Montego Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic
Author Message
montego
Site Admin/Owner
Site Admin/Owner



Joined: Feb 12, 2005
Posts: 1393

PostPosted: Mon Jul 24, 2006 9:34 am Reply with quote

If you get a SQL error when you try to send your newsletter, it may be related to having either a single or double quote in either your topic or sender fields. The fix is here:

=== HTML Newsletter Versions Affected ===

1.3.0
01.03.01

=== OPEN ===

modules/HTML_Newsletter/admin/functions.php

=== FIND ====

Code:

function msnl_fAddNls( $msnl_iCID, $msnl_sTopic, $msnl_sSender, $msnl_sFilename,
                                 $msnl_sDatesent, $msnl_iView, $msnl_sGroups ) {

   global $prefix, $db;

   $nid = 0;

   $sql = "INSERT INTO `". $prefix ."_hnl_newsletters` "
            ."VALUES ("
               ."NULL, "
               ."'$msnl_iCID', "
               ."'$msnl_sTopic', "
               ."'$msnl_sSender', "
               ."'$msnl_sFilename', "
               ."'$msnl_sDatesent', "
               ."'$msnl_iView', "
               ."'$msnl_sGroups', "
               ."'0'"
            .")";

   $result = msnl_fSQLCall( $sql );


=== REPLACE WITH ===

Code:

function msnl_fAddNls( $msnl_iCID, $msnl_sTopic, $msnl_sSender, $msnl_sFilename,
                                 $msnl_sDatesent, $msnl_iView, $msnl_sGroups ) {

   global $prefix, $db;

   $nid = 0;
   $msnl_sTopic = addslashes($msnl_sTopic);
   $msnl_sSender = addslashes($msnl_sSender);

   $sql = "INSERT INTO `". $prefix ."_hnl_newsletters` "
            ."VALUES ("
               ."NULL, "
               ."'$msnl_iCID', "
               ."'$msnl_sTopic', "
               ."'$msnl_sSender', "
               ."'$msnl_sFilename', "
               ."'$msnl_sDatesent', "
               ."'$msnl_iView', "
               ."'$msnl_sGroups', "
               ."'0'"
            .")";

   $result = msnl_fSQLCall( $sql );


This is a big Embarassed ! My appologies for this.

_________________
“To err is human, but when the eraser wears out ahead of the pencil, you’re overdoing it.”
-- Josh Jenkins 
View user's profile Send private message Visit poster's website
elnegro
Newbie
Newbie



Joined: May 08, 2007
Posts: 2

PostPosted: Tue May 08, 2007 6:08 am Reply with quote

(I haven't checked but) I think you should use the corresponding php function "stripslashes" before echoing these prases with backslashes.

BTW: I've almost finished the italian translation of "HTML Newsletter"... is there any place where I can send it? Is there any CVS of this wonderful module?

TIA

---
Bye, Luca
 
View user's profile Send private message
montego
Site Admin/Owner
Site Admin/Owner



Joined: Feb 12, 2005
Posts: 1393

PostPosted: Tue May 08, 2007 8:47 am Reply with quote

Quote:

(I haven't checked but) I think you should use the corresponding php function "stripslashes" before echoing these prases with backslashes.


The above code is correct, so I might not be understanding what you mean by this. Can you explain a bit more or give an example of what you mean? Much appreciated.

Quote:

I've almost finished the italian translation of "HTML Newsletter"... is there any place where I can send it?


This is excellent! Thank you so much (actually, the community thanks you). I have been remiss in my duties with this module as I have two other translations too (partial ones) that I have released as a part of RavenNuke(tm), but not separately. You may send it to montego {AT} montegoscripts ((DOT)) com.

Unfortunately, although I do use subversion, it is not available on-line here. Right now, I have no plans to make it available.

Thanks!
montego
 
View user's profile Send private message Visit poster's website
elnegro
Newbie
Newbie



Joined: May 08, 2007
Posts: 2

PostPosted: Tue May 08, 2007 9:10 am Reply with quote

montego wrote:
Quote:

(I haven't checked but) I think you should use the corresponding php function "stripslashes" before echoing these prases with backslashes.


The above code is correct, so I might not be understanding what you mean by this. Can you explain a bit more or give an example of what you mean? Much appreciated.



I know that the above code is correct and you are right Smile but when you use the function "addslashes" it changes and saves in the db i.e. the string
Code:
O'Reilly

to
Code:
O\'Reilly

and if you echo this string on the screen it will be printed as
Code:
O\'Reilly

but, by writing
Code:
echo stripslashes($string)

the string will be printed as
Code:
O'Reilly


(still I say that I haven't checked your code) so, if you don't encounter this problem, perhaps you are already using the stripslashes function in your code.

HTH

---
Bye, Luca
 
View user's profile Send private message
montego
Site Admin/Owner
Site Admin/Owner



Joined: Feb 12, 2005
Posts: 1393

PostPosted: Tue May 08, 2007 9:17 am Reply with quote

Yes, it is being handled. Thank you for clarifying that for me.
 
View user's profile Send private message Visit poster's website
sixf00t4
Newbie
Newbie



Joined: Oct 28, 2007
Posts: 4
Location: Pittsburgh, PA

PostPosted: Wed Dec 26, 2007 11:50 am Reply with quote

just to be sure, this is the same problem with quotes in the body of the newsletter, right? When i have quotes, hit the preview, and then go back to the message, there are slashes infront of all the apostrophes.

_________________
blog - music - video 
View user's profile Send private message Visit poster's website AIM Address
montego
Site Admin/Owner
Site Admin/Owner



Joined: Feb 12, 2005
Posts: 1393

PostPosted: Wed Dec 26, 2007 2:18 pm Reply with quote

Actually, sixf00t4, this code is probably 2 - 3 years old and in sore need to being renovated. I've learned a ton over the years working on RavenNuke, and, to be quite honest, although no reporting security issues yet with any of my code, I am quite embarrassed by much of my earlier.

Maybe I can get something out before my Feb PHP5 deadline...

_________________
“To err is human, but when the eraser wears out ahead of the pencil, you’re overdoing it.”
-- Josh Jenkins 
View user's profile Send private message Visit poster's website
sixf00t4
Newbie
Newbie



Joined: Oct 28, 2007
Posts: 4
Location: Pittsburgh, PA

PostPosted: Wed Dec 26, 2007 6:06 pm Reply with quote

hey, no push from me, just reporting bugs as i come across them. keep up the good work my friend.

_________________
blog - music - video 
View user's profile Send private message Visit poster's website AIM Address
montego
Site Admin/Owner
Site Admin/Owner



Joined: Feb 12, 2005
Posts: 1393

PostPosted: Wed Dec 26, 2007 8:30 pm Reply with quote

No worries. More of a push from "me". I have big plans for this module, including a complete re-write for PHP5 with much easier methods for adding additional content, etc. But, first-things-first, I need to complete the 1.x branch with one more functional release.

_________________
“To err is human, but when the eraser wears out ahead of the pencil, you’re overdoing it.”
-- Josh Jenkins 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 4 Hours
 
Forums ©
linear-bunchlinear-bunch
linear-bunch