I'm using Postgresql instead of mysql. Would this error have occurred using mysql? It shouldn't matter because sql is sql right?
OTRS devs: is mysql the preferred database for otrs? Thanks, Carl -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeremy Blain Sent: Thursday, June 30, 2005 12:18 PM To: User questions and discussions about OTRS.org Subject: Re: [otrs] Using apostrophes in the subject causing problems This sounds like an sql escaping issue, where placeholders or proper quoting should be used for all the data, but isn't correct. (this is potentially a security issue too) I've filed a bug report about it http://bugs.otrs.org/show_bug.cgi?id=809 Sheline, Carl (LLU) wrote: >I'm using OTRS 1.3.2 > >When I create a phone ticket and type "someone's computer needs blah >blah" in the subject and then finish out filling the rest of the ticket >and then click on create I get this error message: > >Error: called with 2 bind variables when 0 are needed, SQL: 'INSERT >INTO article (ticket_id, article_type_id, article_sender_type_id, >a_from, a_reply_to, a_to, a_cc, a_subject, a_message_id, a_body, >a_content_type, content_path, valid_id, incoming_time, create_time, >create_by, change_time, change_by) VALUES (36, 5, 3, '"csheline >csheline" <[EMAIL PROTECTED]>', '', 'normal', '', 'carl\'s computer', >'', ?, 'text/plain\; charset=iso-8859-15', ?, 1, 1120157813, >current_timestamp, 2, current_timestamp, 2)' > > >So I hit the back button take out the apostrophe and create the ticket >no problem. > >But the error message generated a ticket ID without an article. I >delete the ticket ID and everything seems ok. > >I have 2 questions: > >1. Can I use apostrophes at all? > >2. Every time I get an error message like the one above will I get >data corruption? > >Thanks, > >Carl Sheline >School of Dentistry >Loma Linda University >_______________________________________________ >OTRS mailing list: otrs - Webpage: http://otrs.org/ >Archive: http://lists.otrs.org/pipermail/otrs >To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >Support oder Consulting für Ihr OTRS System? > > _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? => http://www.otrs.de/ _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? => http://www.otrs.de/
