OJS <= 2.4.7 + PostgreSQL DB error in PKPUserDAO.inc.php

Hi,

I found a query in PKPUserDAO.inc.php:

436                         case USER_FIELD_INTERESTS:
437                                 $interestDao =& DAORegistry::getDAO('InterestDAO');  // Loaded to ensure interest constant is in namespace
438                                 $sql .=', controlled_vocabs cv, controlled_vocab_entries cve, controlled_vocab_entry_settings cves, user_interests ui
439                                         WHERE cv.symbolic = "' . CONTROLLED_VOCAB_INTEREST .  '" AND cve.controlled_vocab_id = cv.controlled_vocab_id
440                                         AND cves.controlled_vocab_entry_id = cve.controlled_vocab_entry_id AND LOWER(cves.setting_value) ' . ($match == 'is' ? '=' : 'LIKE')     . ' LOWER(?)
441                                         AND ui.user_id = u.user_id AND cve.controlled_vocab_entry_id = ui.controlled_vocab_entry_id';
442                                 $var = $match == 'is' ? $value : "%$value%";
443                                 break;

WHERE cv.symbolic = "’ . CONTROLLED_VOCAB_INTEREST . '" AND cve.controlled_vocab_id = cv.controlled_vocab_id

PostgreSQL can’t handle string inside ", only inside ‘.
I change my line to:
WHERE cv.symbolic = '’ . CONTROLLED_VOCAB_INTEREST . '’ AND cve.controlled_vocab_id = cv.controlled_vocab_id

Not the best way, I know, but working for me.
Other people is with the same problem.

What is the best way to get it right?

/var/log/apache/error.log

[Fri Oct 16 13:57:37.914103 2015] [:error] [pid 2076] [client 143.107.8.25:29190] ojs2: DB Error: ERROR: column “interest” does not exist\nLINHA 2: WHERE cv.symboli c = “interest” AND cve.controlled_vocab…\n

Hi @Tarcisio_Pereira,

Your fix is correct – I’ve committed it to the ojs-dev-2_4 and ojs-stable-2_4_7 branches. See Fix non-portable SQL string quoting · pkp/pkp-lib@b95ed91 · GitHub for details.

Thanks for contributing!

Regards,
Alec Smecher
Public Knowledge Project Team

Thank you guys for the amazing job!