[solved] The character " ' " and logging search results

Hi,

i got a problem with logging of (successful) search results, containing the character " ’ ".

If i search "ski" on http://www.modx.wangba.fr/index.php?id=245 i’ll find http://www.modx.wangba.fr/index.php?id=131 (and more), with this content:

[...] or eastern borderlands of the second Polish Republic. Much of Kapu?ci?ski’s work is considered to ascend to the heights of literature.[...]

If i search "ski’s" on http://www.modx.wangba.fr/index.php?id=245 there will be an sql-error because of the insert statement :

« Execution of a query to the database failed - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ’s’,’1’,’131’,’’,’[!AjaxSearch? &debug=`1` &ajaxSearch=`0` &category=`articleCate’ at line 3 »
SQL: INSERT INTO `db216428098`.`mdx1_ajaxsearch_log` ( searchstring, nb_results, results, comment, as_call, as_select, ip ) VALUES (’ski’s’,’1’,’131’,’’,’[!AjaxSearch?

I don’t know how to implement a stripInput-Function, but i think that inserting " ’ " should be cleaned, or masked with "\" by default (like in criterions, the search itself). What do you think?


I tested with Ajax Search 1.90 and AjaxSearch 1.91 (ajaxSearch191_7219) and coroico’s site.

Thanks Mithrandir for this feedback. Issue registered as AJAXSEARCH-83.

For ajaxSearch 1.9.1 to fix this issue, replace the code line #107 by:

Or simply dowload the attached file, remove the .txt extension and drop the file in the classes folder.

I have updated the release 1.9.2 with this fix, you can download it from the site (new svn id = 319).
Apologies for those who have already downloaded this new version.

Hello coroico,

thank you for the fix - i downloaded the newest version of AS 1.92 and everything is fine.