dotProject error: query failed about username
http://forums.dotproject.net/showthread.php?t=9290
EDIT: Fixed in stable_2 as of revision 5798.
When users try to reply to a forum post the system throws an SQL error.
It is happening because a user_id is not being delimited with quotes.
Here is the message we see…
Quote:
ERROR: /home/mysite/public_html/zzzproj/classes/query.class.php(623): query failed(SELECT contact_first_name, contact_last_name FROM ( `users` ) LEFT JOIN `contacts` AS con ON contact_id = user_contact WHERE user_username LIKE ‘tofjohn’ OR user_id = tofjohn) – error was: Unknown column ‘tofjohn’ in ‘where clause’ My Analysis: WHERE user_username LIKE ‘tofjohn’ OR user_id = tofjohn) – error was: Unknown column ‘tofjohn’ in ‘where clause’
should have parameter for user_id quoted as in… OR user_id = ‘tofjohn’)Quote:
Backtrace:
0 /home/mysite/public_html/zzzproj/classes/query.class.php:623 dprint(‘/home/mysite/public_html/zzzproj/classes/query.class.php’,623,0,’query failed(SELECT contact_first_name, contact_last_name FROM ( `users` ) LEFT JOIN `contacts` AS con ON contact_id = user_contact WHERE user_username LIKE \’tofjohn\’ OR user_id = tofjohn) – error was: Unknown column \’tofjohn\’ in \’where clause\”)
1 /home/mysite/public_html/zzzproj/classes/query.class.php:645 exec(2)
2 /home/mysite/public_html/zzzproj/includes/main_functions.php:193 loadList()
3 /home/mysite/public_html/zzzproj/modules/forums/post_message.php:139 dPgetUsername(‘tofjohn’)
4 /home/mysite/public_html/zzzproj/modules/forums/viewer.php:83 include(‘/home/mysite/public_html/zzzproj/modules/forums/post_message.php’)
5 /home/mysite/public_html/zzzproj/index.php:299 require(‘/home/mysite/public_html/zzzproj/modules/forums/viewer.php’)
<\pre>I tried to find a fix by looking at query.class.php and found the make_where_clause function, but looks like the problem comes somewhere before that. Will keep looking thru more source…
Current versions of system are in my sig.
fix:
/* $q->addWhere(“user_username LIKE ‘$user’ OR user_id = ” . $user); */
$q->addWhere(‘user_username LIKE \”.$user.”‘”);
Bình luận mới