Adding a note to one of our players led to this database error when updates were done:

Code: Select all

1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's g/f'' at line 1
SQL:
SELECT `members`.`member_id`, `members`.`name` FROM `roster_members` as `members` WHERE `members`.`name`='M's g/f'
File: lib/dbal/mysql.php
Line: 234

It looks to me like either the ' or the / was not escaped in the sql string. my money is on the '

Edit: I am still using Roster version 2.0.1

Thanks

This looks like it's from memberslist
Look in addons/memberslist/inc/update_hook.php
Starting on line 251

Code: Select all

         $query =
            "SELECT `members`.`member_id`, `members`.`name`".
            " FROM `".$roster->db->table('members')."` as `members`".
            " WHERE `members`.`name`='" . addslashes($main_name) . "'";

Try replacing addslashes with $roster->db->escape