Topic: Import CSV Items

A module for importing Items from other systems has been added to the Download pages.

/Joe

Re: Import CSV Items

Hi Joe,
I check the module and found an error:
On line 38 you use db_escape() function to clean the $description field. This results in the addition of single quotes arround the quotes in $description.
Later in line 67 and 85 when building the SQL statements for update and insert there is yet an other sigle quote arround %description resulting in a SQL error.

Removing these quotes seams to solve the problem.

Regards

Roger

Re: Import CSV Items

We are aware of this problem. We had to escape all the input database fields in FrontAccounting to eliminate spammer injections. Spammers could add html code into the fields and thereby inject the script.

/Joe

Re: Import CSV Items

Is the solution I used correct or does it cause any risks/issues?

Re: Import CSV Items

Your solution is perfect.

/Joe