Server Help Forum Index Server Help
Community forums for Subgame, ASSS, and bots
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   StatisticsStatistics   RegisterRegister 
 ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin (SSL) 

Server Help | ASSS Wiki (0) | Shanky.com
PHP/SQL: Partial data :S

 
Post new topic   Reply to topic Printable version
 View previous topic  Makefiles and dependencies Post :: Post Bowling! (Calculating the score for a ...  View next topic  
Author Message
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Sun Oct 01, 2006 5:14 pm    Post subject: PHP/SQL: Partial data :S Reply to topic Reply with quote

echo htmlentities($row['name']);

PROBLEM SOLVED.


Ok this dude is named E><istance, but when i try and get the name to print from the database it only prints as "E>" and stops the names after it from printing, how can I make it come out right?

I delete him from the db and I get all the names:
Code: Show/Hide

2 Dope, 50 Cent_, 5ex, 6od, A Black Hole, Afroman, Air China+, Akai, Anchor man, Andrute, anthonysandifer, BDwinsAlt, Blaine, bodlet, bologna_89, bone thug, BOOOOOOOOOOM IMDEAD, brizz, Budweis0r, Bungie, c-unit,andrew, c-unit,yellow, C-word, CapnCK+, Captivelemon, cheses king 1, Choc Ice, Classical, courie, Cp!, Credit$, Crunk$, D O N T Cry, D( )|_|_/-\$, D4vETh3M4n, Dango., DareSound, Darkness^^Falls, Darth_Dynasty, DDgrl213, Death Cube K, Death Dweller, Death?to?all, Defined, DeMo=GoBlIn., Dildos, Diyos~, Doomsy, Dr. Mario123, DragonKnight E, DragonKnight S, DragonKnight Z, drazib, Dude_on_fire, dusty's trash, Erosion, Fahoogawad, fiLL+, fireBLiND, FLiP*STaH, Fox News, friendly., G'd up^, G.R.I.M., Genisis+, Genius288, Gh0$t M4n+, GhandE, Givin, Green Blaze, Guilty, Gun Charge, Gun Play, Halo King, Halt, hatetred~, Holy-Messiah, Hotshy, Hugh, I - cy, Im fat, Jack Knife, Jack the Monkey, Jack-In-The-Box, JediJax'sCreditCard, Jiant, Joesph_, JokerZero, Jonkku, Kagetoki, Kajou, Kamikaze Squirrell, Karlov, KillerBee12, kitlee, Klean-Y, Knight of the Realm, kuya, Lightlings, Lord_Zitu, Love*less, Machu, MadShipKiller, Malcolm X, Martisek, master sky, Meatz, Mishra, Mojo, Molten Ice, MOM!, Neither, Night Elf31, Noo$e, Onlooker, OrangeeoZ, OwNaGe...!!!, Pa$$ion+, PChanHibiki, PH34R /\/\3, PoLiX, Premier of the Order of, PURESTRENGTH, Purge, quebec__libre., R.A.P.E.D., Rakeem., Razer-Blade, RCS2222, Recon___, Red Blade, Red Strike XXIV, RelocK, Requiem Knight, Right Sneeky, Rude Awakening, rumbleKING, Russky, rXeNa, Ryuji, S ! R, Sangre, Scratt, SeKular, Sgt. Sanders, Shook one, Shook Won, Sir Sean, Skyy, slayerKING, SlayerPro, Smore, Snow~, Soldierz, SRG, Starblist, StarScraper, Synister, Tashiketsu, Tdx, Tech 9, tgif, THE H4X0R, The Prism, The_Destroyer*, The_Projenator, ThunderJam, Top UnderDog, Tr1bunE, TruFFle-ShuFFle, Tsan Han, Tunkel, Turand, Venture500, veolier, Viking From Hell, vVeapon, Walshy, Weaser, welfare bum, wHo iS MiLkY, Wizter, Woot., xStr1Kerx, Xx_$ilver_xX, Xycho, YonatoN, Yucateco, Yusukespiritgun, Z0M8I3, ZeeDeuce,


I am using this code:
Code: Show/Hide

$result = mysql_query("SELECT * FROM aliasbot_lb_adbt")
or die(mysql_error());
while($row = mysql_fetch_array( $result )) {
echo($row['name'] . ', ');
}

echo htmlentities($row['name']);


Last edited by BDwinsAlt on Sun Oct 01, 2006 6:08 pm, edited 4 times in total
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Cyan~Fire
I'll count you!
I'll count you!


