php - Syntax error or access violation: 1064 ' brandname -

-

i'm getting error in magento script:

product not added exception:exception 'pdoexception' message

'sqlstate[42000]: syntax error or access violation: 1064 have error in sql syntax; check manual corresponds mysql server version right syntax use near 's secret'' @ line 1'

some background info:

i have php script running on cron job add , update products. runs while now, got error. think it's because manufacturers name got apostrophe in it. have no clue how fix it.

changing manufacturer's name not option.

function addmanufacture($pid,$men){     $resource = mage::getsingleton('core/resource');     $readconnection = $resource->getconnection('core_read');     $query = "select manufacturers_id p1_manufacturers m_name='".$men."'";     $lastid = $readconnection->fetchone($query);      $write = mage::getsingleton("core/resource")->getconnection("core_write");     if($lastid){}else{     $url = createurl($men);      $query = "insert p1_manufacturers (m_name,identifier,status) values ('".$men."','".$url."',1)";     $write->query($query);     $lastid = $write->lastinsertid();     }     $query1 = "insert p1_manufacturers_products (manufacturers_id,product_id) values ('".$lastid."','".$pid."')";     $write->query($query1);      $query3 = "select manufacturers_id p1_manufacturers_store manufacturers_id='".$lastid."'";     $mid = $readconnection->fetchone($query3);      if($mid){} else {     $query2 = "insert p1_manufacturers_store (manufacturers_id,store_id) values ('".$lastid."',0)";     $write->query($query2);     }  }

here problem:

$query = "select manufacturers_id p1_manufacturers m_name='".$men."'";

replace with:

$menescaped = mysql_real_escape_string($men); $query = "select manufacturers_id p1_manufacturers m_name='".$menescaped."'";

for readability, might inclined reformat thus:

$menescaped = mysql_real_escape_string($men); $query = "     select         manufacturers_id             p1_manufacturers             m_name='{$menescaped}' ";

the problem not escaping input variables, , if comes user input, may find people injecting sql of own choice database. , that's not good!

addendum: above may work, i've spotted using library called mage. being case, need find out how escape strings using library - $write->escapestring($men).

as has been noted in comments, better if can switch paramerisation. you'll need check if library supports that.


Comments

Post a Comment

Popular posts from this blog

c# - Unity IoC Lifetime per HttpRequest for UserStore -

-
i'm trying clean default implementation of accountcontroller.cs comes out of box in new mvc5/owin security implementation. have modified constructor this: private usermanager<applicationuser> usermanager; public accountcontroller(usermanager<applicationuser> usermanager) { this.usermanager = usermanager; } also, have created lifetime manager unity looks this: public class httpcontextlifetimemanager<t> : lifetimemanager, idisposable { private httpcontextbase _context = null; public httpcontextlifetimemanager() { _context = new httpcontextwrapper(httpcontext.current); } public httpcontextlifetimemanager(httpcontextbase context) { if (context == null) throw new argumentnullexception("context"); _context = context; } public void dispose() { this.removevalue(); } public override object get...
Read more

Change the color of an oval at click in Java AWT -

-
i have draw ovals in java, , @ click change color. beginning tried change color after 20 ms, doesn't work. my code is: public class mycomponentnew extends frame { public graphics2d g2d; public mycomponentnew(string title) { super(title); setsize(400, 550); } @override public void paint(graphics g) { this.g2d = (graphics2d) g; this.g2d.setcolor(color.red); this.g2d.filloval(10, 55, 50, 100); } public void changecolor () { this.g2d.setcolor(color.blue); this.g2d.filloval(10, 55, 50, 100); } } and in class main method have: mycomponentnew m; m = new mycomponentnew("fereastra cu baloane"); m.setvisible(true); m.addwindowlistener(new windowadapter() { @override public void windowclosing(windowevent we) { system.exit(0); } }); try { thread.sleep(20); } catch(interruptedexception e) {} m.changecolor(); the color of oval remains red. ...
Read more

I am trying to solve the error message 'incompatible ranks 0 and 1 in assignment' in a fortran 95 program. -

-
i writing program in fortran find velocity of parachuting person in relation time. keep getting error can't fix. new programming , appreciated. the error is v(i+1)=v(i)+[32-((c*v(i)*v(i))/m)]*(h) 1 error: incompatible ranks 0 , 1 in assignment @ (1) and program is program para integer :: real :: v(11) !velocity real :: q !initial velocity real :: h !time step real :: c !drag coefficient real :: m !mass ! gravity equal 32 ft/s^2 write (*,*)'enter time step' read(*,*)h write(*,*)'enter initial velocity' read(*,*)q write(*,*)'enter drag coefficient' read(*,*)c write(*,*)'enter mass' read(*,*)m i=1,10 ! 1 10, 1 being interval. end v(i+1)=v(i)+[32-((c*v(i)*v(i))/m)]*(h) q=v(1) end program you cannot use [] normal parenthesis in expressions. array constructor, [ items ] means array items elements. end do should after line.
Read more