1064 Error

[Guy-How]

VirtueMart 3.0.6.4
Joomla! 3.4.3
PHP version 5.3.29

I am getting the following 1064 error

 1064  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'alttoviulu" ORDER BY `l`.product_name DESC LIMIT 1' at line 1 SQL=SELECT p.`virtuemart_product_id`, `l`.`product_name` FROM `mmp_howvioli_virtuemart_products` as p INNER JOIN `mmp_howvioli_virtuemart_products_fi_fi` as l using (`virtuemart_product_id`) LEFT JOIN `mmp_howvioli_virtuemart_product_shoppergroups` as ps ON p.`virtuemart_product_id` = `ps`.`virtuemart_product_id` LEFT JOIN `mmp_howvioli_virtuemart_product_categories` as pc ON p.`virtuemart_product_id` = `pc`.`virtuemart_product_id` LEFT JOIN `mmp_howvioli_virtuemart_product_prices` as pp ON p.`virtuemart_product_id` = pp.`virtuemart_product_id` WHERE ( `pc`.`virtuemart_category_id` = 3 AND ( `ps`.`virtuemart_shoppergroup_id`= "1" OR `ps`.`virtuemart_shoppergroup_id` IS NULL ) AND p.`published`="1" ) AND p.`virtuemart_product_id`!="2486" AND `l`.product_name <= "Karl Höfner Conservatoire-sarjan 15" alttoviulu" ORDER BY `l`.product_name DESC LIMIT 1

I have tried the fix here https://forum.virtuemart.net/index.php?topic=130685.0
but it did not work.

Is there a fix available for this issue?

[Guy-How]

The problem is Virtuemart code.

The problem was they were sending unescaped code to the database.

I added the following line in /administrator/components/com_virtuemart/models/product.php on line 1575:

$orderByValue = addslashes($orderByValue);   

This is a very crude way of escaping data, but at least it is much more secure, and will not be rejected by the database. The system works with this workaround. So hopefully it helps anyone with a similar problem.