RE: [otrs] Using apostrophes in the subject causing problems

30 Jun 2005

      I'm using Postgresql instead of mysql.  Would this error have occurred using mysql?  It shouldn't matter because sql is sql right?

OTRS devs:  is mysql the preferred database for otrs?

Thanks,

Carl

-----Original Message-----
From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of Jeremy Blain
Sent: Thursday, June 30, 2005 12:18 PM
To: User questions and discussions about OTRS.org
Subject: Re: [otrs] Using apostrophes in the subject causing problems

This sounds like an sql escaping issue, where placeholders or proper quoting should be used for all the data, but isn't correct.
(this is potentially a security issue too)

I've filed a bug report about it
http://bugs.otrs.org/show_bug.cgi?id=809

Sheline, Carl (LLU) wrote:
...
I'm using OTRS 1.3.2
When I create a phone ticket and type "someone's computer needs blah 
blah" in the subject and then finish out filling the rest of the ticket 
and then click on create I get this error message:
Error: called with 2 bind variables when 0 are needed, SQL: 'INSERT 
INTO article  (ticket_id, article_type_id, article_sender_type_id, 
a_from, a_reply_to, a_to,  a_cc, a_subject, a_message_id, a_body, 
a_content_type, content_path,  valid_id, incoming_time,  create_time, 
create_by, change_time, change_by)  VALUES  (36, 5, 3,  '"csheline 
csheline" ', '', 'normal', '',  'carl\'s computer', 
'', ?, 'text/plain\; charset=iso-8859-15', ?,  1,  1120157813, 
current_timestamp, 2, current_timestamp, 2)'
So I hit the back button take out the apostrophe and create the ticket 
no problem.
But the error message generated a ticket ID without an article.  I 
delete the ticket ID and everything seems ok.
I have 2 questions:
1.  Can I use apostrophes at all?
2.  Every time I get an error message like the one above will I get 
data corruption?
Thanks,
Carl Sheline
School of Dentistry
Loma Linda University
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting für Ihr OTRS System?
_______________________________________________
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
Support oder Consulting für Ihr OTRS System?
=> http://www.otrs.de/