#289 Insert/Edit error when fields have ']'

Joe Bordes

When one or more fields in a table have the ']' character in them you cannot insert nor update the record. This is due to the html array that is setup for picking up values from the form widgets.

Create the table:
"REF" text NOT NULL,
"NOMBRE E" text,

and try to insert values.

I have tried to fix but really haven't found an elegant and global solution. I am currently changing the ']' for another character that I do not use with the strtr function.

Regards, Joe


  • Robert Treat

    Robert Treat - 2007-02-02

    Logged In: YES
    Originator: NO

    Verified that the problem persists in 4.1. You can duplicate the problem by adding a column named "x]x", you'll get errors like:
    ERROR: column "x" of relation "foo" does not exist
    In statement:
    INSERT INTO "foo" ("a", "x") VALUES ('now', 'test')

    this also breaks table browsing with:
    ERROR: syntax error at or near "]" at character 40
    In statement:
    SELECT COUNT(*) AS total FROM (SELECT x]x, count(*) AS "count" FROM foo GROUP BY x]x ORDER BY x]x) AS sub

    right now the best solution is "dont do that" :-\

  • Russell Smith

    Russell Smith - 2007-04-01

    Logged In: YES
    Originator: NO

    Select appears not to be broken on HEAD, but the issue still remains.

    I've also noted that you can duplicate this issue with " and ' in field names if you have php magic quotes on.

    I've also done some testing and have had success with urlencoding the field names before they are printed on the form.

    We could use values["field]name[with]symbols"]. But it doesn't protect us from ".

    I think the best solution here is to create a function that does whatever parsing rules we require of it to get the field names right when they need to be quoted like this. I found urlencode the simpliest, but it's probably not best practise.

    I'm happy to go and attempt to implement something, but I'd like a little help with the way I should go about it.

  • Markus Bertheau

    Markus Bertheau - 2007-04-13

    Logged In: YES
    Originator: NO

    And here's a patch for the insert (and select) issue: http://www.bluetwanger.de/~mbertheau/phppgadmin-bug1607047.2.patch

    I use the urlencode approach; it seems correct to me and works.

    The patch also adds a missing htmlspecialchars().

  • Russell Smith

    Russell Smith - 2007-04-15
    • assigned_to: nobody --> mr-russ
  • Russell Smith

    Russell Smith - 2007-04-15

    Logged In: YES
    Originator: NO

    Thanks ska-fan, I'll look at is and review. If all is good, which I expect it will be, I'll apply the patch to CVS.

  • J.Guillaume (ioguix) de Rorthais

    • milestone: 544260 --> CVS
    • assigned_to: mr-russ --> ioguix
    • status: open --> closed-fixed

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks