View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 4
IDProjectCategoryView StatusDate SubmittedLast Update
04781Bug reportsSurvey participants (Tokens)public2010-12-03 00:322010-12-15 13:43
Reporteruser10993Assigned Toc_schmitz  
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version1.90+ 
Fixed in Version1.90+ 
Summary04781: Using apostrophe in tokens search box causes SQL syntax error
Description

In the Data view control page of Token administration utility, if you put an apostrophe in the string you search for, and press "search", you get an unhandled SQL exception:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'amico%' OR lastname LIKE '%d'amico%' OR email LIKE '%d'amico%' OR emailstatus LI' at line 1:SELECT * FROM lime_tokens_22677 WHERE firstname LIKE '%d'amico%' OR lastname LIKE '%d'amico%' OR email LIKE '%d'amico%' OR emailstatus LIKE '%d'amico%' OR token LIKE '%d'amico%' ORDER BY tid

search string was "d'amico" - frequent possibility for italian surnames.

probably the apostrophe should be escaped.

TagsNo tags attached.
Bug heat4
Complete LimeSurvey version number (& build)9229
I will donate to the project if issue is resolvedNo
BrowserAny
Database type & versionMysql 5
Server OS (if known)Linux CentOS 2.6.18-164.2.1.el5
Webserver software & version (if known)Apache 2
PHP Version5.2.10

Users monitoring this issue

There are no users monitoring this issue.

Activities

user10993

2010-12-03 00:50

  ~13679

i've tested this on your demo updated version and the apostrophe doesn't cause the sql error but breaks the string:

d'amico

becomes

d\
c_schmitz

c_schmitz

2010-12-09 15:38

administrator   ~13733

Fixed in rev 9612
c_schmitz

c_schmitz

2010-12-15 13:43

administrator   ~13797

Released in 1.90+ version.

Issue History

Date Modified Username Field Change
2010-12-03 00:32 user10993 New Issue
2010-12-03 00:50 user10993 Note Added: 13679
2010-12-04 01:33 c_schmitz Assigned To => c_schmitz
2010-12-04 01:33 c_schmitz Status new => assigned
2010-12-09 15:38 c_schmitz Note Added: 13733
2010-12-09 15:38 c_schmitz Status assigned => resolved
2010-12-09 15:38 c_schmitz Fixed in Version => 1.90+
2010-12-09 15:38 c_schmitz Resolution open => fixed
2010-12-15 13:43 c_schmitz Note Added: 13797
2010-12-15 13:43 c_schmitz Status resolved => closed
2016-12-08 10:39 c_schmitz Category Tokens => Survey participants (Tokens)