FrontAccounting forum — Single and double quote in Item Description

Re: Single and double quote in Item Description

2015-02-16T10:05:41Z

This needs to be fixed in FA 2.3 itself so that there is no carry forward errors into FA 2.4.....

Re: Single and double quote in Item Description

2015-02-16T07:28:07Z

I would rather wait that the new version of FA fixes it, otherwise, I would have to run a find/replace each time FA has a new version.
______________________
Are you interested in pass4sure Get our self paced a+ notes itil study packages to pass your rasmussen without any Hobe Sound Bible College lsat.

Re: Single and double quote in Item Description

2014-12-06T11:43:41Z

I hope our chief developer, Janusz, sees this.

Joe

Re: Single and double quote in Item Description

2014-12-06T09:22:56Z

That's right. Waiting for @joe to clarify way forward and integrate a fix.

Re: Single and double quote in Item Description

2014-12-06T06:26:21Z

whaoo, I would rather wait that the new version of FA fixes it, otherwise, I would have to run a find/replace each time FA has a new version.
I think i should mention that to Joe, so he can consider it for the next version, right ?
Tx

Re: Single and double quote in Item Description

2014-12-06T06:16:07Z

A possible search and replace using the QUOTE() function of MySQL may be one solution. Another would be a search and replace of such known entities in the most affected fields or in the db_escape function itself. This is also the reason why the currency symbols stand as "?" in the CoA sqls.

Re: Single and double quote in Item Description

2014-12-06T06:04:09Z

Hi Apmuthu,
Tx for this post, which i understand, but what can we do then to fix this ?
One of my customer is named O'brian, and it displays "O'Brian".
Tx

Single and double quote in Item Description

2014-11-28T16:09:43Z

Items like "Pipe 15 ft long" in the Item description displays fine. But if the abbreviation of feet as as an apostrophe / single quote is used, then it gets entered into the table as ' instead.

Hence the Item: "Pipe 15' long" now becomes "Pipe 15' long"

This is due to the way function db_escape() is programmed in includes/db/connect_db.inc.

function db_escape($value = "", $nullify = false)
{
    $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
    $value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);

      //reset default if second parameter is skipped
    $nullify = ($nullify === null) ? (false) : ($nullify);

      //check for null/unset/empty strings
    if ((!isset($value)) || (is_null($value)) || ($value === "")) {
        $value = ($nullify) ? ("NULL") : ("''");
    } else {
        if (is_string($value)) {
              //value is a string and should be quoted; determine best method based on available extensions
            if (function_exists('mysql_real_escape_string')) {
                  $value = "'" . mysql_real_escape_string($value) . "'";
            } else {
              $value = "'" . mysql_escape_string($value) . "'";
            }
        } else if (!is_numeric($value)) {
            //value is not a string nor numeric
            display_error("ERROR: incorrect data type send to sql query");
            echo '

';
            exit();
        }
    }
    return $value;
}

MySQL now has an builtin QUOTE() function that can now dispense with quoting / cleaning up any string to be entered through SQL directly.

The use of htmlspecialchars() is dictated by certain PHP environment settings:

' " ' (double quote) becomes '"' when ENT_NOQUOTES is not set. 
" ' " (single quote) becomes ''' only when ENT_QUOTES is set.