| Author |
 Topic  |
|
modifichicci
Average Member
Italy
787 Posts |
 Posted - 01 March 2008 : 11:06:34
|
I have a strange issue in our modded version.
If I post a topic with subject "\" it is not posted, without error message
If subject is like "\test" it is posted as " est"
It seems that the "\" char is changed to spaces or better the two chars "\t" are changed.
Subject is clean by the chkstring function, and for mysql db it replace "\" with "\\" I think, but this doesn't happens in our version.
it work on my forum (image modded), in this forum, and in a less moded version in access
The db is mysql, but it is mysql also in mine
I have checked post.asp, post_info.asp, inc_func_common.asp and inc_func_posting.asp no changes in routine in all the forums.
Where can i look also?
Variables seems sanitized by the chkstring function, but it seems in subject case it doesn't or it do it in a wrong way.
The same if subject is like "test\test" it is memorized as "test est"
I am realy lost on it now. |
Ernia e Laparocele
Forum di Ernia e Laparocele
Acces - MySql Migration Tutorial
Adamantine forum |
Edited by - modifichicci on 01 March 2008 11:07:47 |
|
|
phy1729
Average Member
USA
589 Posts |
Posted - 01 March 2008 : 11:25:01
|
| Does \n make a newline in the source code? I so \ needs to be escaped to \\. What mods do you have installed? Also does it do the same thing for posts? |
 |
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 01 March 2008 : 15:35:21
|
\t is almost certainly being treated as a tab character.
Does MySQL have a profiler like MSSQL? Can you catch the SQL en-route to see where it's being called/inserted from? Maybe it's getting inserted just fine, but mis-rendered too - that's another option. |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
phy1729
Average Member
USA
589 Posts |
Posted - 01 March 2008 : 16:43:15
|
In inc_func_common.asp line 435-7 do you have
Case "sqlstring"
fString = Replace(fString, "'", "''")
if strDBType = "mysql" then
fString = Replace(fString, "\", "\\")
end if
fString = HTMLEncode(fString)
chkString = fString
exit function
Case "jsurlpath"
|
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
phy1729
Average Member
USA
589 Posts |
Posted - 01 March 2008 : 16:48:30
|
| Stupid question but strDBType is "mysql" correct? |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
phy1729
Average Member
USA
589 Posts |
Posted - 01 March 2008 : 17:06:10
|
| Only thing I can think of is the title is not being sanitized before going into the db. |
Edited by - phy1729 on 01 March 2008 17:07:10 |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
phy1729
Average Member
USA
589 Posts |
Posted - 01 March 2008 : 17:16:00
|
I don't think the \ is being deleted; it's being interpeted as a control char ex.
\t = tab \n = newline \\ = \ \' = '
Just to make sure try a topic with \' in the title. Sleep usually helps.  |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 01 March 2008 : 21:38:48
|
The backslash is an escape character in MySQL, but even that depends on the MySQL version and configuration...You should try to response.write the SQL and then test it against a MySQL DB. If the SQL is ok, problem sorted, if not, then you can fix the SQL and then the code that generates it.
Info on MySQL escape characters: http://dev.mysql.com/doc/refman/5.0/en/string-syntax.html
[rant]By the way, can't Image solve that issue? I'm surprised! He seems to know the answers to just about anything and even comes here and refuses to provide answers to problems he alone can find. You're just lucky that we don't do the same![/rant]
|
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
Topic |
|
Topic Locked
