Bug #5468

SQL error during injection : unascape values

Added by Miridan over 3 years ago.

Status:NewStart date:02/24/2016
Priority:UrgentDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

During insertion of computers data's, we have an insertion error due to unescape chars "'".

The following error occurs :

  • MySQL query error:
    SQL: UPDATE `glpi_computers`
    SET `comment` = \'
    CR04003 - CRB Local multimédia

Pc fixe Pas d\'utilisateur Attitré\' WHERE `id` =\'33478\'
Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'utilisateur Attitré' WHERE `id` ='33478'' at line 2
Backtrace :
inc/commondbtm.class.php:357
inc/commondbtm.class.php:1116 CommonDBTM->updateInDB()
...injection/inc/commoninjectionlib.class.php:1501 CommonDBTM->update()
...injection/inc/commoninjectionlib.class.php:1415 PluginDatainjectionCommonInjectionLib->effectiveAddOrUpdate()
...atainjection/inc/computerinjection.class.php:90 PluginDatainjectionCommonInjectionLib->processAddOrUpdate()
plugins/datainjection/inc/engine.class.php:145 PluginDatainjectionComputerInjection->addOrUpdateObject()
...datainjection/inc/clientinjection.class.php:249 PluginDatainjectionEngine->injectLine()
...datainjection/inc/clientinjection.class.php:204 PluginDatainjectionClientInjection::processInjection()
...datainjection/front/clientinjection.form.php:38 PluginDatainjectionClientInjection::showInjectionForm()

GLPI : 0.90
DataInjection : 2.4.1

Also available in: Atom PDF