justsomeguy Posted April 21, 2006 Share Posted April 21, 2006 c.f. this post: http://w3schools.invisionzone.com/index.ph...indpost&p=19329When I posted reply #11, I received a db error when it tried to send the other guy an email. It did post my message. I didn't copy and paste the message, but it was a SQL syntax error saying it couldn't understand this:t be able to edit this \\n\ challengeIf you see the code in the post, there are some escaped single quotes that probably messed up the SQL statement, I would assume. Link to comment Share on other sites More sharing options...
Jack McKalling Posted May 31, 2006 Share Posted May 31, 2006 I don't understand, what did the error cause, and what caused the error? :)Is there someting that can be done about it by the mods or the admin? Link to comment Share on other sites More sharing options...
justsomeguy Posted May 31, 2006 Author Share Posted May 31, 2006 The error probably didn't mess anything up with the site, I'm not sure what exactly it did. What caused it was most likely improper escaping of a quote, there was a single quote right before the text that it complained about, and the query probably didn't escape that quote and barfed. I'm not sure who has the access to fix this, here's the line that caused the error: if(!confirm('Do really want to decline? You won\'t be able to edit this \\n\ challenge after you decline.'))That escaped single quote in "won't" apparently ended the query. Maybe the slash got escaped, but not the quote, like this:\\'When it should have been:\\\'Anyway, not sure if it's a big deal, but it someone has auto-email notification on and you post something with escaped single quotes, it might barf. Link to comment Share on other sites More sharing options...
justsomeguy Posted May 31, 2006 Author Share Posted May 31, 2006 OK, I got another error when posting the above message. I copied the entire error and I'll paste it here, with the exception that I removed Dan's email address: mySQL query error: INSERT INTO ibf_mail_queue (mail_to,mail_date,mail_subject,mail_content) VALUES('*********@hotmail.com',1149114379,'Topic Subscription Reply Notification','Dan The Prof,justsomeguy has just posted a reply to a topic that you have subscribed to titled "forum db error".----------------------------------------------------------------------The error probably didn\'t mess anything up with the site, I\'m not sure what exactly it did. What caused it was most likely improper escaping of a quote, there was a single quote right before the text that it complained about, and the query probably didn\'t escape that quote and barfed. I\'m not sure who has the access to fix this, here\'s the line that caused the error: if(!confirm(\'Do really want to decline? You won\\'t be able to edit this \\n\ challenge after you decline.\'))That escaped single quote in "won\'t" apparently ended the query. Maybe the slash got escaped, but not the quote, like this:\\\'When it should have been:\\\\'Anyway, not sure if it\'s a big deal, but it someone has auto-email notification on and you post something with escaped single quotes, it might barf.----------------------------------------------------------------------The topic can be found here:http://w3schools.invisionzone.com/index.php?showtopic=4105&view=getnewpostThere may be more replies to this topic, but only 1 email is sent per board visit for each subscribed topic. This isto limit the amount of mail that is sent to your inbox.Unsubscribing:--------------You can unsubscribe at any time by logging into your control panel and clicking on the "View Subscriptions" link.Regards,The W3Schools Forum team.http://w3schools.invisionzone.com/index.php')mySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 't be able to edit this \\n\ challenge after you decline.\'))That escaped sin' at line 1mySQL error code:Date: Wednesday 31st of May 2006 05:26:19 PM You can see the error, it was what I thought it was. It changed this:\'Into this (wrong):\\'Instead of this (correct):\\\' Link to comment Share on other sites More sharing options...
