Import CSV Items

joe · 12/06/2007 09:23:21 pm

joe
Administrator
Offline

Registered: 03/15/2007
Posts: 5,085

Topic: Import CSV Items

A module for importing Items from other systems has been added to the Download pages.

/Joe

roger · 09/08/2008 02:40:12 am

roger
Member
Offline

Registered: 08/18/2008
Posts: 18

Re: Import CSV Items

Hi Joe,
I check the module and found an error:
On line 38 you use db_escape() function to clean the $description field. This results in the addition of single quotes arround the quotes in $description.
Later in line 67 and 85 when building the SQL statements for update and insert there is yet an other sigle quote arround %description resulting in a SQL error.

Removing these quotes seams to solve the problem.

Regards

Roger

joe · 09/08/2008 07:11:48 am

joe
Administrator
Offline

Registered: 03/15/2007
Posts: 5,085

Re: Import CSV Items

We are aware of this problem. We had to escape all the input database fields in FrontAccounting to eliminate spammer injections. Spammers could add html code into the fields and thereby inject the script.

/Joe

roger · 09/08/2008 11:36:53 am

roger
Member
Offline

Registered: 08/18/2008
Posts: 18

Re: Import CSV Items

Is the solution I used correct or does it cause any risks/issues?

joe · 09/08/2008 11:52:38 am

joe
Administrator
Offline

Registered: 03/15/2007
Posts: 5,085

Re: Import CSV Items

Your solution is perfect.

/Joe

Import CSV Items

Posts: 5

1 Topic by joe 12/06/2007 09:23:21 pm

Topic: Import CSV Items

2 Reply by roger 09/08/2008 02:40:12 am

Re: Import CSV Items

3 Reply by joe 09/08/2008 07:11:48 am

Re: Import CSV Items

4 Reply by roger 09/08/2008 11:36:53 am

Re: Import CSV Items

5 Reply by joe 09/08/2008 11:52:38 am

Re: Import CSV Items

Posts: 5