[SOLVED] Single quote is causing issues in CB Auto Action PHP code

llau
OFFLINE
Senior Member
Posts: 42
Thanks: 1
Karma: 0

6 years 1 month ago - 6 years 4 weeks ago #303169 by llau

[SOLVED] Single quote is causing issues in CB Auto Action PHP code was created by llau

Hi there,

We're using an auto action on the "after user confirm" event, where the action uses the PHP eval code to build a SQL query using a cb field substitution
on a field from the registration form.

If this field contains a single quote it will cause the below code to fail.

global $_CB_framework;
global $_CB_database;		
 
$query = "SELECT `id` FROM  `#__database_table` WHERE `fieldname` = '[cb_myfieldname]' ORDER BY `id` DESC LIMIT 1";

I've also tried using addslashes as well as putting that field into a separate variable and then replacing the single quote with a backslash with no success.

Is there a way around this issue?

Kindly
V

Last edit: 6 years 4 weeks ago by krileon. Reason: Added [SOLVED] tag to subject

Please Log in to join the conversation.

krileon
Team Member
OFFLINE
Posts: 68524
Thanks: 9091
Karma: 1434

6 years 1 month ago #303184 by krileon

Replied by krileon on topic Single quote is causing issues in CB Auto Action PHP code

Don't understand why you're using a Code action to do that. Use a Query action and just directly add your SQL statement to it. Substitutions in a query action are sent through escaping for SQL usage. If you're going to use a Code action you'll need to handle the SQL escaping your self using Quote function of $_CB_database (same as if you would be using Joomla API).

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

nant
Team Member
OFFLINE
Posts: 25531
Thanks: 1834
Karma: 877

6 years 1 month ago #303216 by nant

Replied by nant on topic Single quote is causing issues in CB Auto Action PHP code

[Mod note] Move post from "potential bug" area to "usage" area - please note that support for paid add-ons should use the paid forums area.

--
Nick (nant)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Tutorials + Search the forums
For more add-ons and support: Upgrade your membership
Links: Community Builder - Languages - Adv/Pro/Dev membership - CBSubs Paid Subscriptions - GPL Templates - Hosting

Visit my CB Profile - Send me a Private Message (PM)

Please Log in to join the conversation.

llau
OFFLINE
Senior Member
Posts: 42
Thanks: 1
Karma: 0

6 years 1 month ago - 6 years 1 month ago #303237 by llau

Replied by llau on topic Single quote is causing issues in CB Auto Action PHP code

Thanks for you reply Krileon.

The reason I used the code action is because I needed to call a select query to first get an id value, then I needed to call a "custom" function from an "included" file using that value.

After reading your post, I tried escaping my CB value using the quote and getEscaped functions below, but it didn't work for some reason, maybe I don't have the right syntax?

global $_CB_framework;
global $_CB_database;		
 
require_once( $_CB_framework->getCfg( 'absolute_path' ). '/includes/my_functions.php');

//$fieldname = $_CB_database->quote([cb_myfieldname]); // doesn't work for some reason...
$fieldname = $_CB_database->getEscaped([cb_myfieldname]);

$query = "SELECT `id` FROM  `#__database_table` WHERE `fieldname` = $fieldname ORDER BY `id` DESC LIMIT 1";

// get CB user info		
$_CB_database->setQuery($query);
$neededID = $_CB_database->loadResult();

$test = custom_function($neededID); // then function performs necessary tasks

I can't seem to find the right function to use...let me know if there's an easier way

Thanks again,
V

Last edit: 6 years 1 month ago by llau.

Please Log in to join the conversation.

krileon
Team Member
OFFLINE
Posts: 68524
Thanks: 9091
Karma: 1434

6 years 1 month ago #303259 by krileon

Replied by krileon on topic Single quote is causing issues in CB Auto Action PHP code

All substitutions should be treated as strings. This means you need to enclose them in quotes when being used in PHP.

The following user(s) said Thank You: llau

Please Log in to join the conversation.

llau
OFFLINE
Senior Member
Posts: 42
Thanks: 1
Karma: 0

6 years 1 month ago #303271 by llau

Replied by llau on topic Single quote is causing issues in CB Auto Action PHP code

Thank you, Krileon, it's working now!

Kind regards,
V

Please Log in to join the conversation.

Moderators: beat, nant, krileon

Time to create page: 0.207 seconds

[SOLVED] Single quote is causing issues in CB Auto Action PHP code

Search

Login / Logout

Menu

User Menu