FRIHOSTFORUMSFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

Frihost blog post bug

   Frihost Forum Index -> Support and Web Hosting -> Frihost Support
 


D'Artagnan
I've got the following message:

Code:

Error, inserting blog post topic failed

DEBUG MODE

SQL Error : 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Artagnan','1', '157')' at line 1

SELECT * FROM [b]REMOVED BY ME*[/b]

Line : 103
File : create_blog_post.php
 

*If you need the full sql i can post it, i've removed it to avoid possible security problems... pm if you need...

talking what you already now, its a sql problem , related to ' in my nick...
I used to get a error like this in the past when i tryed to signup my acc:
http://www.frihost.com/forums/vt-44568.html&highlight=

probably i'm the only getting this problem, but i have no hurry to use the blogs, just thought you would like to know, might be a security flaw...
mathiaus
It's because of the ' in your name between the D and the A. Basically your a pain Razz
Should be an easy fix though, just have to wait for it.
rvec
mathiaus wrote:
It's because of the ' in your name between the D and the A. Basically your a pain Razz
Should be an easy fix though, just have to wait for it.

Yeah 'just' wait for Bondings to fix it Razz
D'Artagnan
i have no problem waiting =)

my only fear is regarding security here, since generally problems related to delimiting characters (') with SQL, mean a open door for SQL injections, depending on the knlowlegde of the "bad element", it may give huge headaches.
Bondings
Yeah I know that it can be a security bug. Luckily I restricted the usernames to normal characters, so you are most likely the only (active) member with that problem and hence I doubt it can be abused by someone. I'll definitely fix it when I find some time. Thanks for reporting this.
rvec
Bondings wrote:
Yeah I know that it can be a security bug. Luckily I restricted the usernames to normal characters, so you are most likely the only (active) member with that problem and hence I doubt it can be abused by someone. I'll definitely fix it when I find some time. Thanks for reporting this.

Someone could register with a username with ' in it after reading this Razz ....
D'Artagnan
The issue is still open, even though it's just with me , i know you have big hearths and will fix it...


...or i'll sue you because you are excluding people with ' in their names and start the WFPWAITNN world fundation for people with apostrophes in theyr names.
Reply to topic    Frihost Forum Index -> Support and Web Hosting -> Frihost Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.