Help!!!!! Sql Error!!!!!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Rob B
    Senior Member
    • Dec 2005
    • 311
    • 3.6.x

    Help!!!!! Sql Error!!!!!

    Database error in vBulletin 3.5.4:

    Invalid SQL:
    SELECT userid, pmautoreplystatus, pmautoreplytext, pmautoreplydate FROM vb_user WHERE username='vaughan's #1 fan';

    MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's #1 fan'' at line 1
    Error Number : 1064
    Date : Tuesday, May 23rd 2006 @ 01:13:06 PM
    Script : http://www.cricket247.net/forum/private.php
    Referrer : http://www.cricket247.net/forum/priv...do=newpm&u=197
    IP Address : 87.113.26.175
    Username : Rob
    Classname : vb_database


    a) What does it mean?
    b) Whats the cause?
    c) How does it get sorted?

    Thanks. The problem only seems to be occuring for that one user (highlighted in blue), it never did before. Is it something to do with the character's in ther username?

    Please help!
  • Steve Machol
    Former Customer Support Manager
    • Jul 2000
    • 154488

    #2
    Hmmm...try removing the # from this user's name to seer if this fixes the problem.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment

    • Rob B
      Senior Member
      • Dec 2005
      • 311
      • 3.6.x

      #3
      Originally posted by Steve Machol
      Hmmm...try removing the # from this user's name to seer if this fixes the problem.
      It probably would do, as PM's can be sent to other users fine and the part of the name highlighted by the error report is:

      MySQL server version for the right syntax to use near 's #1 fan''

      What could be causing this, is there a way of sorting the problem as I have been able to send messages to this user fine before.

      Comment

      • Steve Machol
        Former Customer Support Manager
        • Jul 2000
        • 154488

        #4
        The reason I asked you to remove the # is to see if this is the source of the problem. If so, this may be due to a MySQL version upgrade.
        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
        Change CKEditor Colors to Match Style (for 4.1.4 and above)

        Steve Machol Photography


        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment

        • Scott MacVicar
          Former vBulletin Developer
          • Dec 2000
          • 13286

          #5
          Steve its the unescaped ' and that is an SQL Injection and a serious security issue.

          The query is a non standard vBulletin query from an auto reply hack. So there is nothing for us to fix here.
          Scott MacVicar

          My Blog | Twitter

          Comment

          • Steve Machol
            Former Customer Support Manager
            • Jul 2000
            • 154488

            #6
            Ahhh...I should have looked closer at the query.
            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
            Change CKEditor Colors to Match Style (for 4.1.4 and above)

            Steve Machol Photography


            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


            Comment

            • Rob B
              Senior Member
              • Dec 2005
              • 311
              • 3.6.x

              #7
              Originally posted by Scott MacVicar
              Steve its the unescaped ' and that is an SQL Injection and a serious security issue.

              The query is a non standard vBulletin query from an auto reply hack. So there is nothing for us to fix here.
              Thanks. I have installed the auto reply hack recently, I will ask the coder to sort it at vB.Org.

              Thanks for your help.

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...