Ok, I have a user that has a ' in his name(Heaven's Hero).. Well, whenever he posts, forumdisplay.php cimes up with this error:

Database error in vBulletin 2.2.1:

Invalid SQL: SELECT COUNT(title) AS starts FROM thread WHERE postusername='Heaven's Hero' AND open!='10'
mysql error: You have an error in your SQL syntax near 's Hero' AND open!='10'' at line 1

mysql error number: 1064

This also happens when you look at the persons Profile...

If anyoen could help.. and tell me what i need to do, it would be greatly appreceated...
thnx in advance...

-Syphin

~ B ~ U ~ M ~ P ~

BTW, I think this is due to PPN's last title hack... =/

-Syphin

Its the "User has started X threads" by Tubedogg.

http://vbulletin.org/forum/showthread.php?s=&postid=201514#post201514

Thnx alot.. ^^ But i dont see why that would mess up forumsdisplay.php also... hmm.. oh well.. thnx.. ^^

-Syphin

it's whatever hack allowed you to put the ' in the name in the first place. Seen this answered over at vb.com a lot.

[QUOTE]Originally posted by JTMON
it's whatever hack allowed you to put the ' in the name in the first place. Seen this answered over at vb.com a lot.

[QUOTE]Originally posted by Syphin


Theres no hack to let you put them in there... Your allowed on any vb thats unhacked... O.o

And i asked at vb.com and they said ask here.. lol oh well... :p seems to be fine now.. =)


-Syphin

It's simple...

In ANY query involving a username... you need to go addslashes($username)

This lets single and double quotes, and dollar signs be read normally.

JYMON... they tell you it's a hack because the standard VB has addslashes everywhere, so that problem CANNOT happen with an unhacked VB.

[QUOTE]Originally posted by Palmer ofShinra
It's simple...

In ANY query involving a username... you need to go addslashes($username)

This lets single and double quotes, and dollar signs be read normally.

JYMON... they tell you it's a hack because the standard VB has addslashes everywhere, so that problem CANNOT happen with an unhacked VB.