Jump to content

forum db error


justsomeguy
 Share

Recommended Posts

c.f. this post: http://w3schools.invisionzone.com/index.ph...indpost&p=19329When I posted reply #11, I received a db error when it tried to send the other guy an email. It did post my message. I didn't copy and paste the message, but it was a SQL syntax error saying it couldn't understand this:t be able to edit this \\n\ challengeIf you see the code in the post, there are some escaped single quotes that probably messed up the SQL statement, I would assume.

Link to comment
Share on other sites

  • 1 month later...

The error probably didn't mess anything up with the site, I'm not sure what exactly it did. What caused it was most likely improper escaping of a quote, there was a single quote right before the text that it complained about, and the query probably didn't escape that quote and barfed. I'm not sure who has the access to fix this, here's the line that caused the error: if(!confirm('Do really want to decline? You won\'t be able to edit this \\n\ challenge after you decline.'))That escaped single quote in "won't" apparently ended the query. Maybe the slash got escaped, but not the quote, like this:\\'When it should have been:\\\'Anyway, not sure if it's a big deal, but it someone has auto-email notification on and you post something with escaped single quotes, it might barf.

Link to comment
Share on other sites

OK, I got another error when posting the above message. I copied the entire error and I'll paste it here, with the exception that I removed Dan's email address:

mySQL query error: INSERT INTO ibf_mail_queue (mail_to,mail_date,mail_subject,mail_content) VALUES('*********@hotmail.com',1149114379,'Topic Subscription Reply Notification','Dan The Prof,justsomeguy has just posted a reply to a topic that you have subscribed to titled "forum db error".----------------------------------------------------------------------The error probably didn\'t mess anything up with the site, I\'m not sure what exactly it did.  What caused it was most likely improper escaping of a quote, there was a single quote right before the text that it complained about, and the query probably didn\'t escape that quote and barfed.  I\'m not sure who has the access to fix this, here\'s the line that caused the error:    if(!confirm(\'Do really want to decline? You won\\'t be able to edit this \\n\ challenge after you decline.\'))That escaped single quote in "won\'t" apparently ended the query.  Maybe the slash got escaped, but not the quote, like this:\\\'When it should have been:\\\\'Anyway, not sure if it\'s a big deal, but it someone has auto-email notification on and you post something with escaped single quotes, it might barf.----------------------------------------------------------------------The topic can be found here:http://w3schools.invisionzone.com/index.php?showtopic=4105&view=getnewpostThere may be more replies to this topic, but only 1 email is sent per board visit for each subscribed topic. This isto limit the amount of mail that is sent to your inbox.Unsubscribing:--------------You can unsubscribe at any time by logging into your control panel and clicking on the "View Subscriptions" link.Regards,The W3Schools Forum team.http://w3schools.invisionzone.com/index.php')mySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 't be able to edit this \\n\ challenge after you decline.\'))That escaped sin' at line 1mySQL error code:Date: Wednesday 31st of May 2006 05:26:19 PM

You can see the error, it was what I thought it was. It changed this:\'Into this (wrong):\\'Instead of this (correct):\\\'

Link to comment
Share on other sites

That sounds logical. So the process form that processes your post should escape not only the backslash, but also the single quotes, if that is not already the case? :)I don't know if it is, or if it can be done, at least the admin might not be able to edit it right now :)

Link to comment
Share on other sites

OK, I got another error when posting the above message.  I copied the entire error and I'll paste it here, with the exception that I removed Dan's email address:
This just happened to me also when replying to a post:http://w3schools.invisionzone.com/index.ph...indpost&p=26029Not sure why :)
Link to comment
Share on other sites

Did you include a \\' ?  This only happens when someone subscribes to the topic, when it tries to send them an email.

I included this:document.getElementById('myDiv').innerHTML='<div style="color:red" onclick="alert(\'Hello\')">Hello, click me</div>';Dan had also subscribed to this topic so that must have triggered it :)EDIT It just happened again when i posted this, due to the combination of escapted quotes and Dan subscribing :) Edited by scott100
Link to comment
Share on other sites

Yeah.  I'm not sure how the software goes about escaping things, but it needs to escape all backslashes first, and then escape all quotes.

So basically remember that this is the way to do it \\\' Like: .innerHTML='<div onclick="alert(\\\'Hello\\\')">Hello</div>';lol people will think im nuts posting that when helping :)
Link to comment
Share on other sites

You're not excusing me subscribing to this topic as the cause, are you? :)I get subscribed automatically, gladly :)I always laugh at when I wrote a little script again, that is HTML, written by JavaScript, echoed by PHP, :) lol Dazzling slashes :blink:

Link to comment
Share on other sites

I guess every person who was subscribed to those topics would cause them, and that I am not the only one causing this? :blink:I don't have to be THAT special :)

Oh come on Dan, You are special :)...thats right anyone subscribing would cause this error. :)
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...