I get the following error message when I try to access arcade.php

mySQL query error: SELECT userid FROM user WHERE username='English Muff'n'

mySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'n'' at line 1

The board worked fine until this person won a tournament. Now it won't work at all. I changed the username from English Muff'n to English Muffn but that hasn't helped.

Go into AdminCP>Score Tools> Update Usernames.

Whenever usernames are altered in vB, you gotta go and do the Arcade tools and update the various things.

Update everything making sure you don't do the 1st block which prunes out scores.

Let me know if that solved it.

I've got the same error + it has completely disabled the arcade.

It's not that the username has changed it's that it contains an apostrophe ( ' ). Could people use this to inject code? I think the solution is to correctly escape the username using:

http://uk2.php.net/mysql_escape_string
or
http://uk2.php.net/manual/en/function.mysql-real-escape-string.php

I just searched through all of the PHP files to find out where this query is called and it is:

mod_arcade.php line 276

I'm not an expert on this, does anybody know if it is a security issue as well as it taking the arcade down? Can someone who knows what they are doing patch up the code?

--------------- Added at 14:00 ---------------

Here is a quick fix I have made that stops the error coming up. I'm not sure if there are other problems with usernames with apostrophes that need to be addressed though.

In arcade/modules/mod_arcade.php
Above:
$sendername = $notify['creat'];

On line 268 add:
$notify['creat'] = mysql_real_escape_string($notify['creat']);

Just got this same error after someone with an apostrophe name played a game after the arcade upgrade.

Thank you okgaz for posting the fix, I am interested to know if this is the only one we should be concerned about? Thanks!!!

I had tried updating the usernames. That didn't work because it did not update the tournament winners usernames. I manually changed the tournament winner that had an apostrophe in their username and that got the arcade working again.

The arcade mod has been updated as of yesterday.

Upgrade to the latest and greatest and report back if you issues have been fixed before any of us try to continue solving this one. Hopefully we are wasting our time and your issues are now fixed with this latest version.

Let's cross our fingers for your sake.