The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
||||
|
||||
Issue with ' in user names
I have a chatbox that allows you to enter a text message into a table in the vB DB. The issue that I am having is that if an account has a tick they receive an error message and cannot use the CB.
How in PHP do I set it so that MySQL ignores that tick? Please let me know if you need to see the PHP code. |
#2
|
|||
|
|||
Quote:
addslashes($userinfo['username']) new way: $vbulletin->db->escape_string($vbulletin->userinfo['username']) anyway really u shud be storing userid in the table. Data normalization or whatever. |
#3
|
|||
|
|||
And i woudl be very carefull when using a modification that has this kind of errors.
The error message is not the worst, if the above is happening, your script is open to SQL-injections (a hacker could get direct access to your database and even modify data). |
#4
|
||||
|
||||
I had someone upgrade this script from 3.0.x to 3.5.x and they have implemented the security precations you have mentioned. So my 3.5 script is fine, but I still use the 3.0.x script on a another board and am not sure where to implement the changes in it. I have attached the script.
Thank you for the help! |
#5
|
||||
|
||||
I have resolved the issue on my own.
|
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|