Not signed in (Sign In)

Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.

    • CommentAuthorsweetbrett
    • CommentTimeSep 30th 2006 edited
     
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_wedding/karen_and_ben_8.26.06/44360001__small_.JPG' WHERE id = '2'' at line 1

    guessing there is a function in plog-manage.php that tries to update the directory name in mysql, but does not add slashes to the name, so a gallery name with ' in it causes an error
    • CommentAuthorsweetbrett
    • CommentTimeSep 30th 2006
     
    ok yeah i have no idea. i see that the mysql_real_escape_string is already added where it needs to be, so i have no idea. This is the area of code i'm looking at in plog-admin-functions.php, in the update_album function:

    $target_name = mysql_real_escape_string($target_name);

    // proceed only if rename succeeded
    $query = "UPDATE ".$TABLE_PREFIX."albums SET
    name = '$name',
    description = '$description',
    thumbnail_id = '$thumbnail_id',
    path = '$target_name'
    WHERE id='$album_id'";

    $result = mysql_query($query);
    if (!$result) {
    return array("errors" => mysql_error());
    };

    looks to me like $target_name should be escaped correctly, but i still get mysql errors when I try to update the album name
  1.  
    Check to see if magic quotes is set to "ON" in your php.ini.