Upgrade Error

Topic: Upgrade Error (Read 2483 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

Upgrade Error

November 06, 2015, 09:52:26 pm

QuoteError!
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':value} WHERE variable = {string:variable}' at line 2

I am "fixing" my elkarte site via upgrading as it seems it was still using 1.0.2 base but stuck at the above. How do I resolve that? Any help appreciated.

Re: Upgrade Error

Reply #1 – November 06, 2015, 10:05:01 pm

~~My early research shows that there might be an SQL injection. Huh!? How to fix this? And how to prevent further injection attack?~~

May be not as it seems that the error is caused by this upgrade line for mysql:

Code: [Select]

upgrade_query("
	UPDATE {$db_prefix}settings
	SET value = {string:value}
	WHERE variable = {string:variable}",
	array(
		'value' => $modSettings['avatar_max_height_external'],
		'variable' => 'avatar_max_height'
	)
);
upgrade_query("
	UPDATE {$db_prefix}settings
	SET value = {string:value}
	WHERE variable = {string:variable}",
	array(
		'value' => $modSettings['avatar_max_width_external'],
		'variable' => 'avatar_max_width'
	)
);

I'll need to read and understand the manual now. Sigh...

Re: Upgrade Error

Reply #2 – November 07, 2015, 09:13:10 am

Could be something simple like $modSettings['avatar_max_height_external'] is not set? Seems like that should be wrapped in an if !empty but not sure ... can always replace those with '0' and after the upgrade go to the ACP and set the values you want (assuming that is the problem)

Re: Upgrade Error

Reply #3 – November 07, 2015, 06:51:21 pm

Easier than that: simply upgrade_query doesn't work the same as db->query.
That code is broken, but it's nothing new, the upgrade was never actually tested because it has never been "distributed" (i.e. put in a zip and attached to a release).

Just upload the files, and then make sure to visit the avatars admin area and save the settings. That would be more than enough.

Re: Upgrade Error

Reply #4 – November 08, 2015, 10:23:14 am

Yup. I did that alternative. May be that upgrade can be tested later.

Re: Upgrade Error

Reply #5 – November 08, 2015, 11:27:30 am

Quote from: ahrasis – November 08, 2015, 10:23:14 amMay be that upgrade can be tested later.

In the development branch the upgrade has been almost entirely rewritten (at least some of it) to work with Elk-standard queries style.
It needs testing of course.