Quote:
|
Originally Posted by albertchui
I always got the mysql error messages when customers click smart search, does any one know why, below is the detail message:
Backtrace:
/home/fineart/public_html/include/func/func.db.php:180
/home/fineart/public_html/include/func/func.db.php:106
/home/fineart/public_html/include/func/func.db.php:395
/home/fineart/public_html/include/bench.php:231
|
The bench.php file is not correctly escaping the ' character in the URL parameter. Any SQL query should always sanitize the input before executing the query. This could potentially be a security issue. I would contact X-Cart for a patch.
Bill