It looks like you're new here. If you want to get involved, click one of these buttons!
Sendy crashes (fails to save a subscriber, but sends out confirmation emails) if any of the custom fields contains quotes.
in subscribe php update line 169 from:
$cf_vals .= $value;
$cf_vals .= mysql_real_escape_string($value);
Also isn't it a better idea to store custom fields serialized or json encoled rather than glued with '%s%' in database? looks like a more solid approach
Thanks Dmitrii. I'll probably use mysqli_real_escape_string instead of mysql_real_escape_string if I decide to go with this fix. mysql_* extension will be deprecated in PHP 5.5.
This is now fixed in version 1.1.7.