Project

General

Profile

Actions
Copy link

Bug #1729

closed

Migration SQL syntax error , quotes in name.

Added by Steve Traylen over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Low
Assignee:
Amos Benari
Category:
DB migrations
Target version:
1.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Running

su - foreman -s /bin/bash -c /usr/share/foreman/extras/dbmigrate

from foreman-1.0.0-0.4.el6.noarch on SL6. 
-- About to review all audits, this may take a while...
rake aborted!
An error has occurred, all later migrations canceled:

Mysql2::Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right synt
ax to use near 'jveldik' van Eldik' WHERE id = 410' at line 1: UPDATE audits SET  auditable_name = 'administrator' ,  username = 'Jan 'jveldik' van Eldik' WHERE id = 410

This is with the perhaps daft input where someone has set thier first name to "Jan 'jveldik'" with single quotes in.

mysql> select login,firstname from users where login = 'jveldik';
+---------+---------------+
| login   | firstname     |
+---------+---------------+
| jveldik | Jan 'jveldik' |
+---------+---------------+
1 row in set (0.01 sec)

For now I'll remove the ''s of course in the first database.

Actions
Copy link
 #1

Updated by Ohad Levy over 12 years ago

  • Assignee set to Amos Benari
  • Target version set to 1.0

Amos, do you mind having a look? it seems like we can simply use http://apidock.com/rails/v3.2.1/ActiveRecord/Sanitization/ClassMethods/sanitize_sql_array

Actions
Copy link
 #2

Updated by Amos Benari over 12 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF