| Author |
 Topic  |
|
StephenD
Senior Member
Australia
1044 Posts |
 Posted - 21 September 2005 : 22:37:29
|
I've got IPGate running and if I do a search for a topic that has an apostrophe in it eg D'Abaco the search returns the correct topics. If you click on the topic then you get this error:
Line 1: Incorrect syntax near 'Abaco'.
/inc_ipgate.asp, line 227
I guess it has something to do with passing an apostrophe to the querystring: topic.asp?TOPIC_ID=517&SearchTerms=D'Abaco
Line 227 in inc_ipgate is the sub loguser:sub loguser()
Set rs2 = Server.CreateObject("ADODB.Recordset")
StrSql = "INSERT into " & strTablePrefix & "IPLOG (IPLOG_MEMBERID, IPLOG_IP, IPLOG_PATHINFO, IPLOG_DATE) "
StrSql = StrSql & "values ('" & strDBNTUserName & "','" & userip & "','" & pagreq & "','" & userdate & "')"
rs2.Open StrSql, strConnString
if rs2.State = 1 then rs2.Close
set rs2 = nothing
end sub |
|
|
dabugster
Junior Member
USA
168 Posts |
Posted - 21 September 2005 : 23:23:47
|
I did a test post on my forum and then searched and got basically the same results:
Microsoft JET Database Engine error '80040e14'
Syntax error (missing operator) in query expression ''topic.asp?TOPIC_ID=1371&SearchTerms=D'Abaco','20050921222417')'.
/forum/inc_ipgate.asp, line 210
I am not even gonna pretend like i know what is causing it.
I have never had (as far as i can tell anyway) a topic or a search that involved a '
I posted the same topic on here and on ServerHacker's forum ... but got no error.
|
Edited by - dabugster on 22 September 2005 00:48:07 |
 |
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 22 September 2005 : 05:24:14
|
Try passing the values to be inserted into the database through the chkString function as you're instering them.
|
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
gpctexas
Junior Member
320 Posts |
Posted - 22 September 2005 : 08:32:02
|
I'll check into this.
edit:
Try this, I have not tested it yet. I was an quick fix idea I saw after looking at the code
open inc_ipgate.asp
locate
updated 9-22 late evening
'################################################################################
'Ipgate variable setup for banning do not edit!
'################################################################################
pagereq=Request.ServerVariables("Path_Info")
PathLen = InStrRev(pagereq,"/",-1)
pagreq = lcase(Right(pagereq,(len(pagereq)-PathLen)))
userhost=request.servervariables("REMOTE_HOST")
userdate=DateToStr(strForumTimeAdjust)
pageqryd=Request.ServerVariables("QUERY_STRING")
'pagreq=request.servervariables("SCRIPT_NAME")
pagereqtemp=pagreq & "?" & pageqryd
getthecookie=Request.Cookies(trim(cookiename))
notindb=1
FoundIP=0
FoundName=0
replace with
pagereq=trim(chkString(Request.ServerVariables("Path_Info"),"SQLString"))
PathLen = InStrRev(pagereq,"/",-1)
pagreq = trim(chkString(lcase(Right(pagereq,(len(pagereq)-PathLen))),"SQLString"))
userhost=trim(chkString(request.servervariables("REMOTE_HOST"),"SQLString"))
userdate=DateToStr(strForumTimeAdjust)
pageqryd=trim(chkString(Request.ServerVariables("QUERY_STRING"),"SQLString"))
'pagreq=request.servervariables("SCRIPT_NAME")
pagereqtemp=pagreq & "?" & pageqryd
getthecookie=Request.Cookies(trim(cookiename))
notindb=1
FoundIP=0
FoundName=0
let me know if this works and I will update zip or look into further. |
ipgate 2.4.4 RC3
http://www.gpctexas.net/ipgate_v244.zip |
Edited by - gpctexas on 22 September 2005 19:29:14 |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 22 September 2005 : 08:53:09
|
To save a couple of calls to chkString, you could pass pagreq through it when inserting that value in the databse instead.
