[#6829] - Router throws a 1064 Error (You have an error in your SQL syntax) when pretty url contains article ID and name
- Closed
- 24 Apr 2015
- Medium
- Build: master
- # 6829
I have recently upgraded my site from Joomla 2.5 to 3. I have several links on external sites that point to e.g.
http://open-tools.net/component/content/article/58-opentools-advanced-order-numbers-for-magento-released.html
These links worked just fine in J2.5, but in J3.4.1 they throw an SQL error.
Steps to reproduce the issue
- Go to http://open-tools.net/component/content/article/58-opentools-advanced-order-numbers-for-magento-released.html
- You will get an SQL error, as the router apparently no longer splits the article ID from the title, but rather joins it with a colon:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':opentools-advanced-order-numbers-for-magento-released' at line 1 SQL=SELECT title FROM j25_content WHERE id=58:opentools-advanced-order-numbers-for-magento-release
Expected result
The article with ID 58 should be displayed, as it was the case in Joomla 2.5
(for comparison, I put an copy of the old site running Joonla 2.5 up at:
http://demo.open-tools.net/open-tools/component/content/article/58-opentools-advanced-order-numbers-for-magento-released.html )
Actual result
An SQL error is thrown.
As a side note, leaving out the article title works, e.g. http://open-tools.net/component/content/article/58
System information (as much as possible)
Database Version: 5.5.43-0ubuntu0.14.04.1
Database Collation: latin1_swedish_ci
PHP Version: 5.5.9-1ubuntu4.9
Web Server: Apache/2.4.7 (Ubuntu)
WebServer to PHP Interface: cgi-fcgi
Joomla! Version: Joomla! 3.4.1 Stable [ Ember ] 21-March-2015 20:30 GMT
Joomla! Platform Version: Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
Additional comments
This issue breaks many links other sites have set to our site in the past, and we have no authority to change those external links. After an upgrade from J2.5 to J3, external links should certainly still be working.
I have several similar URLs where external sites link to my site, which now gives error messages instead of documentation for our software products. Unfortunately, most external sites are not under my control, so changing those links is not an option.
Dear Octavian,
Thank you for noticing. I dug a bit deeper and it is indeed the Shape5 Vertex template that I'm using, which throws the error. In particular, it does:
$id = JRequest::getVar('id');
$db=JFactory::getDBO();
$db->setQuery('SELECT title FROM #__content WHERE id='.$id);
So apparently the id request variable contains also the article title. A quick fix (not sure whether this is really the best) is to use (int)$id in the sql query...
Is the id request variable really supposed to contain the article id and the article title? If so, how are third-party extension developers supposed to handle this case?
Anyway, I'll take it to the shape5 support forum.
Thanks again for your time, and sorry for the noise.
Reinhold
Are you sure you're not using a module that's not properly escaping queries (or properly grabbing variables for that matter)? Because this page works:
http://open-tools.net/component/content/article/58-opentools-advanced-order-numbers-for-magento-released.html?tmpl=component
So it's not related to com_content, it's related to a module.
Doesn't seem like a Joomla! issue to me. I don't see any query from com_content that would grab just the
titlecolumn.