Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > Premium Archives > ibProArcade Archive
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
mysql error in 2.63 Details »»
mysql error in 2.63
Version: , by Curious Too Curious Too is offline
Developer Last Online: Nov 2023 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 09-29-2007 Last Update: Never Installs: 0
 
No support by the author.

I get the following error message when I try to access arcade.php

mySQL query error: SELECT userid FROM user WHERE username='English Muff'n'

mySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'n'' at line 1

The board worked fine until this person won a tournament. Now it won't work at all. I changed the username from English Muff'n to English Muffn but that hasn't helped.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2  
Old 09-30-2007, 05:10 AM
MortysTW MortysTW is offline
 
Join Date: Mar 2005
Location: Southern CA, USA
Posts: 272
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Go into AdminCP>Score Tools> Update Usernames.

Whenever usernames are altered in vB, you gotta go and do the Arcade tools and update the various things.

Update everything making sure you don't do the 1st block which prunes out scores.

Let me know if that solved it.
Reply With Quote
  #3  
Old 09-30-2007, 11:07 AM
okgaz okgaz is offline
 
Join Date: Jun 2007
Posts: 101
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I've got the same error + it has completely disabled the arcade.

It's not that the username has changed it's that it contains an apostrophe ( ' ). Could people use this to inject code? I think the solution is to correctly escape the username using:

http://uk2.php.net/mysql_escape_string
or
http://uk2.php.net/manual/en/functio...ape-string.php

I just searched through all of the PHP files to find out where this query is called and it is:

mod_arcade.php line 276

I'm not an expert on this, does anybody know if it is a security issue as well as it taking the arcade down? Can someone who knows what they are doing patch up the code?

--------------- Added at 14:00 ---------------

Here is a quick fix I have made that stops the error coming up. I'm not sure if there are other problems with usernames with apostrophes that need to be addressed though.

In arcade/modules/mod_arcade.php
Above:
PHP Code:
$sendername    $notify['creat']; 
On line 268 add:
PHP Code:
$notify['creat'] = mysql_real_escape_string($notify['creat']); 
Reply With Quote
  #4  
Old 10-01-2007, 09:35 PM
ashley53680 ashley53680 is offline
 
Join Date: Dec 2003
Posts: 124
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just got this same error after someone with an apostrophe name played a game after the arcade upgrade.

Thank you okgaz for posting the fix, I am interested to know if this is the only one we should be concerned about? Thanks!!!
Reply With Quote
  #5  
Old 10-02-2007, 11:04 AM
Curious Too Curious Too is offline
 
Join Date: Jun 2006
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I had tried updating the usernames. That didn't work because it did not update the tournament winners usernames. I manually changed the tournament winner that had an apostrophe in their username and that got the arcade working again.
Reply With Quote
  #6  
Old 10-03-2007, 05:39 PM
MortysTW MortysTW is offline
 
Join Date: Mar 2005
Location: Southern CA, USA
Posts: 272
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The arcade mod has been updated as of yesterday.

Upgrade to the latest and greatest and report back if you issues have been fixed before any of us try to continue solving this one. Hopefully we are wasting our time and your issues are now fixed with this latest version.

Let's cross our fingers for your sake.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:44 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04876 seconds
  • Memory Usage 2,252KB
  • Queries Executed 21 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit_info
  • (5)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete