News:

Support the VirtueMart project and become a member

Main Menu

Vm 3.0.16 getNeighborProducts mysql error with quote

Started by Studio 42, June 13, 2016, 14:49:08 PM

Previous topic - Next topic

Studio 42

Quote1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'asimon"), 1953, UNC" ORDER BY product_name DESC, `virtuemart_product_id` DESC L' at line 1 SQL=SELECT p.`virtuemart_product_id`, `l`.`product_name`,`l`.product_name FROM `#__virtuemart_products` as p INNER JOIN `#__virtuemart_products_en_gb` as l using (`virtuemart_product_id`) LEFT JOIN `#__virtuemart_product_shoppergroups` as ps ON p.`virtuemart_product_id` = `ps`.`virtuemart_product_id` LEFT JOIN `#__virtuemart_product_categories` as pc ON p.`virtuemart_product_id` = `pc`.`virtuemart_product_id` WHERE ( `pc`.`virtuemart_category_id` = 3 AND ( `ps`.`virtuemart_shoppergroup_id`= "1" OR `ps`.`virtuemart_shoppergroup_id` IS NULL ) AND p.`published`="1" ) AND p.`virtuemart_product_id`!="22" AND `l`.product_name <= "Israel: telephone token ("asimon"), 1953, UNC" ORDER BY product_name DESC, `virtuemart_product_id` DESC LIMIT 1
I think you know the problem. $db->quote .... missing
note : This was not the case in VM2.x

Studio 42

I use this in vm3.0.16:
change line 1670:
$qm = $alreadyFound.' AND '.$whereorderByName.' '.$op.' "'.$orderByValue.'"  ORDER BY '.$orderByName.' LIMIT 1';

to

$qm = $alreadyFound.' AND '.$whereorderByName.' '.$op.' '.$db->quote($orderByValue).'  ORDER BY '.$orderByName.' LIMIT 1';

Milbo

Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Milbo

Please use next time directly escape, instead of quote. We dont need it, because we use ' for the sql String and " for the text, so it is already quoted.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/