Topic: Import CSV Items
A module for importing Items from other systems has been added to the Download pages.
/Joe
It's much more fun, when you can discuss your problems with others...
You are not logged in. Please login or register.
FrontAccounting forum → Modules Add-on's → Import CSV Items
A module for importing Items from other systems has been added to the Download pages.
/Joe
Hi Joe,
I check the module and found an error:
On line 38 you use db_escape() function to clean the $description field. This results in the addition of single quotes arround the quotes in $description.
Later in line 67 and 85 when building the SQL statements for update and insert there is yet an other sigle quote arround %description resulting in a SQL error.
Removing these quotes seams to solve the problem.
Regards
Roger
We are aware of this problem. We had to escape all the input database fields in FrontAccounting to eliminate spammer injections. Spammers could add html code into the fields and thereby inject the script.
/Joe
Is the solution I used correct or does it cause any risks/issues?
Your solution is perfect.
/Joe
FrontAccounting forum → Modules Add-on's → Import CSV Items
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 4 official extensions. Copyright © 2003–2009 PunBB.