Menu

#1 sql syntax bug

open
nobody
None
5
2006-09-26
2006-09-26
Anonymous
No

At line 158 in includes/reactions.php
the sql query is bad.

" . dbEscapeString($email) . "''
should be
'" . dbEscapeString($email) . "'

fixed query:
$query = "INSERT INTO " . dbTable("reactions") . "
(reaction_project_id,reaction_poster_id,reaction_poster_name,reaction_poster_email,reaction_contents,reaction_date)
VALUES ('" . $pid . "',0,'" . dbEscapeString($name) .
"','" . dbEscapeString($email) . "','" .
dbEscapeString($contents) . "',NOW())";

this small bug causes users to unable to post reactions
while not logged in.

Cheers
//Wizera

Discussion

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.