The quoting of database fields rears its ugly head again, this time with enrolment using Paypal:

PAYPAL ERROR: Error while trying to insert valid transaction

The field that's causing the problem is:

item_name => This I Believe: A Writer's Journey (4/26/06-5/1/06)

With SQL logging turned on, the Apache log includes:

[Fri Feb 17 18:42:06 2006] [error] SQL You have an error in your SQL

syntax near 's Journey (4/26/06-5/1/06)', 11, 342, '0.00', 'User',

'Completed', '90848759S238' at line 1 in

/home/sites/site31/web/learn/enrol/paypal/ipn.php on line 149.

STATEMENT: INSERT INTO mdl_enrol_paypal ( BUSINESS, RECEIVER_EMAIL,

RECEIVER_ID, ITEM_NAME, COURSEID, USERID, TAX, OPTION_NAME1,

PAYMENT_STATUS, TXN_ID, PAYMENT_TYPE ) VALUES ( 'email@mydomain.org',

'email@mydomain.org', 'xxxxxxxxxxxxx', 'This I Believe: A Writer's Journey

(4/26/06-5/1/06)', 11, 342, '0.00', 'User', 'Completed',

'yyyyyyyyyyyyyyyyyy', 'instant' )

magic_quotes_gpc is on.

As far as I can tell, the new object passed to insert_record in lib/datalib.php never gets embedded quotes escaped.