We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 19741
    • 90 Posts

    i got a problem with logging of (successful) search results, containing the character " ’ ".

    If i search "ski" on http://www.modx.wangba.fr/index.php?id=245 i’ll find http://www.modx.wangba.fr/index.php?id=131 (and more), with this content:
    [...] or eastern borderlands of the second Polish Republic. Much of Kapu?ci?ski’s work is considered to ascend to the heights of literature.[...]

    If i search "ski’s" on http://www.modx.wangba.fr/index.php?id=245 there will be an sql-error because of the insert statement :
    « Execution of a query to the database failed - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ’s’,’1’,’131’,’’,’[!AjaxSearch? &debug=`1` &ajaxSearch=`0` &category=`articleCate’ at line 3 »
    SQL: INSERT INTO `db216428098`.`mdx1_ajaxsearch_log` ( searchstring, nb_results, results, comment, as_call, as_select, ip ) VALUES (’skis’,’1’,’131’,’’,’[!AjaxSearch?

    I don’t know how to implement a stripInput-Function, but i think that inserting " ’ " should be cleaned, or masked with "\" by default (like in criterions, the search itself). What do you think?

    I tested with Ajax Search 1.90 and AjaxSearch 1.91 (ajaxSearch191_7219) and coroico’s site.

      • 5811
      • 1,717 Posts

      Thanks Mithrandir for this feedback. Issue registered as AJAXSEARCH-83.

      For ajaxSearch 1.9.1 to fix this issue, replace the code line #107 by:
              $asString = mysql_real_escape_string($rs['searchString']);

      Or simply dowload the attached file, remove the .txt extension and drop the file in the classes folder.

      I have updated the release 1.9.2 with this fix, you can download it from the site (new svn id = 319).
      Apologies for those who have already downloaded this new version.
        • 19741
        • 90 Posts
        Hello coroico,

        thank you for the fix - i downloaded the newest version of AS 1.92 and everything is fine.