Hello folks,
I need some assistance here. Whenever someone uses an apostrophe in the profile comments, it generates a database issue. Is this something that has an easy fix?
On the user's end, they are getting an 'anonymous' name come up instead of their username (even though they are logged in), but if you refresh, the comment does appear about 75% of the time.
Can anyone lend me a hand in getting this corrected?
|
Sounds like the input data is not getting filtered. Whenever an apostrophe is in an input field, it has to be doubled to two apostrophes before saving to a database, or it will truncate all data after it and generally generate an sql error.... All input fields should be filtered for this, as well as some other characters to prevent sql injection.
In english, it is a code bug.
|
During adding comments we use next:
$sText = process_db_input($_REQUEST['CmtText'], !$this->isTagsAllowed());
so this always check - are allow all HTML Tags or not.
Checking is logged member or not simple too:
(so if your cookies is empty - you not logged in
function _getAuthorId ()
{
global $logged;
if (!$logged['member']) return 0;
return $_COOKIE['memberID'];
}
|
So, it looks like we've identified the issue (yomamma) and given me some advice as to how to fix it (AndreyP), but unfortunately I'm a novice when it comes to coding. So, I need some additional assistance.
Can you tell me in which files to adjust these functions, etc?
|
What you want as result?
If member not logged, so its name - 'anonymous', .. what wrong?
|
Unfortunately, this is not stopping the database errors.
Could this be a solution? Magic quotes in .htaccess file?
http://www.tizag.com/phpT/php-magic-quotes.php
|
What you want as result?
If member not logged, so its name - 'anonymous', .. what wrong?
AndreyP,
The problem is that members ARE logged in and it still shows them as 'anonymous' after adding comments and clicking submit.
|
This is the database errors that I was getting this morning....
INSERT INTO ActivityActions (action_actiontype_id, action_date, action_user_id, action_icon, action_text) VALUES ( '4', '1223466121', '8', 'action_postcomment.gif', 'WDBArnyVee posted a
comment on Bigbearsg\'s profile:Greg, I\\'m just testin\\' out a
posting issue that\\'s been \\'on my nerves\\' fo...')
Mysql error: You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near 'm just
testin\\' out a posting issue that\\'s been \\'on my nerves\\' fo...
|
Is this a possible solution? And, if so how do I do it? Be gentle, I'm a newbie to Dolphin :)
http://www.webmasterworld.com/forum88/7388.htm
Edited: Someone has mentioned in the Expertzzz forumz that this could be a possible bug in an 'activity' mod that we had installed on the site. So, I will be checking with the author of that mod for assistance.
|
So why you asking us about not our mod? I even don`t know what is this mod :)
Ask about your issue mod owner. Possible he know why his mod give error.
and maybe this mod change comment owner .. recheck this.
|