MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Support > SQL error with the plugin "Wiki"
Full Version: SQL error with the plugin "Wiki"
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Groberto

2012-05-13, 01:44 PM
Hello,

I've a problem with the plugin Wiki : when I would edit an entry but I've an SQL error :

MyBB has experienced an internal SQL error and cannot continue.

SQL Error:
    1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'est-ce qu'un helper ?";s:4:"text";s:709:"Un Helpeur ou helper est une personne s' at line 3
Query:
    INSERT INTO mybb_wiki_versions (`wid`,`entry`) VALUES ('2','a:12:{s:2:"id";s:1:"2";s:3:"cid";s:1:"4";s:5:"title";s:16:"Helper / Helpeur";s:4:"link";s:0:"";s:5:"short";s:24:"Qu'est-ce qu'un helper ?";s:4:"text";s:709:"Un Helpeur ou helper est une personne se vouant bénévolement à une tâche dans laquelle il est un connaisseur expérimenté. Un Helpeur doit savoir se rendre disponible pour aider les gens, et transmet ses connaissances, toujours dans but bénévole, éducatif. Généralement, on parle de "Helpeur" en désinfection informatique mais cela n'est pas forcément vrai. Le helpeur aide, peu importe le domaine En désinfection, on observe spécifiquement plusieurs tâches pour le helpeur. [u]Pour les résumer, voici les 4 étapes que doit faire un bon Helper:[/u] [list] [*] Diagnostic [*] Désinfection [*] Sécuristaion [*] Prévention (à faire tout au long de la désinfection) [/list]";s:3:"uid";s:1:"5";s:8:"username";s:7:"Roberto";s:4:"date";s:10:"1336900805";s:9:"is_hidden";s:1:"0";s:9:"is_closed";s:1:"0";s:19:"awaiting_moderation";s:1:"0";}')

Can you help me ?

Yours truly,
Roberto.


PS : Sorry for my bad English, but I'me French.

Euan T

2012-05-13, 01:52 PM
Looks like inputs aren't being escaped properly to me. I'd advise disabling the plugin while I take a quick look at it as it may be susceptible to SQL injections.

EDIT: from a quick glance, the problem appears to be caused at line 397 where data is indeed not escaped. The same problem may also occur elsewhere.

Jones H

2012-05-13, 04:04 PM
Ok thanks, the functions was implemented very quickly so I know that there are some bugs. Like I've written in the german board I want to make a whole code change.
I will check all sql queries now and upload this version this evening. Hope that it works after that Wink
Here is a (hopefully) clean version of the file. Just upload it into your root directory. I will also update the .zip, but this have to be validated first Wink

Groberto

2012-05-17, 01:35 PM
Oh thanks : It works !
MyBB Community Forums > Extensions > Plugins > Plugin Support > SQL error with the plugin "Wiki"