Not Solved I need help
#1
Not Solved
What could be the problem ? can anyone help me

I installed this plugin: Welcome Topic (1.0)

and I received this error message:

[Image: D2RWyDP.png]
Reply
#2
Not Solved
short note: use a more meaningful title next time.

I can't find this plugin in MyBB extend, can you give me a link to it ?
BTW, the trouble is that the content of welcome_body is not escaped, so the ' in user's makes an error.
[MyBB 1.8 mods] - Offer me a coffee
Do not ask me help through PM or Discord
Reply
#3
Not Solved
(2020-11-30, 11:47 AM)Crazycat Wrote: short note: use a more meaningful title next time.

I can't find this plugin in MyBB extend, can you give me a link to it ?
BTW, the trouble is that the content of welcome_body is not escaped, so the ' in user's makes an error.

hi I don't remember where I downloaded this plugin anymore, but it worked fine then, unfortunately not now!


https://mods.mybb.com/view/welcome-topic

I downloaded from here


can you help ?
Reply
#4
Not Solved
You can simply correct it, in two ways.

First way, lazzy one (bad)
Find the following:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome
(welcomesubject,welcomebody)
VALUES('$subject','$body')");

Replace with:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome
(welcomesubject,welcomebody)
VALUES('".$db->escape($subject)."','".$db->escape($body)."')");

Second way, better
Find the same query:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome
(welcomesubject,welcomebody)
VALUES('$subject','$body')");

Replace it with a clean one:
$db->insert_query('welcome', ['welcomesubject' => $subject, 'welcomebody' => $body]);
[MyBB 1.8 mods] - Offer me a coffee
Do not ask me help through PM or Discord
Reply
#5
Not Solved
(2020-11-30, 01:20 PM)Crazycat Wrote: You can simply correct it, in two ways.

First way, lazzy one (bad)
Find the following:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome
(welcomesubject,welcomebody)
VALUES('$subject','$body')");

Replace with:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome
(welcomesubject,welcomebody)
VALUES('".$db->escape($subject)."','".$db->escape($body)."')");

Second way, better
Find the same query:
$db->write_query("INSERT IGNORE INTO ".TABLE_PREFIX."welcome
(welcomesubject,welcomebody)
VALUES('$subject','$body')");

Replace it with a clean one:
$db->insert_query('welcome', ['welcomesubject' => $subject, 'welcomebody' => $body]);


Thank you friend
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)