Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Help Groups for Snitz Forums 2000 Users
 Help: MOD Implementation
 Mysql error - Post History Mod		  New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

thelodger
Junior Member

United Kingdom
296 Posts
Posted - 09 February 2008 :  15:58:30  Show Profile
Hi guys, I have an error and after searching this forum I found this which is the same error

http://forum.snitz.com/forum/topic.asp?TOPIC_ID=60438

The error I am getting is

quote:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[MySQL][ODBC 3.51 Driver][mysqld-5.0.22-log]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'll kick off. Boff looking to start a team or join a team. I'm not bothered who ' at line 1

/post_info.asp, line 646



Its strange because I have fixed the edit error (as advised in the bug forum) a long while ago in post.asp, but a small number of my members still cannot edit their posts, when I attempt to move the same members posts I as admin can't because of the above error, I am unsure if it is related but the only posts I can't move (and get this error) are the members who still cant edit their own posts.

here's a copy of line 646 of post_info.asp

quote:
my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords


Can anyone help me?

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 10 February 2008 :  07:22:39  Show Profile  Send ruirib a Yahoo! Message
Just above that, add:

Response.Write strSQL
Response.End

Let me know what it shows. Once you get the message ready, remove the code so that the forum can work normally.

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

thelodger
Junior Member

United Kingdom
296 Posts
Posted - 10 February 2008 :  11:26:10  Show Profile
The error is

quote:
INSERT INTO FORUM_POST_HISTORY (T_ID, T_SUBJECT, P_MESSAGE, P_AUTHOR, P_LAST_EDITBY, P_DATE) VALUES (6026, 'WSOP teams to press', 'as i can't seem to edit i'll start again. If i've read the threads so far - these are the teams to press please reply if any changes or any1 else looking for a team team 1 murph1984 madge28 kegsy100 deliight team 2 dazzler emmerson shanemcg richlizard team 3 nozzer midnight lodger dan79 team 4 Nuts999 Simba15 Virgo_8 uk9baller team5 Phinnies1 Mickjagger1 Banksoir Marky147 team6 fatty rivher mitchy higgi17 1/2 a team boff crawfski welsh team jabba & 3 sheep poker1111team poker1111 judges team judge & 3 as yet unknown professionals unatached so far tony2005 billthebandit superbell quicksand', 47, 0, '20080210162704')

Go to Top of Page

phy1729
Average Member

USA
589 Posts
Posted - 10 February 2008 :  11:36:54  Show Profile
you'll need to do a chkstr with sqlstring as the type on the sql string to escape the '. In other words 

stringname = ChkString(stringname,"sqlstring")
. Also, do you have any mods installed?
Go to Top of Page

thelodger
Junior Member

United Kingdom
296 Posts
Posted - 10 February 2008 :  11:47:30  Show Profile
Yeah I have lots of mods installed, far to many to mention lol

How would I do a Chkstr?
Go to Top of Page

phy1729
Average Member

USA
589 Posts
Posted - 10 February 2008 :  11:52:02  Show Profile
Never mind I see the FORUM_POST_HISTORY now. I've posted the bug on the mod's topic.
Go to Top of Page

phy1729
Average Member

USA
589 Posts
Posted - 10 February 2008 :  11:59:09  Show Profile
Like this 

name_of_the_new_sanitized_string = ChkString(name_of_the_old_unsanitized_string,"sqlstring")

Change the names in red to whatever suits your case usually the names are the same but I've posted this on the mod's thread so a new version may be out soon.
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts
Posted - 10 February 2008 :  17:16:23  Show Profile  Visit muzishun's Homepage
The MOD has been updated for this. I wasn't thinking and didn't re-sanitize the data from the recordset before inserting it into the POST_HISTORY table. There won't be any security issues, but obviously there is a problem. Replace the two INSERT statements with the ones below. Changes from 0.5b are marked in red.

		strSql = "INSERT INTO " & strTablePrefix & "POST_HISTORY "
		strSql = strSql & "(T_ID, T_SUBJECT, P_MESSAGE, P_AUTHOR, P_LAST_EDITBY, P_DATE) VALUES "
		strSql = strSql & "(" & phTopicID & ", '" & ChkString(phTSubject,"sqlstring") & "', '" & ChkString(phTMessage,"sqlstring") & "', " & phTAuthor & ", " & phTLastEditby & ", '" & phTDate & "')"

		strSql = "INSERT INTO " & strTablePrefix & "POST_HISTORY "
		strSql = strSql & "(R_ID, P_MESSAGE, P_AUTHOR, P_LAST_EDITBY, P_DATE) VALUES "
		strSql = strSql & "(" & phReplyID & ", '" & ChkString(phRMessage,"sqlstring") & "', " & phRAuthor & ", " & phRLastEditby & ", '" & phRDate & "')"
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.52 seconds. Powered By: Snitz Forums 2000 Version 3.4.07