<![CDATA[FrontAccounting forum — Import CSV Items]]> https://frontaccounting.com/punbb/viewtopic.php?id=75 Mon, 08 Sep 2008 11:52:38 +0000 PunBB <![CDATA[Re: Import CSV Items]]> https://frontaccounting.com/punbb/viewtopic.php?pid=1099#p1099 Your solution is perfect.

/Joe

]]> Mon, 08 Sep 2008 11:52:38 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=1099#p1099 <![CDATA[Re: Import CSV Items]]> https://frontaccounting.com/punbb/viewtopic.php?pid=1098#p1098 Is the solution I used correct or does it cause any risks/issues?

]]> Mon, 08 Sep 2008 11:36:53 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=1098#p1098 <![CDATA[Re: Import CSV Items]]> https://frontaccounting.com/punbb/viewtopic.php?pid=1097#p1097 We are aware of this problem. We had to escape all the input database fields in FrontAccounting to eliminate spammer injections. Spammers could add html code into the fields and thereby inject the script.

/Joe

]]> Mon, 08 Sep 2008 07:11:48 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=1097#p1097 <![CDATA[Re: Import CSV Items]]> https://frontaccounting.com/punbb/viewtopic.php?pid=1094#p1094 Hi Joe,
I check the module and found an error:
On line 38 you use db_escape() function to clean the $description field. This results in the addition of single quotes arround the quotes in $description.
Later in line 67 and 85 when building the SQL statements for update and insert there is yet an other sigle quote arround %description resulting in a SQL error.

Removing these quotes seams to solve the problem.

Regards

Roger

]]> Mon, 08 Sep 2008 02:40:12 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=1094#p1094 <![CDATA[Import CSV Items]]> https://frontaccounting.com/punbb/viewtopic.php?pid=213#p213 A module for importing Items from other systems has been added to the Download pages.

/Joe

]]> Thu, 06 Dec 2007 21:23:21 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=213#p213