TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

User

Welcome to TinyPortal. Please login or sign up.

Stats

Members
  • Total Members: 3,963
  • Latest: BiZaJe
Stats
  • Total Posts: 195,917
  • Total Topics: 21,308
  • Online today: 884
  • Online ever: 8,223 (February 19, 2025, 04:35:35 AM)
Users Online
  • Users: 0
  • Guests: 320
  • Total: 320

shoutbox slash on quote wrote on db

Started by raid, November 24, 2010, 09:06:11 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

raid

November 24, 2010, 09:06:11 PM
I saw on my shoutbox something like "I\'m busy", but edited then removing \ and saved was disappearing (on db wasn't coded as html first time but was coded on second one) :knuppel2:

so I openend editor :D on tpshout.php source file and found:
Code (line 209) Select
  // register the IP and userID, if any
$ip=$user_info['ip'];
if($shout!='')
  tp_query("INSERT INTO " . $tp_prefix . "shoutbox (value1,value2,value3,type,value4, value5) VALUES('". mysql_real_escape_string($shout)."','".$shout_time."','".$shout_name."','shoutbox','".$ip."',".$memID.")", __FILE__, __LINE__);

I cannot understand the meaning of mysql_real_escape_string, is it needed?

for me I fixed like this
Code Select
  // register the IP and userID, if any
$ip=$user_info['ip'];
if($shout!='')
  tp_query("INSERT INTO " . $tp_prefix . "shoutbox (value1,value2,value3,type,value4, value5) VALUES('". htmlspecialchars($shout,ENT_QUOTES)."','".$shout_time."','".$shout_name."','shoutbox','".$ip."',".$memID.")", __FILE__, __LINE__);

is it good? it seems to work

I searched, but I found this (marked as fixed):
http://www.tinyportal.net/index.php?issue=21.0

SMF 2.0 + TP RC2
Print
Go Up Pages1
User actions

This website is proudly hosted on Crocweb Cloud Website Hosting.