|
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
gpctexas
Junior Member
320 Posts |
Posted - 22 September 2005 : 09:04:01
|
| pagreq is used in a couple other places as well. Putting the chkstring up top will check it for the entire script to help catch same prob in the other areas. |
ipgate 2.4.4 RC3
http://www.gpctexas.net/ipgate_v244.zip |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 22 September 2005 : 09:07:07
|
Okie dokie  Not really familiar with this mod, was just looking for the easiest option 
|
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
dabugster
Junior Member
USA
168 Posts |
Posted - 22 September 2005 : 13:37:38
|
quote:
Originally posted by gpctexas
pagereq=Request.ServerVariables("Path_Info")
PathLen = InStrRev(pagereq,"/",-1)
pagreq = lcase(Right(pagereq,(len(pagereq)-PathLen)))
I am using a ServerHacker coded board and these three lines of code are not on my page.
I will add the three lines you suggested and see if that makes a difference.
I will let you know when i try it tonight or tomorrow.
Thanks
|
|
|
|
gpctexas
Junior Member
320 Posts |
|
|
dabugster
Junior Member
USA
168 Posts |
Posted - 22 September 2005 : 17:13:46
|
Didn't work for my board.
One problem was one too many )'s on two of the lines:
pagereq=trim(chkString(Request.ServerVariables("Path_Info")),"SQLString"))
PathLen = InStrRev(pagereq,"/",-1)
pagreq = trim(chkString(lcase(Right(pagereq,(len(pagereq)-PathLen)))),"SQLString"))
Then i get this error:
Microsoft VBScript runtime error '800a01c2'
Wrong number of arguments or invalid property assignment: 'Chkstring'
/forum/inc_ipgate.asp, line 27
line 27 is the first line of code that you wanted to add.
|
|
|
|
StephenD
Senior Member
Australia
1044 Posts |
Posted - 22 September 2005 : 18:48:49
|
| I get the same error as dabugster with that fix. |
Edited by - StephenD on 22 September 2005 18:55:36 |
|
|
|
gpctexas
Junior Member
320 Posts |
Posted - 22 September 2005 : 19:14:51
|
corrected variables
pagereq=trim(chkString(Request.ServerVariables("Path_Info"),"SQLString"))
PathLen = InStrRev(pagereq,"/",-1)
pagreq = trim(chkString(lcase(Right(pagereq,len(pagereq-PathLen))),"SQLString"))
|
ipgate 2.4.4 RC3
http://www.gpctexas.net/ipgate_v244.zip |
Edited by - gpctexas on 22 September 2005 19:24:39 |
|
|
|
StephenD
Senior Member
Australia
1044 Posts |
Posted - 23 September 2005 : 05:33:21
|
| I get a type mismatch error on the last line above gpctexas. |
|
|
|
gpctexas
Junior Member
320 Posts |
|
|
gpctexas
Junior Member
320 Posts |
Posted - 23 September 2005 : 17:11:11
|
try this for the last line with type mismatch
pagreq = chkString(lcase(Right(pagereq,(len(pagereq)-PathLen))),"SQLString")
the () around the len() was off slightly |
ipgate 2.4.4 RC3
http://www.gpctexas.net/ipgate_v244.zip |
|
|
|
gpctexas
Junior Member
320 Posts |
Posted - 23 September 2005 : 17:44:45
|
just confirmed the chkstring change with an apostrophe in the search terms does fix the problem on a test forum. Im getting no errors now. Will update files that are affected and update soon.
to fix locate
pagereq=Request.ServerVariables("Path_Info")
replace with
pagereq=trim(chkString(Request.ServerVariables("Path_Info"),"SQLString"))
locate
pagreq = lcase(Right(pagereq,(len(pagereq)-PathLen)))
and replace with
pagreq = chkString(lcase(Right(pagereq,(len(pagereq)-PathLen))),"SQLString")
locate
userhost=request.servervariables("REMOTE_HOST")
replace with
userhost=trim(chkString(request.servervariables("REMOTE_HOST"),"SQLString"))
locate
pageqryd=Request.ServerVariables("QUERY_STRING")
replace with
pageqryd=trim(chkString(Request.ServerVariables("QUERY_STRING"),"SQLString"))
|
ipgate 2.4.4 RC3
http://www.gpctexas.net/ipgate_v244.zip |
Edited by - gpctexas on 23 September 2005 17:58:52 |
|
|
|
Topic |
|
Topic Locked
