#379 MySQL syntax error when adding or searching insurance company from demographics page


Description: User without administrative privileges is unable to add an insurance company that contains an apostrophe or single quote. Tested on v4.1.2 (3) and v4.1.3-dev.

Steps to Reproduce:
1) Login and create new patient with minimum required data
2) From demographics page, select Edit to the left of Demographics or Insurance tab
3) Select Search/Add under Primary, Secondary or Tertiary Insurance tab'
4) Enter apostrophe or single quote in one of the insurance fields
5) Select Search or Save as New

1) Login with administrator privileges
2) Select Administration > Practice from left navigation menu
3) Select Insurance Companies
4) Select Add a Company
5) Enter insurance company that contains apostrophe or single quote

1 Attachments


  • Brady Miller

    Brady Miller - 2015-07-25

    I placed a review on github.

  • Brady Miller

    Brady Miller - 2015-08-01


    Committed this to the codebase with a minor fix (see the commit following it). Thanks for the contribution. When I was testing this, I noted a another bug that is unrelated to your fix. When using the insurance Search/Add popup when creating a NEW patient, it doesn't work.


  • Brady Miller

    Brady Miller - 2015-08-11

    Awesome. Thanks for the fix. Just committed it to the codebase (I added your author information from the previous commit(your commit above didn't have author information)).

  • Brady Miller

    Brady Miller - 2015-08-11
    • status: open --> closed-fixed

Log in to post a comment.