Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > General > Member Archives
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Which is the better code to use? Details »»
Which is the better code to use?
Version: , by Boofo Boofo is offline
Developer Last Online: Jun 2012 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 04-28-2003 Last Update: Never Installs: 0
 
No support by the author.

Can anyone pleases tell me which one of theses pieces of code is actually better to use in the register.php?

$getuser=$DB_site->query_first("SELECT username FROM user WHERE username='".addslashes($username)."'");

or

$getuser=$DB_site->query_first("SELECT username FROM user WHERE username='".addslashes(htmlspecialchars($username) )."'");

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2  
Old 04-28-2003, 09:30 PM
DigitalDesktops DigitalDesktops is offline
 
Join Date: Mar 2003
Location: Scotland, UK
Posts: 161
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

the second one i believe
Reply With Quote
  #3  
Old 04-28-2003, 09:32 PM
filburt1 filburt1 is offline
 
Join Date: Feb 2002
Location: Maryland, US
Posts: 6,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If usernames are already htmlspecialchar'ed in the database, then the second one.
Reply With Quote
  #4  
Old 04-28-2003, 09:40 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Today at 05:32 PM filburt1 said this in Post #3
If usernames are already htmlspecialchar'ed in the database, then the second one.
Ok, how would I find out if they are?
Reply With Quote
  #5  
Old 04-28-2003, 09:42 PM
filburt1 filburt1 is offline
 
Join Date: Feb 2002
Location: Maryland, US
Posts: 6,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Register at your own forums using a username with a > in it, and then run these query:
[sql]
SELECT username FROM user WHERE username LIKE "%>%";
SELECT username FROM user WHERE username LIKE "%>%";
[/sql]

edit: of course vB is parsing the entities...
Reply With Quote
  #6  
Old 04-28-2003, 09:52 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Here's the db error I got that is the basis for this question.

Database error in vBulletin 2.2.9:

Invalid SQL: SELECT username FROM user WHERE username='Julie'34'
mysql error: You have an error in your SQL syntax near '34'' at line 1

mysql error number: 1064

Date: Monday 28th of April 2003 02:03:42 PM
Script: http://www.bearfacts2.com/forum/forum/register.php
Referer: http://www.bearfacts2.com/forum/regi...p?action=check
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:23 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03893 seconds
  • Memory Usage 2,247KB
  • Queries Executed 21 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit_info
  • (5)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete