Support » Plugin: Newsletters » SQL-Error when email address has a ‘

  • Resolved Adrian

    (@adrian2k7)



    There is an SQL error, when a subscribers email address contains a ‘, which is not correctly escaped.

    For instance: my’address@example.com

    Error:

    You have an error in you
    r SQL syntax; check the manual that corresponds to your MySQL server version for the right syn
    tax to use near 'address@example.com' ORDER BY <code>modified</code> DESC LIMIT 1' at line 1 für Abfrage SELEC
    T * FROM <code>wp_1_wpmlsubscribers</code> WHERE <code>email</code> = 'my'address@example.com' ORDER BY modified DESC LIMIT 1 von do_action_ref_array, WP_Hook->do_action, WP_Hook->apply_filters, wpMail->po
    p_hook, wpMailPlugin->bounce, wpmlDbHelper->find
    • This topic was modified 1 year, 9 months ago by  Adrian.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Tribulant Software

    (@contrid)

    @adrian2k7

    Thank you for reporting this problem and sorry for the inconvenience caused by this.

    An email address can have an apostrophe so this is a bug.
    We are logging it and fixing it on our side right now.

    An update will be released soon with this fix included.

    Does the plugin consider e-mail addresses that start with a number as invalid? I got an error that said an e-mail starting with a digit was invalid but it is a valid address and it worked in the past with this plugin.

    Regarding the apostrophe causing a SQL error, that is a troubling sign that bind parameters with prepared statements aren’t being used in SQL statements which can make SQL injection attacks a possibility.

    Plugin Author Tribulant Software

    (@contrid)

    @adrian2k7 and @hdeadman

    We have resolved the problem with the apostrophe in the email address.

    The plugin allows an email to start with a number/digit, no problem. Where did you get this error message exactly? Under Newsletters > Subscribers while adding a subscriber, or? I look forward to your response with more details on this.

    I had just imported an updated list, over-writing and adding to an old list, then I sent out a newsletter to the new list. A day or two later I was told by someone that not everyone had gotten the newsletter. I looked in the Email Queue and there were about 300 e-mails still in the queue from a list of about 400 e-mails. There was an error message on on the e-mail queue indicating that a particular e-mail address was invalid. The e-mail address (a gmail address) started with a number 1 so I guessed that might be why. I tried getting the queue to resume by clicking run now but it didn’t seem to be going so I removed two e-mails from the list that started with numbers and it started sending again (maybe I clicked run now again). The e-mail it said was invalid was an e-mail that had been used in previous mailings and was an address on the list before I re-imported the list. It did happen be the first e-mail in the list when sorted alphabetically (because it started with 1). The mail server I am pointing at is an Amazon SES smtp server. I am fairly certain that the error message on the queue page said that the e-mail address was invalid or illegal and the error seemed to stop the queue from being processed.

    Plugin Author Tribulant Software

    (@contrid)

    @hdeadman

    There is unfortunately a known problem with error emails in the queue which could lock up the queue in certain cases.

    In our latest development, we have already resolved this by pushing error emails to the end of the queue and first sending all new emails before retrying the ones with errors. The result is that if there are invalid addresses or something which really cannot be sent, only error emails will remain in the queue and the queue can then be cleared after reviewing.

    We will release an update shortly here on WordPress.org If you need this development version now, please submit a ticket to us: http://tribulant.com/support/

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘SQL-Error when email address has a ‘’ is closed to new replies.