SpellingCow.com

Pickled_Weasel666 · Joined: 28 May 2004 Posts: 104 Location: Oklahoma

Error in obtaining dictionary words

DEBUG MODE

SQL Error : 1064 You have an error in your SQL syntax near 'll'' at line 3

SELECT * FROM phpbb_dictionary_words WHERE word = 'ya'll'

Line : 335
File : /usr/local/www/data-dist/spell/public_html/phpBB2/spell.php

got that when trying to add "ya'll" to the dictionary... I guess it doesn't like hick language Embarassed

_________________

Pickled_Weasel666 · Joined: 28 May 2004 Posts: 104 Location: Oklahoma

Error in obtaining dictionary words

DEBUG MODE

SQL Error : 1064 You have an error in your SQL syntax near 's'' at line 3

SELECT * FROM phpbb_dictionary_words WHERE word = 'Mine's'

Line : 335
File : /usr/local/www/data-dist/spell/public_html/phpBB2/spell.php

As I originally feared, it doesn't like apostrophes.
_________________

nuttzy99 · Site Admin Joined: 23 May 2004 Posts: 1068

Fixed!!!! Damn, do you have any idea how big a find that is!?! Yes it breaks, but it is also a glaring security whole. Via a technique called SQL injection, it could have been possible to do anything from attaining password hashes to even deleting the entire DB!

Good find... gold star for you Wink

-Nuttzy

_________________
<?php echo "something wicked awesome for my sig"; ?>

GPHemsley · Joined: 27 May 2004 Posts: 139 Location: Long Beach, NY

nuttzy99 · Site Admin Joined: 23 May 2004 Posts: 1068

ZoliveR · Joined: 27 May 2004 Posts: 80

Happy to see that problems can be easily and quickly fixed Wink

Nuttzy you rock Wink

_________________
I'm the belgian chocolate eater Wink

nuttzy99 · Site Admin Joined: 23 May 2004 Posts: 1068

Thanks Z

Locking since this one is done and conversation is long over.

-Nuttzy Cool

_________________
<?php echo "something wicked awesome for my sig"; ?>