Home Downloads Forums Shop FAQs Blog Contact Demo Login

ChronoForms v8 is now WordPress ready, ChronoMails is out

The JED needs volunteers!

Forums

Special chars in Form Data not escaped during CB Registratio

as
ashwinuae 09 Jun, 2012
Hi!

I have a form in v4 which uses the Joomla Registration function to create a user. I use the CB Support to store a few custom fields as well.

Now I happened to notice that any special characters in the CB fields (e.g. 'single quotes') breaks during Submit and get the following error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''sometext'','','','','','','','','','','','','','','','','','','','','','','','','',' at line 1 SQL=INSERT INTO xxx_comprofiler



This is isolated only to the CB registration bit and does not happen with Joomla Registration or a normal DB save.
Gr
GreyHead 11 Jun, 2012
Hi ashwinuae,

I don't know much about the CB part of the code but you can try adding a Custom code action to pre-process any data that is to be saved into a CB table.
<?php
// to fix line-breaks
$form_data['input_name'] = nl2br($form_data['input_name']);
// to escape quotes
$db =& JFactory::getDBO();
$form_data['input_name'] = $db->escape($form_data['input_name']);
?>


Bob
Max_admin
Max_admin 13 Jun, 2012
Fixed in the coming release!
Max, ChronoForms developer
ChronoMyAdmin: Database administration within Joomla, no phpMyAdmin needed.
ChronoMails simplifies Joomla email: newsletters, logging, and custom templates.
This topic is locked and no more replies can be posted.
Terms of Use Privacy Policy Business Partners

2Checkout.com

2CheckOut.com Inc. (Ohio, USA) is an authorized retailer for goods and services provided by ChronoEngine.com

© 2006 - 2024 ChronoEngine.com