GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Anybody know what causes this error in MySQL (https://gfy.com/showthread.php?t=943017)

halfpint 12-11-2009 04:30 PM
Anybody know what causes this error in MySQL
 
When users try to add a listing by typing into a text box and they use any word with a ' so if they type sort's it comes up saying that there is an error in MySQL

Anbody know what causes this or how to fix it


cheers

Linguist 12-11-2009 04:34 PM
Yeah. Use this:

http://php.net/manual/en/function.my...ape-string.php

baddog 12-11-2009 04:34 PM
what is the error?

halfpint 12-11-2009 04:40 PM
Quote:
Originally Posted by baddog (Post 16637572)
what is the error?
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S

halfpint 12-11-2009 04:40 PM
Quote:
Originally Posted by Linguist (Post 16637571)
Thanks Ill take a look at that

neonlights 12-11-2009 04:43 PM
you need to "clean up" your variables by escaping those things that causes mysql to throw up.

$insertthisnowtomysql = mysql_real_escape_string($sometextforinsert)

now just run "INSERT" sql

halfpint 12-11-2009 04:50 PM
Quote:
Originally Posted by neonlights (Post 16637597)
you need to "clean up" your variables by escaping those things that causes mysql to throw up.

$insertthisnowtomysql = mysql_real_escape_string($sometextforinsert)

now just run "INSERT" sql
so its the script and not mysql... cheers

Tanker 12-11-2009 05:09 PM
its the ' use " instead

woj 12-11-2009 05:13 PM
like someone said earlier, just escape the input before putting it in the db...

but that error isn't just some inconvenience, it can often be exploited to hack the script... I would have someone look into it...

halfpint 12-11-2009 05:14 PM
Quote:
Originally Posted by Tanker (Post 16637664)
its the ' use " instead
trouble is its the users that are using ' and not " when they are typing things like mod's

Linguist 12-11-2009 05:33 PM
Quote:
Originally Posted by halfpint (Post 16637683)
trouble is its the users that are using ' and not " when they are typing things like mod's
Like woj said, those users can do more than just cause an error, a few cleverly placed 's from malicious users and you can kiss your data goodbye. I wrote this a few weeks ago:

http://www.embracer.com/2009/databas...sql-injections

halfpint 12-11-2009 05:34 PM
Quote:
Originally Posted by woj (Post 16637680)
like someone said earlier, just escape the input before putting it in the db...

but that error isn't just some inconvenience, it can often be exploited to hack the script... I would have someone look into it...
Thanks

Im not very good when it comes to mysql things and Im not to sure what he means by " just escape the input before putting it in the db...

is this inserted into the database or the script If I cant fix it I will see if sands is about and see if he can fix it or contact the people I bought the script from

halfpint 12-11-2009 05:52 PM
Quote:
Originally Posted by Linguist (Post 16637744)
Like woj said, those users can do more than just cause an error, a few cleverly placed 's from malicious users and you can kiss your data goodbye. I wrote this a few weeks ago:

http://www.embracer.com/2009/databas...sql-injections
Thanks for the info Iv contacted the people who I purchased the script from and have told them what you guys have told me

CYF 12-11-2009 06:08 PM
http://imgs.xkcd.com/comics/exploits_of_a_mom.png

woj 12-11-2009 06:32 PM
Quote:
Originally Posted by CYF (Post 16637823)
:1orglaugh:1orglaugh:thumbsup


All times are GMT -7. The time now is 02:53 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123