Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.4.7

Bug #6652 When ' is used in city on country name searchLocation() returns error
Submitted: 2006-02-01 11:14 UTC
From: hh Assigned: eru
Status: Closed Package: Services_Weather (version CVS)
PHP Version: 4.4.2 OS: Linux
Roadmaps: (Not assigned)    
Subscription  


 [2006-02-01 11:14 UTC] hh
Description: ------------ For example when using "Toronto Pearson Int'L. Ont., Canada" I get an error because the sql gets messed up, I think it's bacause you need addslashes in the sql (or a check on magic quotes or something). Below is a diff (on cvs version) with addslashes on (which fixes it but might not be enough): --- Metar.php 2006-02-01 12:04:20.000000000 +0100 +++ Metar.php.new 2006-02-01 12:09:56.000000000 +0100 @@ -1412,18 +1412,18 @@ // and build where clause from it for the select $location = explode(",", $location); if (sizeof($location) == 1) { - $where = "LOWER(name) LIKE '%".strtolower(trim($location[0]))."%'"; + $where = "LOWER(name) LIKE '%".addslashes(strtolower(trim($location[0])))."%'"; } elseif (sizeof($location) == 2) { - $where = "LOWER(name) LIKE '%".strtolower(trim($location[0]))."%'"; - $where .= " AND LOWER(country) LIKE '%".strtolower(trim($location[1]))."%'"; + $where = "LOWER(name) LIKE '%".addslashes(strtolower(trim($location[0])))."%'"; + $where .= " AND LOWER(country) LIKE '%".addslashes(strtolower(trim($location[1])))."%'"; } elseif (sizeof($location) == 3) { $where = "LOWER(name) LIKE '%".strtolower(trim($location[0]))."%'"; $where .= " AND LOWER(state) LIKE '%".strtolower(trim($location[1]))."%'"; - $where .= " AND LOWER(country) LIKE '%".strtolower(trim($location[2]))."%'"; + $where .= " AND LOWER(country) LIKE '%".addslashes(strtolower(trim($location[2])))."%'"; } elseif (sizeof($location) == 4) { - $where = "LOWER(name) LIKE '%".strtolower(trim($location[0])).", ".strtolower(trim($location[1]))."%'"; + $where = "LOWER(name) LIKE '%".addslashes(strtolower(trim($location[0]))).", ".addslashes(strtolower(trim($location[1])))."%'"; $where .= " AND LOWER(state) LIKE '%".strtolower(trim($location[2]))."%'"; - $where .= " AND LOWER(country) LIKE '%".strtolower(trim($location[3]))."%'"; + $where .= " AND LOWER(country) LIKE '%".addslashes(strtolower(trim($location[3])))."%'"; } // Create select, locations with ICAO first

Comments

 [2006-03-08 12:33 UTC] eru at php dot net
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. Sorry for the delay...