Skip to content

GitLab

Open
Created by jitendra@jitendraDeveloper

Get API Error: "invalid string" if param value contains `select` string in it

To replicate execute the following apis.

civicrm_api3('Contact', 'get', ['display_name' => 'selecton person name']);

or

civicrm_api3('Contribution', 'get', [
  'sequential' => 1,
  'source' => "xxxxselect xxxx",
]);

or any other entity with select string in the param value.

The problematic part is https://github.com/civicrm/civicrm-core/blob/master/api/v3/utils.php#L884-L886, which results into an error if param value contains select string in it.

Seems to be present in core from a long time. Why is input params considered as an invalid string for SELECT? Is it to avoid any SQL queries in the params? If yes, probably we can replace it with a more valid check? eg an existence of select, from, etc?

Edited by jitendra
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information