Encountered a PHP Fatal error due to an uncaught mysqli_sql_exception
in the system. The error message indicates an issue with SQL syntax, specifically when handling a name with an apostrophe.
The follow log is what my team and I found when one of us found that changing the account password caused the page to go completely white and the POST go return a 500 error code. In the instance the last name would be something like O'Connell and the Connell would be in place of LastName in the log.
[Sun Jan 14 18:04:06.668371 2024] [php:error] [pid 991491] [client 127.0.0.1:54940] PHP Fatal error: Uncaught
mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near 'LastName', email_from = 'email@email.com', email_from_name = 'Name
',...' at line 1 in /var/www/itflow.instance.com/functions.php:935\nStack trace:\n#0
/var/www/itflow.instance.com/functions.php(935): mysqli_query()\n#1
/var/www/itflow.instance.com/post/profile.php(117): addToMailQueue()\n#2
/var/www/itflow.instance.com/post.php(55): require_once('...')\n#3 {main}\n thrown in
/var/www/itflow.instance.com/functions.php on line 935, referer:
https://itflow.instance.com/user_security.php