Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page Mysql burping with " symbols
FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #1  
Old 01-12-2006, 04:22 PM
Cyricx Cyricx is offline
 
Join Date: Aug 2002
Location: Missouri
Posts: 1,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Mysql burping with " symbols
Hopefully someone can help me out before I lose my hair

I've got this insert string and unfortunately when a " is used in the newtitle it stops the query then.

For example if you put asd"fgh it'll only put asd into the database and ignore the rest.

Here is the query I'm using

Code:
  $db->query_write("INSERT INTO " .TABLE_PREFIX. "title_wars
  (
  newtitle,
  attacker,
  victim,
  attackerid,
  victimid
  ) VALUES (
   '". $db->escape_string($_POST['newtitle'])."',
   '" . $db->escape_string($_POST['attacker']) . "',
   '" . $db->escape_string($_POST['victim']) . "',
   '" . $db->escape_string($vbulletin->userinfo['userid']) . "',
   '" . $db->escape_string($_POST['victimid']) . "'
  )");
Any ideas?
Reply With Quote
  #2  
Old 01-12-2006, 04:35 PM
Hellcat Hellcat is offline
 
Join Date: May 2003
Location: Germany
Posts: 560
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You might have to escape the string.

Example: asd"fgh would be asd\"fgh (note the additional \ ).
That way the SQL server "knows" the " are part of the text and not the end of it.

You can use the PHP function addslashes() to do this.

First escape your string with addslashes() and then use that result in the query.
Should do the trick
Reply With Quote
  #3  
Old 01-12-2006, 04:44 PM
Cyricx Cyricx is offline
 
Join Date: Aug 2002
Location: Missouri
Posts: 1,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hmm I tried this

Code:
 $_POST['newtitle'] = addslashes($_POST['newtitle']);
$db->query_write("INSERT INTO " .TABLE_PREFIX. "title_wars
(
newtitle,
attacker,
victim,
attackerid,
victimid
) VALUES (
'" . $db->escape_string($_POST['newtitle'])."',
'" . $db->escape_string($_POST['attacker']) . "',
'" . $db->escape_string($_POST['victim']) . "',
'" . $db->escape_string($vbulletin->userinfo['userid']) . "',
'" . $db->escape_string($_POST['victimid']) . "'
)");
and

Code:
$_POST['newtitle'] = addslashes($_POST['newtitle']);
$db->query_write("INSERT INTO " .TABLE_PREFIX. "title_wars
(
newtitle,
attacker,
victim,
attackerid,
victimid
) VALUES (
'".$_POST['newtitle']."',
'" . $db->escape_string($_POST['attacker']) . "',
'" . $db->escape_string($_POST['victim']) . "',
'" . $db->escape_string($vbulletin->userinfo['userid']) . "',
'" . $db->escape_string($_POST['victimid']) . "'
)");
No luck with either

Course, i've also tried using

'" . addslashes($_POST['newtitle'])."',

in the db query too and no luck

I kinda stumble around til it works so I may be completely misunderstanding you hehe.
Reply With Quote
  #4  
Old 01-12-2006, 05:04 PM
Hellcat Hellcat is offline
 
Join Date: May 2003
Location: Germany
Posts: 560
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hmm....
Maybe try not to put the new value into the $_POST global, but rather into a local variable.
Like $newtitle = addslashes($_POST['newtitle']); and using $newtitle in the query.

If that doesn't work I'm out of ideas as well for the moment....
Reply With Quote
  #5  
Old 01-12-2006, 05:09 PM
Cyricx Cyricx is offline
 
Join Date: Aug 2002
Location: Missouri
Posts: 1,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Bugger, no good

I even converted the code over to the gpc stuff and tried add slashes and escape, then tried just add slashes, then just escape

Code:
      $vbulletin->input->clean_array_gpc('p', array(
        'victimid'  => TYPE_INT,
        'victim' => TYPE_STR,
        'attacker' => TYPE_STR,
        'newtitle'    => TYPE_STR,
    ));
  $newpreslashedtitle =& $vbulletin->GPC['newtitle'];
  $newslashedtitle = addslashes($newpreslashedtitle);
  $db->query_write("INSERT INTO " .TABLE_PREFIX. "title_wars
  (
  newtitle,
  attacker,
  victim,
  attackerid,
  victimid
  ) VALUES (
   '" . $db->escape_string($newslashedtitle) . "',
   '" . $db->escape_string($vbulletin->GPC['attacker']) . "',
   '" . $db->escape_string($vbulletin->GPC['victim']) . "',
   '" . $db->escape_string($vbulletin->userinfo['userid']) . "',
   '" . $db->escape_string($vbulletin->GPC['victimid']) . "'
  )");
And it will still only grab the characters before the " and stops there

Man sooo close

Thanks anyway Hellcat

I'm gonna go dig through some more files.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 05:48 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03678 seconds
  • Memory Usage 2,197KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete