From: <no...@so...> - 2002-12-12 16:16:18
|
Bugs item #605052, was opened at 2002-09-05 08:17 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=410239&aid=605052&group_id=34206 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Mark Moline (mark_moline) Assigned to: Nobody/Anonymous (nobody) Summary: Overview page SQL error .948 Initial Comment: When using the AXELOGIS security mode, there is a SQL error on the overview page when a project manager, but not system administrator logs in. The errors looks like the following: -------------------------- The following query failed: select * from documents where (aproj=1) chindate>20020904104729 You have an error in your SQL syntax near 'chindate>20020904104729' at line 1 -------------------------- When the user is switched to a system administrator, the query succeeds. ---------------------------------------------------------------------- Comment By: Jason 'vanRijn' Kasper (vanrijn) Date: 2002-12-12 11:16 Message: Logged In: YES user_id=286178 This doesn't quite work either. I think the below fix is the correct one.... // FIX -- need to check order_by to make sure it starts with an "and" if ( "and" != substr(trim($order_by), 0, 3)) $order_by = "and $order_by"; if ($projs) { $sql="select * from $table where ($projs) $order_by"; } else { // Once again, the ugly method of returning an empty handle... $sql="select * from $table where 1=0"; } ---------------------------------------------------------------------- Comment By: Eric Pignot (exec) Date: 2002-09-13 04:02 Message: Logged In: YES user_id=109800 this error is not due to AXELOGIS mode : each time a non admin user logs in, in either mode (OPT or AXELOGIS), he will get this message. The only thing is that in OPT mode, every one is an admin, so it rarely occurs :-) (in fact, if a customer logs in, he will get the error). The solution provided by druiz is not enough, adding the and before "chindate" will add another error. A possible fix, but not tested enough to say that it is stable, would be to search for this string in the file include/urights.php, in the function crm_elements() : if ($projs) { $sql="select * from $table where ($projs) $order_by"; } else { // Once again, the ugly method of returning an empty handle... $sql="select * from $table where 1=0"; } and replace it by : if ($projs) { $sql="select * from $table where ($projs) and $order_by"; } else { // Once again, the ugly method of returning an empty handle... $sql="select * from $table where 1=0"; } (simply add an "and" before $order_by ) This will solve this problem, I just hope that it won't raise other somewhere else. ---------------------------------------------------------------------- Comment By: David Ruiz Estefanía (druiz) Date: 2002-09-05 09:19 Message: Logged In: YES user_id=458634 The problem seem to be in the sentence contruction, before "chindate" should be an "and". It's possible and easy to modify the code yourself... or you can wait for the next upgrade. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=410239&aid=605052&group_id=34206 |