) should be reopened, has not been resolved. 

Users monitoring this issue

There are no users monitoring this issue.

Activities

Mazi

Mazi

2010-03-15 16:04

updater   ~11349

Can you attach a sample survey where we can reproduce the problem?
Mazi

Mazi

2010-03-15 16:05

updater   ~11350

Carsten, can you check if this really solves the problem?! I still guess there is also a server configuration component included because similar problems have been reported multiple times at the forum.
If this fixes it, it would be fine.
Schelm

Schelm

2010-03-15 16:22

reporter   ~11352

This happened immediately after installation without a survey created yet upon the first attempt to login. Possibly, you might want to take into account the other bug reported by me:
http://bugs.limesurvey.org/view.php?id=4199
So, maybe this error occurs only if the sid is set by a cookie and then LimeSurvey tries to read an uid as a result of that, which is not set, because the sid comes from a cookie that doesn't belong to LimeSurvey.
But this is just an assumption.
c_schmitz

c_schmitz

2010-03-15 22:38

administrator   ~11373

Last edited: 2010-03-15 22:43

The fix is bogus. Most probably this is a follow-up to 04199.
Re-open if necessary.

Issue History

Date Modified Username Field Change
2010-03-15 12:19 Schelm New Issue
2010-03-15 16:04 Mazi Note Added: 11349
2010-03-15 16:04 Mazi Assigned To => Mazi
2010-03-15 16:04 Mazi Status new => feedback
2010-03-15 16:04 Mazi Status feedback => assigned
2010-03-15 16:04 Mazi Assigned To Mazi => c_schmitz
2010-03-15 16:05 Mazi Note Added: 11350
2010-03-15 16:22 Schelm Note Added: 11352
2010-03-15 17:38 Mazi Relationship added related to 04199
2010-03-15 22:03 c_schmitz Relationship replaced parent of 04199
2010-03-15 22:38 c_schmitz Note Added: 11373
2010-03-15 22:38 c_schmitz Status assigned => closed
2010-03-15 22:38 c_schmitz Resolution open => unable to reproduce
2010-03-15 22:43 c_schmitz Note Edited: 11373
2011-02-23 17:06 Mazi Relationship added related to 04968