Jump to content

Topic on Extension talk:PageInfo/Flow

An apostrophe in the name causes an SQL error

2
Skew (talkcontribs)

Using PageInfo, if I navigate to page "User's Guide", I'll get this error message in the browser window:

Database error
A database query syntax error has occurred. This may indicate a bug in the software. The last attempted database query was:
(SQL query hidden)
from within function "". Database returned error "1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's_Guide' AND wl_namespace = 0' at line 3 (localhost)".


The Fix - Find these lines:

// Total watchers
$pi_sql = "
SELECT COUNT( * )
FROM " . $db->tableName( 'watchlist' ) . "
WHERE wl_title = '" . $wgTitle->getDBkey() . "'
AND wl_namespace = " . $wgTitle->getNamespace();
$pi_Watcher_SQL = $dbr->fetchRow( $dbr->query( $pi_sql ) );
$pi_Watcher = $this->pi_CreateEntry( wfMsgHTML( 'paramWatcher' ), $pi_Watcher_SQL[0] );
$pi_Container .= $pi_Watcher;

and modify to this:

// Total watchers
$convertedKey =
  mysql_real_escape_string( $wgTitle->getDBkey() );
$pi_sql = "
SELECT COUNT( * )
FROM " . $db->tableName( 'watchlist' ) . "
WHERE wl_title = '" . $convertedKey . "'
AND wl_namespace = " . $wgTitle->getNamespace();
$pi_Watcher_SQL = $dbr->fetchRow( $dbr->query( $pi_sql ) );              
$pi_Watcher = $this->pi_CreateEntry( wfMsgHTML( 'paramWatcher' ), $pi_Watcher_SQL[0] );
$pi_Container .= $pi_Watcher;
Jeroen De Dauw (talkcontribs)

Looks like $db->select() should be used here.

Reply to "An apostrophe in the name causes an SQL error"