| Author |
 Topic  |
|
AnonJr
Moderator
United States
5768 Posts |
 Posted - 15 July 2006 : 10:45:44
|
Personally, I'd go a head and run all your Form variables through ChkString. Its safer and precludes certain problems with potential SQL injection attacks.
Also, I think for what you're doing ChkString should be:ChkString(Request.Form("strWarnMessage"),"sqlstring")Or at least for when you are placing it in the SQL String.< |
Edited by - AnonJr on 15 July 2006 10:46:36 |
 |
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 15 July 2006 : 11:01:22
|
| I'll double check, but I think the option "message" is being used when it is sent back to the browser and the option "sqlstring" is for when the text is inserted into a SQL String...< |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 15 July 2006 : 11:04:33
|
| Hmmm. Never noticed it... in other areas items that are being passed to the SQL String are checked like I put above, but the message isn't in that particular case.< |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 17 July 2006 : 05:13:22
|
quote:
Originally posted by AnonJr
I'll double check, but I think the option "message" is being used when it is sent back to the browser and the option "sqlstring" is for when the text is inserted into a SQL String...
"sqlstring" is used when insterting a string in the database, "message" is used to parse any forum code in a string when adding it to the database. For the most part, "display" will be used when writing values from the database with seperate function (formatstr) used to parse any additional forum code.
< |
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 17 July 2006 : 12:21:01
|
Thanks for the clarification.  Now I need to copy that down somewhere before my short-term-memory-thing kicks in...  < |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
Simko
Starting Member
25 Posts |
Posted - 07 October 2006 : 04:04:23
|
| I'll install this mod to the newest version of snitz forums which I'm currently modify. I'd like to send the warning via PM, not E-mail, cause via PM the User will recognice earlier. Could someone maybe give me the codes for the sites I need there to send the warning via PM?< |
Edited by - Simko on 07 October 2006 04:05:01 |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
Simko
Starting Member
25 Posts |
Posted - 07 October 2006 : 11:46:00
|
Thanks, I've installed the mod, but I'm pretty new to this... sorry :-) What do I have to change here
________________
Thanks AnonJr... I really don't know what to change, even it is only a "relatively small chunk of code", if I knew it, I wouldn't post in here and asking for help...
< |
Edited by - Simko on 07 October 2006 13:32:10 |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 07 October 2006 : 12:50:35
|
| Just a helpful hint, if you need us to look at a file (as opposed to a relatively small chunk of code) its usually considered good etiquette to post a link to a .txt version of the file instead of posting the entire contents...< |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
Simko
Starting Member
25 Posts |
Posted - 07 October 2006 : 15:26:47
|
| Thanks for answering modifichicci. The user will see the PM earlier than the E-mail (most of them just delete such E-mails and never read them...). Yeah, you are right, if the user doesn't come the the forum, he doesn't read the PM, but then theres no need to read the warning, if he doesn't come back ever :-) Would be nice if you can write a script for that.< |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
Topic |
|
Warn Members Mod 2.00
