Bug: Quotes not escaped in 2.2.1

G

Garth

Guest
Hi,

Looks like a bug, when I put in data "Author's Site" for the field description
field, I got an query error...

Looks like the text is not being escaped before the SQL insert,
cuz "Author\'s Site" works.

Any CVS version of DaDaBIK? I could submit a patch for it, but I don't
want to be working on an outdated copy....

-Garth
 
E

Eugenio

Guest
Garth wrote:
>
> Hi,
>
> Looks like a bug, when I put in data "Author's Site" for the
> field description
> field, I got an query error...
>
> Looks like the text is not being escaped before the SQL
> insert,
> cuz "Author\'s Site" works.

DaDaBIK supposes that magic_quotes_gpc is set to 1 in php.ini.

The last version stop the execution if that setting is seto to 0.

Eugenio.

(Latest version of DaDaBIK when this message was posted: 2.2.1)
 
You must log in or register to reply here.
Top