Welcome to Geeklog, Anonymous Thursday, December 26 2024 @ 08:46 pm EST
Geeklog Forums
why aren't single quotes escaped from the search form?
Status: offline
wfzimmerman
Forum User
Chatty
Registered: 10/24/03
Posts: 50
I am getting error log messages whenever a user submits a search containing a single quote character to the search form. Why aren't these escaped in 1.3.9? Can I hack around this?
13
16
Quote
Status: offline
wfzimmerman
Forum User
Chatty
Registered: 10/24/03
Posts: 50
here is the error message. It appears to have something to do with static pages.
Fri Apr 2 12:00:57 2004 - 1064: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 's Dracula%' OR sp_content like 'Bram Stoker's Dracula%' OR sp_c. SQL in question: SELECT *,UNIX_TIMESTAMP(sp_date) as day FROM gl_staticpage WHERE (sp_php != '1' AND((sp_content like '%Bram Stoker's Dracula%' OR sp_content like 'Bram Stoker's Dracula%' OR sp_content like '%Bram Stoker's Dracula') OR (sp_title like '%Bram Stoker's Dracula%' OR sp_title like 'Bram Stoker's Dracula%' OR sp_title like '%Bram Stoker's Dracula'))) ORDER BY sp_date desc
Fri Apr 2 12:43:10 2004 - 1064: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 's The Publisher%' OR sp_content like 'Micheael H Thomson's The . SQL in question: SELECT *,UNIX_TIMESTAMP(sp_date) as day FROM gl_staticpage WHERE (sp_php != '1' AND((sp_content like '%Micheael H Thomson's The Publisher%' OR sp_content like 'Micheael H Thomson's The Publisher%' OR sp_content like '%Micheael H Thomson's The Publisher') OR (sp_title like '%Micheael H Thomson's The Publisher%' OR sp_title like 'Micheael H Thomson's The Publisher%' OR sp_title like '%Micheael H Thomson's The Publisher'))) ORDER BY sp_date desc
Fri Apr 2 12:00:57 2004 - 1064: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 's Dracula%' OR sp_content like 'Bram Stoker's Dracula%' OR sp_c. SQL in question: SELECT *,UNIX_TIMESTAMP(sp_date) as day FROM gl_staticpage WHERE (sp_php != '1' AND((sp_content like '%Bram Stoker's Dracula%' OR sp_content like 'Bram Stoker's Dracula%' OR sp_content like '%Bram Stoker's Dracula') OR (sp_title like '%Bram Stoker's Dracula%' OR sp_title like 'Bram Stoker's Dracula%' OR sp_title like '%Bram Stoker's Dracula'))) ORDER BY sp_date desc
Fri Apr 2 12:43:10 2004 - 1064: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 's The Publisher%' OR sp_content like 'Micheael H Thomson's The . SQL in question: SELECT *,UNIX_TIMESTAMP(sp_date) as day FROM gl_staticpage WHERE (sp_php != '1' AND((sp_content like '%Micheael H Thomson's The Publisher%' OR sp_content like 'Micheael H Thomson's The Publisher%' OR sp_content like '%Micheael H Thomson's The Publisher') OR (sp_title like '%Micheael H Thomson's The Publisher%' OR sp_title like 'Micheael H Thomson's The Publisher%' OR sp_title like '%Micheael H Thomson's The Publisher'))) ORDER BY sp_date desc
13
13
Quote
All times are EST. The time is now 08:46 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content