jaminadi

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)
  • Forum: Fixing WordPress
    In reply to: Help with Post by email: SQL database error
    jaminadi

    (@jaminadi)

    20 years, 6 months ago

    One of the posts that gives the answer is http://ww.wp.xz.cn/support/topic/40887
    But really, if this is a known issue, with a SIMPLE fix why has this not been added to the release? It seems ridiculous to me that this would still be an issue months after it has been solved.

    Forum: Fixing WordPress
    In reply to: Post Via Email
    jaminadi

    (@jaminadi)

    20 years, 7 months ago

    check my post on SQL insertion methods. This is fixed by sanatizing the string input to the data base by filtering it through the mysql_real_escape_string(). Both the subject and the content must be filtered.

    Forum: Installing WordPress
    In reply to: Email mySQL security vunribility
    Thread Starter jaminadi

    (@jaminadi)

    20 years, 7 months ago

    True, although, as I mentioned (and this is the reason I caught this in the first place. It chokes on messages with quotation marks in them. That was my first complaint until I realized the sql implications.

    The fix is actually quite simple.
    Before sending the strings to the database, simply enclose them in a mysql_real_escape_string() php function. This will remove the possiblity of sql-insertion and other problems. I have already implemented it on mine, the changes are so minmal (added the function on the outside right hand of the last $subject and $contend lines).
    Good luck fixing this in future versions.

Viewing 3 replies - 1 through 3 (of 3 total)