Server Help

Non-Subspace Related Coding - PHP/SQL: Partial data :S
BDwinsAlt - Sun Oct 01, 2006 5:14 pm
Post subject: PHP/SQL: Partial data :S
echo htmlentities($row['name']);

PROBLEM SOLVED.


Ok this dude is named E><istance, but when i try and get the name to print from the database it only prints as "E>" and stops the names after it from printing, how can I make it come out right?

I delete him from the db and I get all the names:
Code: Show/Hide

2 Dope, 50 Cent_, 5ex, 6od, A Black Hole, Afroman, Air China+, Akai, Anchor man, Andrute, anthonysandifer, BDwinsAlt, Blaine, bodlet, bologna_89, bone thug, BOOOOOOOOOOM IMDEAD, brizz, Budweis0r, Bungie, c-unit,andrew, c-unit,yellow, C-word, CapnCK+, Captivelemon, cheses king 1, Choc Ice, Classical, courie, Cp!, Credit$, Crunk$, D O N T Cry, D( )|_|_/-\$, D4vETh3M4n, Dango., DareSound, Darkness^^Falls, Darth_Dynasty, DDgrl213, Death Cube K, Death Dweller, Death?to?all, Defined, DeMo=GoBlIn., Dildos, Diyos~, Doomsy, Dr. Mario123, DragonKnight E, DragonKnight S, DragonKnight Z, drazib, Dude_on_fire, dusty's trash, Erosion, Fahoogawad, fiLL+, fireBLiND, FLiP*STaH, Fox News, friendly., G'd up^, G.R.I.M., Genisis+, Genius288, Gh0$t M4n+, GhandE, Givin, Green Blaze, Guilty, Gun Charge, Gun Play, Halo King, Halt, hatetred~, Holy-Messiah, Hotshy, Hugh, I - cy, Im fat, Jack Knife, Jack the Monkey, Jack-In-The-Box, JediJax'sCreditCard, Jiant, Joesph_, JokerZero, Jonkku, Kagetoki, Kajou, Kamikaze Squirrell, Karlov, KillerBee12, kitlee, Klean-Y, Knight of the Realm, kuya, Lightlings, Lord_Zitu, Love*less, Machu, MadShipKiller, Malcolm X, Martisek, master sky, Meatz, Mishra, Mojo, Molten Ice, MOM!, Neither, Night Elf31, Noo$e, Onlooker, OrangeeoZ, OwNaGe...!!!, Pa$$ion+, PChanHibiki, PH34R /\/\3, PoLiX, Premier of the Order of, PURESTRENGTH, Purge, quebec__libre., R.A.P.E.D., Rakeem., Razer-Blade, RCS2222, Recon___, Red Blade, Red Strike XXIV, RelocK, Requiem Knight, Right Sneeky, Rude Awakening, rumbleKING, Russky, rXeNa, Ryuji, S ! R, Sangre, Scratt, SeKular, Sgt. Sanders, Shook one, Shook Won, Sir Sean, Skyy, slayerKING, SlayerPro, Smore, Snow~, Soldierz, SRG, Starblist, StarScraper, Synister, Tashiketsu, Tdx, Tech 9, tgif, THE H4X0R, The Prism, The_Destroyer*, The_Projenator, ThunderJam, Top UnderDog, Tr1bunE, TruFFle-ShuFFle, Tsan Han, Tunkel, Turand, Venture500, veolier, Viking From Hell, vVeapon, Walshy, Weaser, welfare bum, wHo iS MiLkY, Wizter, Woot., xStr1Kerx, Xx_$ilver_xX, Xycho, YonatoN, Yucateco, Yusukespiritgun, Z0M8I3, ZeeDeuce,


I am using this code:
Code: Show/Hide

$result = mysql_query("SELECT * FROM aliasbot_lb_adbt")
or die(mysql_error());
while($row = mysql_fetch_array( $result )) {
echo($row['name'] . ', ');
}

echo htmlentities($row['name']);
Cyan~Fire - Sun Oct 01, 2006 5:40 pm
Post subject:
Are you sure it's not just printing it and then your browser is thinging everything else is a tag? Replace '<' with "<". Also, SELECT name.
CypherJF - Sun Oct 01, 2006 5:55 pm
Post subject:
when in doubt use print_r() to verify things.
BDwinsAlt - Sun Oct 01, 2006 6:06 pm
Post subject:
Code: Show/Hide

echo htmlentities($row['name']);

