Jump to content

Recommended Posts

Hey there,

I thought I had sufficent protection from crashes, but evidently not,

When I edit news, wich is a simple UPDATE query I get the error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'etty princess )rnseernitrndoesrnitrnwhenrnirntryrntornwriternlikernthis.' WHER' at line 1

etc

However I have protected the input by using this function:

<?php
function clean($string)
{
    if (get_magic_quotes_gpc())
    {
        $string = stripslashes($string);
    } elseif (!get_magic_quotes_gpc())
    {
        $string = addslashes(trim($string));
    }
    $string = trim($string);
    //$string = escapeshellcmd($string);//Uncomment if the website uploading to allows this.
    $string = mysql_real_escape_string($string);
    $string = stripslashes(strip_tags(htmlspecialchars($string)));
    return $string;
}?>

So, why am I returning an error?

Do you want to/need to see the edit page?

EDIT: I was wanting to know why it doesn't escape from the entered data, I have made sure I sercured it..

Link to comment
https://forums.phpfreaks.com/topic/155605-solved-sql-error/
Share on other sites

Someone else (*** see note below) posted that code in this forum not too long ago and I pointed out all the problems in it and posted corrected code - http://www.phpfreaks.com/forums/index.php/topic,248314.msg1162551.html#msg1162551

 

Wherever you got that code from, some hacker probably posted it so that he could break into your site/database. I hope you did need to supply any identifying information at the site where you got that from that leads back to your domain.

 

*** Edit: And in looking up that previous link, it turns out it was jrws who previously posted the same code. If you are not going to use the help you get, bad code will always be bad code.

Link to comment
https://forums.phpfreaks.com/topic/155605-solved-sql-error/#findComment-819059
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.