<![CDATA[FrontAccounting forum — Import CSV Items]]> 2008-09-08T11:52:38Z PunBB https://frontaccounting.com/punbb/viewtopic.php?id=75 <![CDATA[Re: Import CSV Items]]> Your solution is perfect.

/Joe

]]> https://frontaccounting.com/punbb/profile.php?id=3 2008-09-08T11:52:38Z https://frontaccounting.com/punbb/viewtopic.php?pid=1099#p1099 <![CDATA[Re: Import CSV Items]]> Is the solution I used correct or does it cause any risks/issues?

]]> https://frontaccounting.com/punbb/profile.php?id=207 2008-09-08T11:36:53Z https://frontaccounting.com/punbb/viewtopic.php?pid=1098#p1098 <![CDATA[Re: Import CSV Items]]> We are aware of this problem. We had to escape all the input database fields in FrontAccounting to eliminate spammer injections. Spammers could add html code into the fields and thereby inject the script.

/Joe

]]> https://frontaccounting.com/punbb/profile.php?id=3 2008-09-08T07:11:48Z https://frontaccounting.com/punbb/viewtopic.php?pid=1097#p1097 <![CDATA[Re: Import CSV Items]]> Hi Joe,
I check the module and found an error:
On line 38 you use db_escape() function to clean the $description field. This results in the addition of single quotes arround the quotes in $description.
Later in line 67 and 85 when building the SQL statements for update and insert there is yet an other sigle quote arround %description resulting in a SQL error.

Removing these quotes seams to solve the problem.

Regards

Roger

]]> https://frontaccounting.com/punbb/profile.php?id=207 2008-09-08T02:40:12Z https://frontaccounting.com/punbb/viewtopic.php?pid=1094#p1094 <![CDATA[Import CSV Items]]> A module for importing Items from other systems has been added to the Download pages.

/Joe

]]> https://frontaccounting.com/punbb/profile.php?id=3 2007-12-06T21:23:21Z https://frontaccounting.com/punbb/viewtopic.php?pid=213#p213