This worked. Problem solved.
CypherJF - Sun Oct 01, 2006 6:22 pm
Post subject:
I guess that would make sense since someone could technically have a '>' or '<' in their name and HTML would think it would be a tag. Didn't you check the source of the document?
Mine GO BOOM - Sun Oct 01, 2006 11:27 pm
Post subject:
Good thing his username wasn't <script>
Maverick - Mon Oct 02, 2006 2:44 am
Post subject:
Mine GO BOOM wrote:
Good thing his username wasn't <script>

You can't even make a username that is "<script>" since you can't start a username with a < . tongue.gif tongue.gif tongue.gif
Smong - Mon Oct 02, 2006 3:58 am
Post subject:
I think htmlentities is what makes my life hard trying to make plugins for ssnews, everything that can be encoded gets encoded (apart from letters and numbers), like all the different types of quotes and brackets. Although actually thinking about it now, it seems to mostly be found with rss feeds not plain pages.

Anyway in my php I use htmlspecialchars(stripslashes($blah)), I don't know if that's the correct way but it works.
Bak - Mon Oct 02, 2006 4:20 am
Post subject:
same, but there's other problems with php, such as form input containing certain keywords like wget or python leads to the server (I think) trying to execute a wget or python and leads to a 403 Foribdden. In fact, I know I can't post those words on Hockey Zone forums... mgb do you have some sort of fix you put in or am I missing something?

The only hackish workaround I could think of was to use javascript to convert such inputs to wget_ or python_ (or something else), and convert them back before I put them into the post database.
Mine GO BOOM - Mon Oct 02, 2006 4:47 am
Post subject:
What the hell are you talking about? A 403 sounds like they put up a .htaccess block on it. User data should never be inside a system or exec call unless you really know what you are doing and parse the input heavily.

Why are you using stripslashes? I'm assuming you are getting the data from either the user or a database, it shouldn't have useless slashes thrown throughout the data. I sure hope you don't have magic_quotes turned on, as that is a horrible, horrible feature in PHP. You should be using mysql_real_escape_string instead of anything else, as that is the only builtin function proven to be safe for MySQL query strings.
Smong - Mon Oct 02, 2006 5:01 am
Post subject:
Yeah I was talking about my bug tracker, that uses mysql. I am using mysql_real_escape_string to escape strings when writing to the DB and stripslashes to unescape them when showing results. The magic quotes thing I don't know if thats on/off, I just coded so it works on the webspace I have available.

The weird keyword thing I noticed on my toktok site once, I couldn't enter the word "python" using my news script (cutenews, which is naff but does the job). I'm not sure if it still happens, I wouldn't be surprised if some random server upgrades turn this "feature" on/off.
Bak - Mon Oct 02, 2006 5:42 am
Post subject:
Mine GO BOOM wrote:
What the hell are you talking about?

icon_cry.gif

Ok here's my php file:
Code: Show/Hide

<html>

<head> <TITLE>Test - PHP Forms</TITLE> </head>

<body text = black>

<form name="form" method="post" action="http://rshl.org/bak/test/test.php?submit">
<table>
<tr>
<td>Comment:</td><td> <TEXTAREA name="comment" rows="6" cols="50"></TEXTAREA></td>
</tr><tr>
<td colspan="2" align="center"><input type="submit" value="Submit"></td>
</tr>
</table>

</form>

</body>

</html>


It is located at http://rshl.org/bak/test/test.php

Type in any input you want and it submits without issue.
Type in text containing "python " or "wget " such as "I will python your butthole" or "I like to wget bitches", and you get a 403 forbidden icon_confused.gif. Now what's this ".htaccess" business?

CypherJF - Mon Oct 02, 2006 6:09 pm
Post subject:
SSCentral has mod_security enabled. I know this because whenever a POST is made with the word PERL in it the server returns a HTTP error. It's very frustrating when I'm trying to blog about such things. :/
Bak - Mon Oct 02, 2006 9:05 pm
Post subject:
Yeah, it's gotta be the webserver, because an equivilent html file also yields 403s. I wish there was a list of all the forbidden keywords so I could use javascript to prevent the user from attempting to post a comment containing one of these guys...
Mine GO BOOM - Mon Oct 02, 2006 9:56 pm
Post subject:
See if you can override the mod_security settings via htaccess, as the current version will allow it if AllowOverride AuthConfig is enabled in apache.
CypherJF - Mon Oct 02, 2006 10:23 pm
Post subject:
Got a internal server error. icon_sad.gif

Quote:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, wwwadmin@sscentral.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.


I have left messages for Swift and Polix but they never got back to me.
All times are -5 GMT
View topic
Powered by phpBB 2.0 .0.11 © 2001 phpBB Group