Noah J. Stewart
Forum Replies Created
-
Forum: Plugins
In reply to: [Prelaunchr for WordPress] always "Invalid Email"?I wrote too soon. Don’t include the mysql_real_escape_string() function at all. That will prevent the email address from being added to the database table, but will return no errors or warnings.
As indicated here, the wpdb class provides scrubbing on the insert() function. mysql_real_escape_string() shouldn’t be present anywhere in the record_submission() function.
http://wordpress.stackexchange.com/questions/25947/wpdb-insert-do-i-need-to-prepare-against-sql-injectionForum: Plugins
In reply to: [Prelaunchr for WordPress] always "Invalid Email"?I believe I’ve found the problem. I hope this helps someone.
In prelaunchr.php, there is a function called record_submission(). Here, the email is set using the following code:
$email = mysql_real_escape_string( stripslashes( $_POST['email'] ) );If you remove mysql_real_escape_string(), you should find that it works. The filter itself uses PHP’s built-in filter_var() function. There are some versions of PHP that have trouble with this but using the most recent should be fine, and I don’t believe that’s where the problem lies for most people.
Change that line to:
$email = stripslashes( $_POST['email'] );Because the escape function has been removed, you may be open to SQL injection attacks. Add it back in further down in the code where the $data array is set.
$data['email'] = mysql_real_escape_string($email);Forum: Plugins
In reply to: [Advanced post slider] Slider does not show after updating to version 2.3.4It would be helpful to know how to fix this. Another forum post suggested to deactivate and delete this plugin, then install an old version. That didn’t work for me. I ended up building my own in less time than I spent trying to fix this.