Moodle
  1. Moodle
  2. MDL-1187

Updating lesson chokes on single quotes

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Trivial Trivial
    • Resolution: Fixed
    • Affects Version/s: 1.5.3
    • Fix Version/s: None
    • Component/s: Lesson
    • Labels:
      None
    • Environment:
      Windows 2000
    • Database:
      MySQL
    • Affected Branches:
      MOODLE_15_STABLE
    • Rank:
      13737

      Description

      When adding a new lesson to a course, the update aborts if the new or edited page contents, question,or response field has a single quote in it. The mysql error is: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 's' )' at line 1

      INSERT INTO mdl_lesson_pages ( lessonid, qtype, qoption, prevpageid, nextpageid, timecreated, contents ) VALUES ( 4, 3, 0, 0, 0, 1080155351, 'her's' ).

      That is why the lesson module will not allow updates sporadically - it isn't just insufficient php memory.

        Activity

        Hide
        Martin Dougiamas added a comment -

        From Martin Dougiamas (martin at moodle.com) Thursday, 25 March 2004, 04:08 PM:

        I can't duplicate this ... can you explain your sequence of steps more exactly?

        From Ray Kingdon (rkingdon at glam.ac.uk) Thursday, 25 March 2004, 05:55 PM:

        Niether can I. I'm just updating the demo lesson for the new version of module. That's littered with single quotes. In fact it's one of the things you do when developing this type of application (gosh - look at this post ). For example a good test name is O'Brian!

        Are we talking to MySQL or Postgres here?

        From Ray Kingdon (rkingdon at glam.ac.uk) Thursday, 25 March 2004, 09:36 PM:

        Thinking about this, sounds like the magic quotes parameter in PHP (magic_quotes_gpc) is off. If you login as Admin and go to the Admin page there's a PHPINFO button on the bottom. That will tell you the state of Magic_quotes_gpc, it should be ON.

        From Martin Dougiamas (martin at moodle.com) Thursday, 25 March 2004, 11:22 PM:

        That shouldn't matter in any case, as lib/setup.php will workaround magic_quotes_gpc being off ...

        From Martin Dougiamas (martin at moodle.com) Thursday, 25 March 2004, 11:23 PM:

        I'm closing this for now ... please re-open if you have more information.

        From Ray Kingdon (rkingdon at glam.ac.uk) Friday, 26 March 2004, 05:43 PM:

        Righto.

        From s c (s.carter at bath.ac.uk) Friday, 3 February 2006, 08:41 PM:

        I think this is due to a slip-up...

        see mod/lesson/action/updatepage.php - goto line 124 (112 on older version of file) and you will see...

        if (isset($form->response[$i]))

        { $newanswer->response = clean_param(trim($form->response[$i]), PARAM_CLEANHTML); $newanswer->answer = addslashes($newanswer->answer); }

        The 'answer' bits shown above should be 'response'.

        Si :o)

        From Mark Nielsen (man15 at humboldt.edu) Thursday, 9 February 2006, 04:43 AM:

        Fixed in 1.5.3 (bug not replicated in 1.6) Thanks for your help!

        Show
        Martin Dougiamas added a comment - From Martin Dougiamas (martin at moodle.com) Thursday, 25 March 2004, 04:08 PM: I can't duplicate this ... can you explain your sequence of steps more exactly? From Ray Kingdon (rkingdon at glam.ac.uk) Thursday, 25 March 2004, 05:55 PM: Niether can I. I'm just updating the demo lesson for the new version of module. That's littered with single quotes. In fact it's one of the things you do when developing this type of application (gosh - look at this post ). For example a good test name is O'Brian! Are we talking to MySQL or Postgres here? From Ray Kingdon (rkingdon at glam.ac.uk) Thursday, 25 March 2004, 09:36 PM: Thinking about this, sounds like the magic quotes parameter in PHP (magic_quotes_gpc) is off. If you login as Admin and go to the Admin page there's a PHPINFO button on the bottom. That will tell you the state of Magic_quotes_gpc, it should be ON. From Martin Dougiamas (martin at moodle.com) Thursday, 25 March 2004, 11:22 PM: That shouldn't matter in any case, as lib/setup.php will workaround magic_quotes_gpc being off ... From Martin Dougiamas (martin at moodle.com) Thursday, 25 March 2004, 11:23 PM: I'm closing this for now ... please re-open if you have more information. From Ray Kingdon (rkingdon at glam.ac.uk) Friday, 26 March 2004, 05:43 PM: Righto. From s c (s.carter at bath.ac.uk) Friday, 3 February 2006, 08:41 PM: I think this is due to a slip-up... see mod/lesson/action/updatepage.php - goto line 124 (112 on older version of file) and you will see... if (isset($form->response [$i] )) { $newanswer->response = clean_param(trim($form->response[$i]), PARAM_CLEANHTML); $newanswer->answer = addslashes($newanswer->answer); } The 'answer' bits shown above should be 'response'. Si :o) From Mark Nielsen (man15 at humboldt.edu) Thursday, 9 February 2006, 04:43 AM: Fixed in 1.5.3 (bug not replicated in 1.6) Thanks for your help!
        Hide
        Michael Blake added a comment -

        assign to a valid user

        Show
        Michael Blake added a comment - assign to a valid user

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: