j0rd
05-15-2007, 06:28 AM
I got this database error emailed to me today.
Database error in vBulletin 3.6.5:
Invalid SQL:
SELECT user.avatarid, user.avatarrevision, avatarpath, NOT ISNULL(customavatar.userid) AS hascustom, customavatar.dateline,
customavatar.width, customavatar.height
FROM user AS user
LEFT JOIN avatar AS avatar ON avatar.avatarid = user.avatarid
LEFT JOIN customavatar AS customavatar ON customavatar.userid = user.userid
WHERE user.userid = cc;
MySQL Error : Unknown column 'cc' in 'where clause'
Error Number : 1054
Date : Monday, May 14th 2007 @ 10:13:45 PM
Script : http://fnk.ca/board/private.php?s=&pp=&folderid=-1
Referrer : http://fnk.ca/board/private.php?s=&pp=&folderid=-1
IP Address : 74.98.103.xxx
Username : F*r*a*
Classname : vb_database
Tracked the code down. It's in this file: includes/functions_user.php
The code in question is:
function fetch_avatar_url($userid)
{
global $vbulletin;
if ($avatarinfo = $vbulletin->db->query_first_slave("
SELECT user.avatarid, user.avatarrevision, avatarpath, NOT ISNULL(customav
customavatar.width, customavatar.height
FROM " . TABLE_PREFIX . "user AS user
LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON avatar.avatarid = user.a
LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON customavatar
WHERE user.userid = $userid"))
Which i then changed to:
function fetch_avatar_url($userid)
{
global $vbulletin;
// Scrub the userid
$userid = intval($userid);
if ($avatarinfo = $vbulletin->db->query_first_slave("
SELECT user.avatarid, user.avatarrevision, avatarpath, NOT ISNULL(customav
customavatar.width, customavatar.height
FROM " . TABLE_PREFIX . "user AS user
LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON avatar.avatarid = user.a
LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON customavatar
WHERE user.userid = $userid"))
Not sure what code is calling it with the bad error, but i don't really care, the field should be scrubbed anyways before it's passed to the query.
Please comment
Database error in vBulletin 3.6.5:
Invalid SQL:
SELECT user.avatarid, user.avatarrevision, avatarpath, NOT ISNULL(customavatar.userid) AS hascustom, customavatar.dateline,
customavatar.width, customavatar.height
FROM user AS user
LEFT JOIN avatar AS avatar ON avatar.avatarid = user.avatarid
LEFT JOIN customavatar AS customavatar ON customavatar.userid = user.userid
WHERE user.userid = cc;
MySQL Error : Unknown column 'cc' in 'where clause'
Error Number : 1054
Date : Monday, May 14th 2007 @ 10:13:45 PM
Script : http://fnk.ca/board/private.php?s=&pp=&folderid=-1
Referrer : http://fnk.ca/board/private.php?s=&pp=&folderid=-1
IP Address : 74.98.103.xxx
Username : F*r*a*
Classname : vb_database
Tracked the code down. It's in this file: includes/functions_user.php
The code in question is:
function fetch_avatar_url($userid)
{
global $vbulletin;
if ($avatarinfo = $vbulletin->db->query_first_slave("
SELECT user.avatarid, user.avatarrevision, avatarpath, NOT ISNULL(customav
customavatar.width, customavatar.height
FROM " . TABLE_PREFIX . "user AS user
LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON avatar.avatarid = user.a
LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON customavatar
WHERE user.userid = $userid"))
Which i then changed to:
function fetch_avatar_url($userid)
{
global $vbulletin;
// Scrub the userid
$userid = intval($userid);
if ($avatarinfo = $vbulletin->db->query_first_slave("
SELECT user.avatarid, user.avatarrevision, avatarpath, NOT ISNULL(customav
customavatar.width, customavatar.height
FROM " . TABLE_PREFIX . "user AS user
LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON avatar.avatarid = user.a
LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON customavatar
WHERE user.userid = $userid"))
Not sure what code is calling it with the bad error, but i don't really care, the field should be scrubbed anyways before it's passed to the query.
Please comment