phpBB • Creating Communities Worldwide

[djb400s]

I keep getting this problem with this user and only this user I was wondering if any one knew what was going on and how I could fix it?
thank you Daniel



could not insert data into users table

debug mode
SQL Error : 1064 you have an error in your sql syntax; check the manual that corresponds to your MySQL server version fo rthe right syntax to use
near 'Reilly, Patrick' WHERE = 'pro137o" at line 1

UPDATE phpbb_users SET user_email = 'pro137o@smsu.edu', user_website =", user_occ = 'Centralized User Supp Spc', user_from = 'Computer Services', user_sig = 'O'Reilly, Patrick'Where username = pro137o

line : 98
File : c:\forumroot\forums\includes\functions_ldap.php

[Kellanved]

While this is probably the wrong forum to ask such a question, the problem looks like an attempted SQL insertion attack. (not actually an attack, just a possible one - the O'Reilly broke the query)

What version/mods are you running. It should not be possible to have a signature like that in a DB query.

[djb400s]

phpbb version 13 with the open ldap mod done to it, I think why it happens to his name is because of the apostrophe in his last name. any help is greatly appreciated thank you Daniel

[Kellanved]

Look for a new version of the mod. Apparantly your's doesn't properly call

Code: Select all

str_replace("\'", "''",  ...

on the arguments for the SQL queries - extremely dangerous.

[djb400s]

I am using 1.1.8 version of the mod. Is there another version?
do you know what line and file that needs to be fixed?

[Darkmonkey]

Please ask for MOD support, in the release topic, or the authors site. This forum is for Beta MOD's.

Locked.