Apostrophe in Search causes 1064 MySQL error

[Guest Bill Smith]

I'm using Cube Cart 4.4.1, PHP Version 5.2.13, and MySQL 5.1.47.

Everything seems to be working fine, except that the use of an apostrophe in the SEARCH box causes a 1064 MySQL error.

The store sells children's clothing and one of the products is "Carter's". When a person tries to search for "Carter's 3 month" it returns an error.

"Carter's" by itself works fine. But "Carter's 3 month" or "Carter's Girl" returns error.

I'm guessing I need to change the code to remove/strip the apostrophe out of the SEARCH field.

Where should I go (be nice), and what should I change?

[vokf]

Hi Bill,

Just checked this on an older CC4 store, and all is ok - no errors. Obviously, no products are found, and the query is returned in the search box as "Carter\'s Girl" (ie, with slash added before apostrophe.

I know CC will cleanse database queries(mysqlsafe() function from memory) - as an apostrophe is basically a delimiter for the database, and uncleansed queries are a common security issue. Adding the slash before this keeps it treated as part of the query.

Is your store modified?

Compare;

includes/viewCat.inc.php

with the original one from the original cubecart download.

viewCat.inc.php contains all the search code, and also code for displaying the categories.

If the file is different, find out what modifications have been applied, and contact the authors to fix the problem.

Otherwise, post back!

Hope this helps,

Jason

[Guest Bill Smith]

Hi Jason,

Thanks for the quick response.

I compared the viewCat.inc.php file found in my original download (in the includes/content folder) to the one running in my store. No differences were found.

Carter's Carter\s Carter\s 3 all work fine.

Carter's 3 returns the error.