Age:36
Gender:Gender:Male
Joined: Jul 14 2003
Posts: 4608
Location: A Dream
Offline

PostPosted: Sun Oct 01, 2006 5:40 pm    Post subject: Reply to topic Reply with quote

Are you sure it's not just printing it and then your browser is thinging everything else is a tag? Replace '<' with "<". Also, SELECT name.
_________________
This help is informational only. No representation is made or warranty given as to its content. User assumes all risk of use. Cyan~Fire assumes no responsibility for any loss or delay resulting from such use.
Wise men STILL seek Him.
Back to top
View users profile Send private message Add User to Ignore List Visit posters website
CypherJF
I gargle nitroglycerin


Gender:Gender:Male
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline

PostPosted: Sun Oct 01, 2006 5:55 pm    Post subject: Reply to topic Reply with quote

when in doubt use print_r() to verify things.
_________________
Performance is often the art of cheating carefully. - James Gosling
Back to top
View users profile Send private message Add User to Ignore List
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Sun Oct 01, 2006 6:06 pm    Post subject: Reply to topic Reply with quote

Code: Show/Hide

echo htmlentities($row['name']);

This worked. Problem solved.
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
CypherJF
I gargle nitroglycerin


Gender:Gender:Male
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline

PostPosted: Sun Oct 01, 2006 6:22 pm    Post subject: Reply to topic Reply with quote

I guess that would make sense since someone could technically have a '>' or '<' in their name and HTML would think it would be a tag. Didn't you check the source of the document?
Back to top
View users profile Send private message Add User to Ignore List
Mine GO BOOM
Hunch Hunch
What What
Hunch Hunch<br>What What


Age:40
Gender:Gender:Male
Joined: Aug 01 2002
Posts: 3614
Location: Las Vegas
Offline

PostPosted: Sun Oct 01, 2006 11:27 pm    Post subject: Reply to topic Reply with quote

Good thing his username wasn't <script>
Back to top
View users profile Send private message Add User to Ignore List Send email
Maverick
broken record


Age:39
Gender:Gender:Male
Joined: Feb 26 2005
Posts: 1521
Location: The Netherlands
Offline

PostPosted: Mon Oct 02, 2006 2:44 am    Post subject: Reply to topic Reply with quote

Mine GO BOOM wrote:
Good thing his username wasn't <script>

You can't even make a username that is "<script>" since you can't start a username with a < . tongue.gif tongue.gif tongue.gif
_________________
Nickname: Maverick (I changed my name!)
TWCore developer | Subspace statistics
Back to top
View users profile Send private message Add User to Ignore List Visit posters website
Smong
Server Help Squatter


Joined: 1043048991
Posts: 0x91E
Offline

PostPosted: Mon Oct 02, 2006 3:58 am    Post subject: Reply to topic Reply with quote

I think htmlentities is what makes my life hard trying to make plugins for ssnews, everything that can be encoded gets encoded (apart from letters and numbers), like all the different types of quotes and brackets. Although actually thinking about it now, it seems to mostly be found with rss feeds not plain pages.

Anyway in my php I use htmlspecialchars(stripslashes($blah)), I don't know if that's the correct way but it works.
Back to top
View users profile Send private message Add User to Ignore List Visit posters website MSN Messenger
Bak
?ls -s
0 in


Age:24
Gender:Gender:Male
Joined: Jun 11 2004
Posts: 1826
Location: USA
Offline

PostPosted: Mon Oct 02, 2006 4:20 am    Post subject: Reply to topic Reply with quote

same, but there's other problems with php, such as form input containing certain keywords like wget or python leads to the server (I think) trying to execute a wget or python and leads to a 403 Foribdden. In fact, I know I can't post those words on Hockey Zone forums... mgb do you have some sort of fix you put in or am I missing something?

The only hackish workaround I could think of was to use javascript to convert such inputs to wget_ or python_ (or something else), and convert them back before I put them into the post database.
_________________
SubSpace Discretion: A Third Generation SubSpace Client
Back to top
View users profile Send private message Add User to Ignore List AIM Address
Mine GO BOOM
Hunch Hunch
What What
Hunch Hunch<br>What What


Age:40
Gender:Gender:Male
Joined: Aug 01 2002
Posts: 3614
Location: Las Vegas
Offline

PostPosted: Mon Oct 02, 2006 4:47 am    Post subject: Reply to topic Reply with quote

What the hell are you talking about? A 403 sounds like they put up a .htaccess block on it. User data should never be inside a system or exec call unless you really know what you are doing and parse the input heavily.

