Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Issue information

Issue ID
#023406
Status
Unconfirmed
Version
1.1.1
Fixed in
-

Issue Confirmations

Yes (0)No (0)

Converge doesn't escape email addresses when importing users

Posted by Cap'n Refsmmat on 13 June 2010 - 07:33 PM

When importing users from IPB to Converge, Converge throws a SQL error because user email addresses are not SQL-escaped before being used in this query:

SELECT converge_id, converge_email, converge_extra FROM cvg_members_converge WHERE converge_email IN ([email addresses])

One member's email address contains an apostrophe. (It was imported from vBulletin that way. I don't know if IPB allows apostrophes to be entered in emails normally.)

We cannot import our users this way. Also, not escaping seems like a Bad Idea.

Back to IP.Converge