Symphony.

Hey guys,

When I submit my contact form it gets posted to the correct section ok but fails when trying to find the user's corresponding e-mail address.

Instead, it throws a pretty looking page with the following:

Symphony Fatal Database Error

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''user'')' at line 1

An error occurred while attempting to execute the following query SELECT SQL_CACHEemail,firstnameFROMsymauthorsWHERE ?usernameIN (''user'')

it's meant to read IN ('user') but I can't figure out where to change it or why this error is being triggered, my form reads like this:

<form method="post"> <fieldset> <label>Name <input type="text" name="fields[name]" value="" required="required"/></label> <br/> <label>Email <input type="email" name="fields[e-mail]" value="" required="required"/></label> <br/> <label>Message <textarea name="fields[message]" rows="5" cols="21" required="required"></textarea></label> <input name="send-email[sender-email]" value="fields[e-mail]" type="hidden" /> <input name="send-email[sender-name]" value="fields[name]" type="hidden" /> <input name="send-email[subject]" value="You are being contacted" type="hidden" /> <input name="send-email[body]" value="fields[message]" type="hidden" /> <input name="send-email[recipient]" value='user' type="hidden" /> <input id="submit" type="submit" name="action[save-message]" value="Send Message" /> </fieldset> </form>

Anyone got any ideas? :)

I'm not sure if this would matter, but it looks like you're using double quotes for all attributes except for the user value. What if you were consistent and use double quotes instead of single quotes. The query looks like it's getting hung up on double single quotes.

Sorry, they were originally in double quotes, tried single to see if it would work but both end up with the same error =/

The other possible option is to just use value=user which I believe is valid HTML5 but of course the XSLT processor needs it to be in quotes to parse correctly.

Thanks for your input =)

My boss fixed it by adding the following under Symphony::Database()->cleanFields($fields); in the event.section.php file:

$fields['recipient'] = trim($fields['recipient'], '†'');

† is meant to be a back slash but the forum escapes it

Hope this helps someone!

This is caused by the following line:

$fields['recipient']        = Symphony::Database()->fetch("SELECT `email`, `first_name` FROM `sym_authors` WHERE `username` IN ('".implode("', '", $fields['recipient'])."') ");

on line 180 of symphony/lib/toolkit/events/event.section.php.

The Symphony::Database()->cleanFields($fields); function adds the single quotest to te recipients, but the query does so, too.

Replacing line 180 with

$fields['recipient']        = Symphony::Database()->fetch("SELECT `email`, `first_name` FROM `sym_authors` WHERE `username` IN (".implode(", ", $fields['recipient']).") ");

should fix this.

@fetimo Please pull from Github, I've pushed another commit to fix this hotfix.

For what it's worth, 2.2.1 uses a completely different method for send-mail which provides more verbose error messages and removes the direct query to the authors table.

@brendo that's fixed it, thanks very much for doing that :)

Any idea why when I send the email send-email[body] is populated by the literal string 'fields[message]' instead of what's in fields[message]? Debug says everything was successful, including the right value for fields[message], it's just not reflected in the e-mail.

Phew! Move your fix further up into the function __sendEmailFindFormValue and don’t apply the fix of creativedutchmen nor your boss’. Instead, add $needle = trim($needle, '\''); at the start of mentioned function – about line 151. This should solve both issues; belongs to 2.2 of Symphony.