From 18dda0f5c9a9bba0ebc5c18b2f58653fcfb281c0 Mon Sep 17 00:00:00 2001
From: madflow <>
Date: Mon, 2 Sep 2013 20:42:57 +0200
Subject: [PATCH] Fixed CDbCommand "Syntax error or access violation"  when
 inserting a single quote

---
 application/controllers/survey/index.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/application/controllers/survey/index.php b/application/controllers/survey/index.php
index 8b32c99477c..9b62c773910 100644
--- a/application/controllers/survey/index.php
+++ b/application/controllers/survey/index.php
@@ -602,8 +602,8 @@ function sendreq(surveyid)
         if (!isset($_SESSION['survey_'.$surveyid]['srid']) && $thissurvey['anonymized'] == "N" && $thissurvey['active'] == "Y" && isset($token) && $token !='')
         {
             // load previous answers if any (dataentry with nosubmit)
-            $sQuery="SELECT id,submitdate,lastpage FROM {$thissurvey['tablename']} WHERE {$thissurvey['tablename']}.token='{$token}' order by id desc";
-            $aRow = Yii::app()->db->createCommand($sQuery)->queryRow();
+            $sQuery="SELECT id,submitdate,lastpage FROM {$thissurvey['tablename']} WHERE {$thissurvey['tablename']}.token=:token order by id desc";
+            $aRow = Yii::app()->db->createCommand($sQuery)->bindValues(array(':token' => $token))->queryRow();
             if ( $aRow )
             {
                 if(($aRow['submitdate']==''  && $thissurvey['tokenanswerspersistence'] == 'Y' )|| ($aRow['submitdate']!='' && $thissurvey['alloweditaftercompletion'] == 'Y'))