I'm trying to activate a theme using the sqlite backend (just doing initial testing, but will stick with either sqlite or postgres) and activation of any additional themes fails. At first glance it looks like SQLite is choking on the escape of the quote characters in the data string. Per http://www.sqlite.org/lang_expr.html
A single quote within the string can be encoded by putting two single quotes in a row - as in Pascal. C-style escapes using the backslash character are not supported because they are not standard SQL.
I haven't had a chance to look at the db abstraction layer to see how the queries are created, is there already a fix for this?
Warning: SQLite3::query(): Unable to prepare statement: 1, near "home": syntax error in ./piwigo-2.2.1/include/dblayer/functions_sqlite.inc.php on line 129 INSERT INTO piwigo_config (param,value,comment) VALUES ("Sobre" , "a:4:{s:4:\"home\";b:1;s:10:\"categories\";b:1;s:7:\"picture\";b:0;s:5:\"other\";b:1;}" , "Sobre parameters");
near "home": syntax error
Offline
I will report it to the creator of the theme : he uses addslashes() whereas we have implemented a function for escaping correctly
Offline
Fair enough, sounds good. I actually tried three different themes before posting to try and avoid it being a theme specific issue, but I must have just had bad luck on selecting them. The three I tried were Montblanc XL, Sobre, and stripped. I just tried (randomly) hr_os_xl and that worked, so thanks.
So I can patch the theme locally until it's fixed, what is the new/better escaping approach you've made available?
Last edited by mrjoel (2011-05-19 17:04:36)
Offline
you can make a hot fix by yourself : replace all addslashes( by pwg_db_real_escape_string(
Last edited by flop25 (2011-06-20 12:59:02)
Offline