Guest nickteagle Posted January 6, 2011 Share Posted January 6, 2011 Hi I'm just developing a new site and came across a problem where if a product had ' in its name. Then when I clicked on "View Cart" after adding it to my basket I got a sql error (see error below). I fixed this by editing includes/content/cart.inc.php line 689 and changing $basket = $cart->setVar($product[0]['name'],'name','invArray',$i); to $basket = $cart->setVar(str_replace(array("\\'","'"), "'", $product[0]['name']),'name','invArray',$i); There didn't seem to be any check in the code to check the product name was sql safe when saving the basket in the session? Cheers Nick MySQL Error Occurred Error Message: 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Select fan in Brushed nickel - 24342";}}s:8:"shipCost";d:0;s:8:"discount";s:0:' at line 1 SQL: UPDATE `CubeCart_sessions` SET `basket` = 'a:7:{s:5:"conts";a:3:{s:6:"674{:}";a:2:{s:8:"quantity";d:1;s:9:"timestamp";i:1294321105;}s:6:"731{:}";a:2:{s:8:"quantity";d:1;s:9:"timestamp";i:1294321228;}s:6:"730{:}";a:2:{s:8:"quantity";d:1;s:9:"timestamp";i:1294321828;}}s:8:"invArray";a:3:{i:1;a:7:{s:9:"productId";s:3:"674";s:4:"name";s:35:"Hunter Alchemy fan in White - 24186";s:11:"productCode";s:5:"24186";s:11:"prodOptions";s:0:"";s:5:"price";s:6:"440.00";s:8:"quantity";d:1;s:7:"digital";s:1:"0";}i:2;a:7:{s:9:"productId";s:3:"731";s:4:"name";s:49:"Hunter Builders Select fan in Antique brass-24344";s:11:"productCode";s:5:"24344";s:11:"prodOptions";s:0:"";s:5:"price";s:6:"175.00";s:8:"quantity";d:1;s:7:"digital";s:1:"0";}i:3;a:7:{s:11:"productCode";s:5:"24342";s:11:"prodOptions";s:0:"";s:5:"price";s:6:"175.00";s:8:"quantity";d:1;s:7:"digital";s:1:"0";s:9:"productId";s:3:"730";s:4:"name";s:53:"Hunter Builder's Select fan in Brushed nickel - 24342";}}s:8:"shipCost";d:0;s:8:"discount";s:0:"";s:8:"subTotal";s:6:"790.00";s:3:"tax";s:6:"138.25";s:10:"grandTotal";s:6:"928.25";}' WHERE sessId='cl5tgv4onffqvd0rfj498rtg16'; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.