Skip to content

Quotes in custom fields

edited May 2013 in Troubleshooting

Hello.
Sendy crashes (fails to save a subscriber, but sends out confirmation emails) if any of the custom fields contains quotes.

Fix:
in subscribe php update line 169 from:

$cf_vals .= $value;

to

$cf_vals .= mysql_real_escape_string($value);

Comments

  • Also isn't it a better idea to store custom fields serialized or json encoled rather than glued with '%s%' in database? looks like a more solid approach

  • BenBen
    edited May 2013

    Thanks Dmitrii. I'll probably use mysqli_real_escape_string instead of mysql_real_escape_string if I decide to go with this fix. mysql_* extension will be deprecated in PHP 5.5.

    Ben

  • This is now fixed in version 1.1.7.

This discussion has been closed.