Alex G
-
2006-04-07
- priority: 1 --> 3
"Add Main Event" page has a bug at submition, anytime
there is a special character like single quotes, SQL
brakes!
Any platform
Any browser
1) Log in
2) click "Add Main Event"
3) fill out fields and in one or more put a single quote
4) Click submit
5) you will notice your event won't be added and no
errors are displayed (that's because the the current
host doesn't display SQL error messages and forwards to
the next page....or maybe it's the bad code).
NEEDS FIXING! WHOA!
Suggestions:
1) make some fields "Blob"s OR Text to support special
characters
2) check input against special chracters (LAME!)