Loading...
 
Features / Usability

Features / Usability


Saving a new banner generates SQL Error

posts: 11

Using tiki 1.8.2 ...

I'm trying to save a new banner to tiki but every time I try, no matter what configuration of zones, types of banner (html, image, text), I get an sql error. Here's the error itself...



Warning: mysql error: You have an error in your SQL syntax near ',, '','go to yahoo',1083024000,1114560000,'n','y','y','y','y' at line 4 in query:
insert into `tiki_banners`(`client`, `url`, `title`, `alt`, `which`, `imageData`, `imageType`, `HTMLData`, `fixedURLData`, `textData`, `fromDate`, `toDate`, `useDates`, `mon`, `tue`, `wed`, `thu`, `fri`, `sat`, `sun`, `hourFrom`, `hourTo`, `maxImpressions`,`created`,`zone`,`imageName`,`impressions`,`clicks`) values(?,?,?,?,?,?,?,?, ?,?,?,?,?,?,?,?,?, ?,?,?,?,?,?,?,?,?,?,?)
in /var/www/tiki-1.8.2/lib/tikidblib.php on line 133

Values:

Array (
0 = alan
1 = http://www.yahoo.com
2 =
3 =
4 = useText
5 =
6 =
7 =
8 =
9 = go to yahoo
10 = 1083024000
11 = 1114560000
12 = n
13 = y
14 = y
15 = y
16 = y
17 = y
18 = y
19 = y
20 = 0000
21 = 2359
22 = 1000
23 = 1083097406
24 = alanzone
25 =
26 = 0
27 = 0
)

$result is false
$result is empty



Any thoughts? I've looked through the forums to no avail. confused

posts: 2881 United Kingdom

Hi Alan,

Ive used banners in an earlier version on 1.8 tiki, but not in the latest 1.8.2 or 1.8.3 (CVS)

My guess is that our newer make_clean code is destroying some of the passed data. Ive heard about it somewhere else with OBJECT and EMBED.

I'll take a look later on and see what I can fix up

Damian


posts: 1001 Canada
I failed to reproduce this while creating a banner in 1.8.2 and 1.8CVS.
posts: 2881 United Kingdom

> Chealer9:
> I failed to reproduce this while creating a banner in 1.8.2 and 1.8CVS.

It depends on the content of your banners code

Damian


posts: 2881 United Kingdom

> Chealer9:
> I failed to reproduce this while creating a banner in 1.8.2 and 1.8CVS.

It depends on the content of your banners code

Damian


posts: 11

Damian,

Is there a page or template I could look at? I've fixed issues before for phpNuke and I personally find Tiki to be much more complete both in breadth and depth of features so I'd love to put my 2 cents in to the project. If I can help out with this issue, I'd love to take a hack at it. I know php enough to figure stuff out and if you can point me in the right direction I'll see what I can do.

Thanks,
Alan

posts: 2881 United Kingdom

> alan8373:
> Damian,
>
> Is there a page or template I could look at? I've fixed issues before for phpNuke and I personally find Tiki to be much more complete both in breadth and depth of features so I'd love to put my 2 cents in to the project. If I can help out with this issue, I'd love to take a hack at it. I know php enough to figure stuff out and if you can point me in the right direction I'll see what I can do.
>
> Thanks,
> Alan
>

Ok, you'll need the tiki-setup.php file and look for the make_clean function, you'll see the embed and object in the regexp there. It was added for 1.8.2 so its not going to be an easy job of just removing it and commiting to CVS wink

For a perfect solution we would need some kind of hidden key passed from the banner form to let the code through without it being removed. just a post value isnt good enough as i could easily forge that on a custom it would need some kind of database table lookup as described on methods to prevent XSS and seasurfing, link below.

If you get lost in this, shout for me and we can battle it out on this thread smile

Damian


posts: 2881 United Kingdom

> alan8373:
> Damian,
>
> Is there a page or template I could look at? I've fixed issues before for phpNuke and I personally find Tiki to be much more complete both in breadth and depth of features so I'd love to put my 2 cents in to the project. If I can help out with this issue, I'd love to take a hack at it. I know php enough to figure stuff out and if you can point me in the right direction I'll see what I can do.
>
> Thanks,
> Alan
>

Ok, you'll need the tiki-setup.php file and look for the make_clean function, you'll see the embed and object in the regexp there. It was added for 1.8.2 so its not going to be an easy job of just removing it and commiting to CVS wink

For a perfect solution we would need some kind of hidden key passed from the banner form to let the code through without it being removed. just a post value isnt good enough as i could easily forge that on a custom it would need some kind of database table lookup as described on methods to prevent XSS and seasurfing, link below.

If you get lost in this, shout for me and we can battle it out on this thread smile

Damian


Upcoming Events

1)  Thu 23 Jan 2020 14:00 GMT-0000
Roundtable Meeting 2020 01

Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.