ixian
02-28-2002, 02:23 PM
Howdy,
Every once and a while, I will get an email with this kind of error:
Database error in vBulletin 2.2.1:
Invalid SQL: SELECT COUNT(title) AS starts FROM thread WHERE postusername=''tkz' AND open!='10'
mysql error: You have an error in your SQL syntax near 'tkz' AND open!='10'' at line 1
mysql error number: 1064
It's not limited to that user. The thing I have noticed they all have in common is the affected users all have a ' in their username somewhere. The username isn't being escaped correctly, I would guess, but I can't figure out how to correct it.
This doesn't seem to prevent them from posting - I can still see them. I'm not sure what the deal is.
Maybe this is a common problem but I couldn't do a search for it since "SQL" is under the 4 word search limit. So's Php. Might want to look into that:-)
Any ideas?
Every once and a while, I will get an email with this kind of error:
Database error in vBulletin 2.2.1:
Invalid SQL: SELECT COUNT(title) AS starts FROM thread WHERE postusername=''tkz' AND open!='10'
mysql error: You have an error in your SQL syntax near 'tkz' AND open!='10'' at line 1
mysql error number: 1064
It's not limited to that user. The thing I have noticed they all have in common is the affected users all have a ' in their username somewhere. The username isn't being escaped correctly, I would guess, but I can't figure out how to correct it.
This doesn't seem to prevent them from posting - I can still see them. I'm not sure what the deal is.
Maybe this is a common problem but I couldn't do a search for it since "SQL" is under the 4 word search limit. So's Php. Might want to look into that:-)
Any ideas?