PDA

View Full Version : What does this mean??


MistyMeanor
07-27-2003, 06:24 PM
What does this mean?? This member has said that she gets kicked off the forum every 5 minutes, and can't view the link we have for our Signature Tags. But no one else seems to be having this problem??

Database error in vBulletin 2.2.9:

Invalid SQL: UPDATE webtemplates SET lastvisitorname='Lovin' Momma', lastvisittime='01:17 PM' WHERE title='sig_tags'
mysql error: You have an error in your SQL syntax near 'Momma', lastvisittime='01:17 PM' WHERE title='sig_tags'' at line 1

mysql error number: 1064

Date: Sunday 27th of July 2003 01:17:00 PM
Script: http://www.eotc-pets.com/vb/forums/vb/forums/show.php?pg=sig_tags
Referer: http://www.eotc-pets.com/vb/forums/index.php?s=&menu=2

grog6
07-27-2003, 07:00 PM
You have installed a hack using the webtemplate table ...

Moreover the query used for this hack isn't correct whith the name of your membre which is : Lovin' Momma

The ' included in his username makes the query wrong, try using

UPDATE webtemplates SET lastvisitorname="Lovin' Momma", lastvisittime="01:17 PM" WHERE title="sig_tags"

;)

Xenon
07-28-2003, 09:56 AM
seems someone has forgotten to do a addslashes() around the usernames...

Erwin
07-28-2003, 10:00 AM
You can add the addslashed function to the $bbuserinfo[username] bit of the code, or just change the member's username from Lovin' Momma to Lovin Momma (remove the ' which is causing the problem).

Xenon
07-28-2003, 10:10 AM
the webtemplate hack is by logician, who normaly bugfixes his hacks asap, so you should post in his supportthread so he will know that there's a bug

Logician
07-29-2003, 06:59 AM
1- To fix it, edit show.php, find line:


else {$gettemp1=$DB_site->query("UPDATE webtemplates SET lastvisitorname='$user_username', lastvisittime='$timenow' WHERE title='$pg'");}


Replace it as:

else {$gettemp1=$DB_site->query("UPDATE webtemplates SET lastvisitorname='".addslashes($user_username)"', lastvisittime='$timenow' WHERE title='$pg'");}


2- You are using old version of webtemplates, I would suggest upgrade to new 2.x version

3- Please report bugs in hack threads. I run into that messagely accidently and I would never know about it.

4- Congratulations because you catch a bug in a script which is 1.5 years old. lol. I wonder how come nobody ever run into this bug before, very weird! :)

Xenon
07-29-2003, 09:37 AM
noone els has users with a ' in it ^^