Jack McKalling Posted June 1, 2006 Share Posted June 1, 2006 That sounds logical. So the process form that processes your post should escape not only the backslash, but also the single quotes, if that is not already the case? :)I don't know if it is, or if it can be done, at least the admin might not be able to edit it right now Link to comment Share on other sites More sharing options...
scott100 Posted June 1, 2006 Share Posted June 1, 2006 OK, I got another error when posting the above message. I copied the entire error and I'll paste it here, with the exception that I removed Dan's email address:This just happened to me also when replying to a post:http://w3schools.invisionzone.com/index.ph...indpost&p=26029Not sure why Link to comment Share on other sites More sharing options...
justsomeguy Posted June 1, 2006 Author Share Posted June 1, 2006 Did you include a \\' ? This only happens when someone subscribes to the topic, when it tries to send them an email. Link to comment Share on other sites More sharing options...
scott100 Posted June 1, 2006 Share Posted June 1, 2006 (edited) Did you include a \\' ? This only happens when someone subscribes to the topic, when it tries to send them an email.<{POST_SNAPBACK}> I included this:document.getElementById('myDiv').innerHTML='<div style="color:red" onclick="alert(\'Hello\')">Hello, click me</div>';Dan had also subscribed to this topic so that must have triggered it :)EDIT It just happened again when i posted this, due to the combination of escapted quotes and Dan subscribing Edited June 1, 2006 by scott100 Link to comment Share on other sites More sharing options...
justsomeguy Posted June 1, 2006 Author Share Posted June 1, 2006 Yeah. I'm not sure how the software goes about escaping things, but it needs to escape all backslashes first, and then escape all quotes. Link to comment Share on other sites More sharing options...
scott100 Posted June 1, 2006 Share Posted June 1, 2006 Yeah. I'm not sure how the software goes about escaping things, but it needs to escape all backslashes first, and then escape all quotes.<{POST_SNAPBACK}> So basically remember that this is the way to do it \\\' Like: .innerHTML='<div onclick="alert(\\\'Hello\\\')">Hello</div>';lol people will think im nuts posting that when helping Link to comment Share on other sites More sharing options...
Jack McKalling Posted June 2, 2006 Share Posted June 2, 2006 You're not excusing me subscribing to this topic as the cause, are you? :)I get subscribed automatically, gladly :)I always laugh at when I wrote a little script again, that is HTML, written by JavaScript, echoed by PHP, lol Dazzling slashes Link to comment Share on other sites More sharing options...
aspnetguy Posted June 2, 2006 Share Posted June 2, 2006 You're not excusing me subscribing to this topic as the cause, are you? :)I get subscribed automatically, gladly <{POST_SNAPBACK}> Yes, your subscribing is the cause...not that it is a bad thing...it just triggers a bug in the software. Link to comment Share on other sites More sharing options...
Jack McKalling Posted June 2, 2006 Share Posted June 2, 2006 Lol, in every topic? :) Link to comment Share on other sites More sharing options...
aspnetguy Posted June 2, 2006 Share Posted June 2, 2006 (edited) Lol, in every topic? :)<{POST_SNAPBACK}> no just topics that contain \', etc...it is a character escaping bug.EDIT: LOL I just got it trying to write this reply Edited June 2, 2006 by aspnetguy Link to comment Share on other sites More sharing options...
Jack McKalling Posted June 2, 2006 Share Posted June 2, 2006 I guess every person who was subscribed to those topics would cause them, and that I am not the only one causing this? :)I don't have to be THAT special Link to comment Share on other sites More sharing options...
aspnetguy Posted June 2, 2006 Share Posted June 2, 2006 I guess every person who was subscribed to those topics would cause them, and that I am not the only one causing this? :blink:I don't have to be THAT special <{POST_SNAPBACK}> Oh come on Dan, You are special ...thats right anyone subscribing would cause this error. Link to comment Share on other sites More sharing options...
Jack McKalling Posted June 2, 2006 Share Posted June 2, 2006 Oh come on Dan, You are special ...thats right anyone subscribing would cause this error. <{POST_SNAPBACK}> Thanks :)So we'd wait for the adjustment, wouldn't we? Noone else than the admin can solve this error Link to comment Share on other sites More sharing options...
aspnetguy Posted June 2, 2006 Share Posted June 2, 2006 That's right...we have to wait. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now