Title: Sql error onsave
Last modified: December 10, 2018

---

# Sql error onsave

 *  Resolved [dbadoinot](https://wordpress.org/support/users/dbadoinot/)
 * (@dbadoinot)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/sql-error-onsave/)
 * Hi,
 * There is a strange behavior, it happens when I configure contact form 7 with 
   a textarea or text field containing a placeholder. When the form is submitted,
   simple quotes are not escaped on the database, so when I go to the details of
   the submitted form from the backend side, the plugin tries to pass form to “read”
   but the sql query failed:
 * Extract from the PHP error_log:
    The generate query looks like:
 *     ```
       UPDATE wp_db7_forms SET form_value ='a:3:{s:12:"cfdb7_status";s:4:"read";s:3:"nom";s:11:"test ' test";s:12:"your-message";s:4:"test";}'
       ```
   
 * You can see that the data “test ‘ test” is not escape.
 * If there is no placeholder on my textarea field, all works fine.
 * Do you plan to fix it ?
    Thank you !
 * Test Environment:
    PHP: 7.2.12 Wordpress: 4.9.8 Contact form 7: 5.0.5 Contact
   Form CFDB7: 1.2.4.3 No other plugin.

Viewing 7 replies - 1 through 7 (of 7 total)

 *  Plugin Author [Arshid](https://wordpress.org/support/users/arshidkv12/)
 * (@arshidkv12)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/sql-error-onsave/#post-10971247)
 * Please send correct error log and cf7 shortcode details.
    -  This reply was modified 7 years, 6 months ago by [Arshid](https://wordpress.org/support/users/arshidkv12/).
 *  Thread Starter [dbadoinot](https://wordpress.org/support/users/dbadoinot/)
 * (@dbadoinot)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/sql-error-onsave/#post-10972337)
 * Here are the details:
 * Contact form 7 template:
 *     ```
       [text* name placeholder "your-name"]
       [textarea* your-message placeholder "your-message"]
       [submit "Send"]
       ```
   
 * Error on the detail page:
 *     ```
       [Tue Dec 11 08:35:18.753909 2018] [php7:notice] [pid 219] [client 10.42.42.118:47792] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'toto";s:12:"your-message";s:7:"message";}' WHERE form_id = 21' at line 2 for query UPDATE wp_db7_forms SET form_value =\n                            'a:3:{s:12:"cfdb7_status";s:4:"read";s:4:"name";s:11:"test ' toto";s:12:"your-message";s:7:"message";}' WHERE form_id = 21 made by do_action('toplevel_page_cfdb7-list'), WP_Hook->do_action, WP_Hook->apply_filters, Cfdb7_Wp_Main_Page->list_table_page, CFdb7_Form_Details->__construct, CFdb7_Form_Details->form_details_page, referer: http://10.42.42.41:7080/wp-admin/admin.php?page=cfdb7-list.php&fid=5
       10.42.42.118 - - [11/Dec/2018:08:35:18 +0000] "GET /wp-admin/admin.php?page=cfdb7-list.php&fid=5&ufid=21 HTTP/1.1" 200 6559 "http://10.42.42.41:7080/wp-admin/admin.php?page=cfdb7-list.php&fid=5" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36"
       ```
   
 * The shortcode who generate error (wp-content/plugins/contact-form-cfdb7/inc/admin-
   form-details.php:83):
 *     ```
       $form_data['cfdb7_status'] = 'read';
       $form_data = serialize( $form_data );
       $form_id = $results[0]->form_id;
   
       $cfdb->query( "UPDATE $table_name SET form_value =
           '$form_data' WHERE form_id = $form_id"
       );
       ```
   
 * Thanks
 *  Plugin Author [Arshid](https://wordpress.org/support/users/arshidkv12/)
 * (@arshidkv12)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/sql-error-onsave/#post-10972876)
 * Change field name “name” to some other name.
 *  Thread Starter [dbadoinot](https://wordpress.org/support/users/dbadoinot/)
 * (@dbadoinot)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/sql-error-onsave/#post-10972911)
 * i changed the contact form 7 to :
 *     ```
       [text* mydata1 placeholder "your-name"]
       [textarea* mydata2 placeholder "your-message"]
       [submit "Send"]
       ```
   
 * but the problem still present:
 *     ```
       [Tue Dec 11 11:05:47.995663 2018] [php7:notice] [pid 218] [client 10.42.42.118:57350] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'try";s:7:"mydata2";s:15:"body of message";}' WHERE form_id = 22' at line 2 for query UPDATE wp_db7_forms SET form_value =\n                            'a:3:{s:12:"cfdb7_status";s:4:"read";s:7:"mydata1";s:13:"another ' try";s:7:"mydata2";s:15:"body of message";}' WHERE form_id = 22 made by do_action('toplevel_page_cfdb7-list'), WP_Hook->do_action, WP_Hook->apply_filters, Cfdb7_Wp_Main_Page->list_table_page, CFdb7_Form_Details->__construct, CFdb7_Form_Details->form_details_page, referer: http://10.42.42.41:7080/wp-admin/admin.php?page=cfdb7-list.php&fid=5
       10.42.42.118 - - [11/Dec/2018:11:05:47 +0000] "GET /wp-admin/admin.php?page=cfdb7-list.php&fid=5&ufid=22 HTTP/1.1" 200 6573 "http://10.42.42.41:7080/wp-admin/admin.php?page=cfdb7-list.php&fid=5" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36"
       ```
   
 * i send in input:
    “another ‘ try” to data1 field “body of message” to data2 field
 * we can see that on the group words _another ‘ try_ the _‘_ char is not escape.
    -  This reply was modified 7 years, 6 months ago by [dbadoinot](https://wordpress.org/support/users/dbadoinot/).
    -  This reply was modified 7 years, 6 months ago by [dbadoinot](https://wordpress.org/support/users/dbadoinot/).
 *  Plugin Author [Arshid](https://wordpress.org/support/users/arshidkv12/)
 * (@arshidkv12)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/sql-error-onsave/#post-10981484)
 * I will check it soon.
 *  Plugin Author [Arshid](https://wordpress.org/support/users/arshidkv12/)
 * (@arshidkv12)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/sql-error-onsave/#post-10982604)
 * Take CSV backup. Then delete submissions and update plugin and check it.
 *  Thread Starter [dbadoinot](https://wordpress.org/support/users/dbadoinot/)
 * (@dbadoinot)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/sql-error-onsave/#post-10985243)
 * I would like prefer to keep the initial char ‘ or ” instand of transform to html
   char, but it works.
 * Thanks you for your reactivity.

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Sql error onsave’ is closed to new replies.

 * ![](https://ps.w.org/contact-form-cfdb7/assets/icon-256x256.png?rev=1619878)
 * [Database Addon for Contact Form 7 - CFDB7](https://wordpress.org/plugins/contact-form-cfdb7/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/contact-form-cfdb7/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/contact-form-cfdb7/)
 * [Active Topics](https://wordpress.org/support/plugin/contact-form-cfdb7/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/contact-form-cfdb7/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/contact-form-cfdb7/reviews/)

 * 7 replies
 * 2 participants
 * Last reply from: [dbadoinot](https://wordpress.org/support/users/dbadoinot/)
 * Last activity: [7 years, 6 months ago](https://wordpress.org/support/topic/sql-error-onsave/#post-10985243)
 * Status: resolved