Why are you using stripslashes? I'm assuming you are getting the data from either the user or a database, it shouldn't have useless slashes thrown throughout the data. I sure hope you don't have magic_quotes turned on, as that is a horrible, horrible feature in PHP. You should be using mysql_real_escape_string instead of anything else, as that is the only builtin function proven to be safe for MySQL query strings.
Back to top
View users profile Send private message Add User to Ignore List Send email
Smong
Server Help Squatter


Joined: 1043048991
Posts: 0x91E
Offline

PostPosted: Mon Oct 02, 2006 5:01 am    Post subject: Reply to topic Reply with quote

Yeah I was talking about my bug tracker, that uses mysql. I am using mysql_real_escape_string to escape strings when writing to the DB and stripslashes to unescape them when showing results. The magic quotes thing I don't know if thats on/off, I just coded so it works on the webspace I have available.

The weird keyword thing I noticed on my toktok site once, I couldn't enter the word "python" using my news script (cutenews, which is naff but does the job). I'm not sure if it still happens, I wouldn't be surprised if some random server upgrades turn this "feature" on/off.
_________________
ss news
Back to top
View users profile Send private message Add User to Ignore List Visit posters website MSN Messenger
Bak
?ls -s
0 in


Age:24
Gender:Gender:Male
Joined: Jun 11 2004
Posts: 1826
Location: USA
Offline

PostPosted: Mon Oct 02, 2006 5:42 am    Post subject: Reply to topic Reply with quote

Mine GO BOOM wrote:
What the hell are you talking about?

icon_cry.gif

Ok here's my php file:
Code: Show/Hide

<html>

<head> <TITLE>Test - PHP Forms</TITLE> </head>

<body text = black>

<form name="form" method="post" action="http://rshl.org/bak/test/test.php?submit">
<table>
<tr>
<td>Comment:</td><td> <TEXTAREA name="comment" rows="6" cols="50"></TEXTAREA></td>
</tr><tr>
<td colspan="2" align="center"><input type="submit" value="Submit"></td>
</tr>
</table>

</form>

</body>

</html>


It is located at http://rshl.org/bak/test/test.php

Type in any input you want and it submits without issue.
Type in text containing "python " or "wget " such as "I will python your butthole" or "I like to wget bitches", and you get a 403 forbidden icon_confused.gif. Now what's this ".htaccess" business?

Back to top
View users profile Send private message Add User to Ignore List AIM Address
CypherJF
I gargle nitroglycerin


Gender:Gender:Male
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline

PostPosted: Mon Oct 02, 2006 6:09 pm    Post subject: Reply to topic Reply with quote

SSCentral has mod_security enabled. I know this because whenever a POST is made with the word PERL in it the server returns a HTTP error. It's very frustrating when I'm trying to blog about such things. :/
Back to top
View users profile Send private message Add User to Ignore List
Bak
?ls -s
0 in


Age:24
Gender:Gender:Male
Joined: Jun 11 2004
Posts: 1826
Location: USA
Offline

PostPosted: Mon Oct 02, 2006 9:05 pm    Post subject: Reply to topic Reply with quote

Yeah, it's gotta be the webserver, because an equivilent html file also yields 403s. I wish there was a list of all the forbidden keywords so I could use javascript to prevent the user from attempting to post a comment containing one of these guys...
Back to top
View users profile Send private message Add User to Ignore List AIM Address
Mine GO BOOM
Hunch Hunch
What What
Hunch Hunch<br>What What


Age:40
Gender:Gender:Male
Joined: Aug 01 2002
Posts: 3614
Location: Las Vegas
Offline

PostPosted: Mon Oct 02, 2006 9:56 pm    Post subject: Reply to topic Reply with quote

See if you can override the mod_security settings via htaccess, as the current version will allow it if AllowOverride AuthConfig is enabled in apache.
Back to top
View users profile Send private message Add User to Ignore List Send email
CypherJF
I gargle nitroglycerin


Gender:Gender:Male
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline

PostPosted: Mon Oct 02, 2006 10:23 pm    Post subject: Reply to topic Reply with quote

Got a internal server error. icon_sad.gif

Quote:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, wwwadmin@sscentral.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.


I have left messages for Swift and Polix but they never got back to me.
Back to top
View users profile Send private message Add User to Ignore List
Display posts from previous:   
Post new topic   Reply to topic    Server Help Forum Index -> Non-Subspace Related Coding All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
View online users | View Statistics | View Ignored List


Software by php BB © php BB Group
Server Load: 662 page(s) served in previous 5 minutes.

phpBB Created this page in 0.435105 seconds : 41 queries executed (91.9%): GZIP compression disabled