I just had a user get the following SQL error:

mySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'a'smooch', 'Your Highscore got beaten', '[size=1][i]This is an automatically gen' at line 1
mySQL error code:
Date: Wednesday 25th of October 2006 10:04:14 AM

The user's name is Mr. Wink'a'smooch.

I told him it was cause his name was horrible, but I thought I'd let you know anyway...

should be fixed in v2.5.7+ and work fine there :)

Dude sql injection!THis is a total hacking pie!
Don't forget addslashes!

omy

dfsafasd

This is all good in v2.5.7+ :)



and no injection-problem because only valid data (username and predefined texts) arrive there, no external data

This is all good in v2.5.7+ :)



and no injection-problem because only valid data (username and predefined texts) arrive there, no external data
Any chance of a fix for this in earlier vesions when you get a moment?

This is all good in v2.5.7+ :)



and no injection-problem because only valid data (username and predefined texts) arrive there, no external data


But knowing this I can create an username for example ' OR ''=' OR '1'='1 or others like that :)