This forum is no longer open and is for reading/searching only.

Please use our new MachForm Community Forum instead.

MachForm Community Forums » MachForm 3

Logic - Notification Email Rules Issue

Started 11 years ago by orware | 2 posts |


  1. orware
    Member

    So I just did some testing on my end with using a Dropdown Menu to guide which people get notified when a person submits something on our Contact Us form.

    One of the values for the Dropdown was "President's Office" (without the quotes).

    When setting up the Logic, I used:
    "Department You Wish to Contact: " IS President's Office

    On the frontend, even though I didn't select that option from the Dropdown, I received a SQL error right after submitting the form. The data made it's way to the database and I did get the notification email, however, the SQL error below shouldn't be displayed on the page.

    SQL: [537]

    SELECT count(B.element_title) total_row
    FROM( SELECT A.element_6, (select option from ap_element_options where form_id = ? and element_id = ? and option_id = A.element_6 and live = 1) element_title
    FROM ap_form_105 A WHERE id = ? ) B
    WHERE B Params:

    3 Key: Position #0: paramno=0 name=[0] "" is_param=1 param_type=2 Key: Position #1: paramno=1 name=[0] "" is_param=1 param_type=2 Key: Position #2: paramno=2 name=[0] ""
    is_param=1 param_type=2

    Query Failed: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's office'' at line 21

    My guess is the value isn't being properly sanitized/quoted for that query and is causing a SQL error in that situation.

    I was able to resolve with a workaround by changing the logic for that one to be:
    "Department You Wish to Contact: " BEGINS WITH President

    Instead.

    Hope this helps someone!

    -Omar

    Posted 11 years ago #

  2. yuniar

    Omar -- thank you for reporting this!
    I have the fix for this now and will update the package soon.

    If you need to get the patch, please contact me directly and I'll send you the files.

    MachForm Founder

    Posted 11 years ago #

RSS feed for this topic

Reply