Get answers quicker by searching

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

Quotes in custom fields
  • Vote Up0Vote Down ferenceference
    Posts: 3Sendy user

    Hello. Sendy crashes (fails to save a subscriber, but sends out confirmation emails) if any of the custom fields contains quotes.

    Fix: in subscribe php update line 169 from:

    $cf_vals .= $value;

    to

    $cf_vals .= mysql_real_escape_string($value);

  • 3 Comments
  • Vote Up0Vote Down ferenceference
    Posts: 3Sendy user

    Also isn't it a better idea to store custom fields serialized or json encoled rather than glued with '%s%' in database? looks like a more solid approach

  • Vote Up0Vote Down BenBen
    Posts: 3,489Sendy support

    Thanks Dmitrii. I'll probably use mysqli_real_escape_string instead of mysql_real_escape_string if I decide to go with this fix. mysql_* extension will be deprecated in PHP 5.5.

    Ben

  • Vote Up0Vote Down BenBen
    Posts: 3,489Sendy support

    This is now fixed in version 1.1.7.

This discussion has been closed.
All Discussions