Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
  #1  
Old 02-06-2006, 01:41 AM
ogden2k's Avatar
ogden2k ogden2k is offline
 
Join Date: Apr 2003
Posts: 192
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Issue with ' in user names

I have a chatbox that allows you to enter a text message into a table in the vB DB. The issue that I am having is that if an account has a tick they receive an error message and cannot use the CB.

How in PHP do I set it so that MySQL ignores that tick? Please let me know if you need to see the PHP code.
Reply With Quote
  #2  
Old 02-06-2006, 02:12 AM
tehste tehste is offline
 
Join Date: Feb 2004
Posts: 221
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by ogden2k
I have a chatbox that allows you to enter a text message into a table in the vB DB. The issue that I am having is that if an account has a tick they receive an error message and cannot use the CB.

How in PHP do I set it so that MySQL ignores that tick? Please let me know if you need to see the PHP code.
old way:
addslashes($userinfo['username'])
new way:
$vbulletin->db->escape_string($vbulletin->userinfo['username'])

anyway really u shud be storing userid in the table.
Data normalization or whatever.
Reply With Quote
  #3  
Old 02-06-2006, 06:46 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

And i woudl be very carefull when using a modification that has this kind of errors.

The error message is not the worst, if the above is happening, your script is open to SQL-injections (a hacker could get direct access to your database and even modify data).
Reply With Quote
  #4  
Old 02-06-2006, 11:11 AM
ogden2k's Avatar
ogden2k ogden2k is offline
 
Join Date: Apr 2003
Posts: 192
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I had someone upgrade this script from 3.0.x to 3.5.x and they have implemented the security precations you have mentioned. So my 3.5 script is fine, but I still use the 3.0.x script on a another board and am not sure where to implement the changes in it. I have attached the script.

Thank you for the help!
Attached Files
File Type: php chat.php (5.8 KB, 3 views)
Reply With Quote
  #5  
Old 02-08-2006, 12:30 PM
ogden2k's Avatar
ogden2k ogden2k is offline
 
Join Date: Apr 2003
Posts: 192
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have resolved the issue on my own.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:44 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03964 seconds
  • Memory Usage 2,209KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (1)postbit_attachment
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • postbit_attachment
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete