$ 5 via paypal to fix stripslashes problem

Discussion in 'Programming' started by nitrogen77, Dec 9, 2008.

0
  1. #1
    I have an easy (if you are an expert) problem to fix. $ 5 by paypal

    Problem with stripslashes,
    problem is: when someone adds an article that includes ' it crashes.

    BUT if someone adds the ' during EDIT it works fine.

    this is the code:
    PM the solution and get $5 bucks fast.
    Please post here if you PM the solution, so I can keep track who sent it first.

    =============================================
    code

    <h1>Your articles:</h1>
    <?php
    $mactive=0;
    $eredm = mysql_query("SELECT * FROM monthly WHERE muser='$usrid' AND mends>='$ma'") or die(mysql_error());
    if (mysql_num_rows($eredm)>0){
    $mactive=1;
    } else {
    $mactive=0;
    }

    if (isset($add_article)){
    if (($ucredits<1) and ($mactive==0)){ $error.="You don't have enough credits to add new URL<br />"; }
    if ((!$ntitle) or (!$nkeywords) or (!$nabstract) or (!$narticle) or (!$nresources) or (!$nfirstname) or (!$nlastname) or (!$nemail) or (!$npass)) { $error.="One or more fields are missing<br />"; }


    $narticle=str_replace("'", "\'", "$narticle");
    $narticle=str_replace('"', '\"', "$narticle");
    $eredm = mysql_query("SELECT * FROM articles WHERE article='$narticle'") or die(mysql_error());
    if (mysql_num_rows($eredm)>0) { $error.="This article already exists in our database"; }
    if ($error){
    errormess($error);
    PRINT("<B R/>");
    } else {
    $ntitle = @mysql_real_escape_string($ntitle);
    $nkeywords = @mysql_real_escape_string($nkeywords);
    $nabstract = @mysql_real_escape_string($nabstract);
    $narticle = @mysql_real_escape_string($narticle);
    $nresources = @mysql_real_escape_string($nresources);
    $nfirstname = @mysql_real_escape_string($nfirstname);
    $nlastname = @mysql_real_escape_string($nlastname);
    $nemail = @mysql_real_escape_string($nemail);
    $npass = @mysql_real_escape_string($npass);

    $eredm = mysql_query("INSERT INTO articles(atitle,akeywords,aabstract,article,aresource,afirstname,alastname,aemail,apassword,aowner) VALUES('$ntitle','$nkeywords','$nabstract','$narticle','$nresources','$nfirstname','$nlastname','$nemail','$npass','$usrid')") or die(mysql_error());
    $eredm = mysql_query("UPDATE users SET ucredits=ucredits-1 WHERE username='$usrid'") or die(mysql_error());
    successmess("Article added to our database");
    $new = "yes";
    }
    }


    if (isset($update_article)){
    $eredm = mysql_query("SELECT * FROM articles WHERE aid=$updid AND aowner='$usrid'") or die(mysql_error());
    if (mysql_num_rows($eredm)>0){
    if ((!$ntitle) or (!$nkeywords) or (!$nabstract) or (!$narticle) or (!$nresources) or (!$nfirstname) or (!$nlastname) or (!$nemail) or (!$npass)) { $error.="One or more fields are missing<br />"; }
    $narticle=str_replace("'", "\'", "$narticle");
    $narticle=str_replace('"', '\"', "$narticle");
    if ($error){
    errormess($error);
    } else {
    $ntitle = @mysql_real_escape_string($ntitle);
    $nkeywords = @mysql_real_escape_string($nkeywords);
    $nabstract = @mysql_real_escape_string($nabstract);
    $narticle = @mysql_real_escape_string($narticle);
    $nresources = @mysql_real_escape_string($nresources);
    $nfirstname = @mysql_real_escape_string($nfirstname);
    $nlastname = @mysql_real_escape_string($nlastname);
    $nemail = @mysql_real_escape_string($nemail);
    $npass = @mysql_real_escape_string($npass);
    $eredm = mysql_query("UPDATE articles SET atitle='$ntitle',akeywords='$nkeywords',article='$narticle',aresource='$nresources',afirstname='$nfirstname',alastname='$nlastname',aemail='$nemail',aabstract='$nabstract',apassword='$npass' WHERE aid=$updid") or die(mysql_error());
    successmess("Article updated successfully");
    $new = "yes";

    }
    }
    }
    ?>



    <table width="600">
    <tr>
    <td width="50%" class="tbl_hd">Title:</td>
    <td width="25%" class="tbl_hd">View:</td>
    <td width="25%" class="tbl_hd">Action:</td>
    </tr>
    <?php
    $eredm = mysql_query("SELECT * FROM articles WHERE aowner='$usrid'") or die(mysql_error());
    if (mysql_num_rows($eredm)>0){
    while($sor = mysql_fetch_array($eredm)){
    extract($sor);
    print("<tr class='cell'>
    <td width=\"50%\" align=\"center\">$atitle</td>
    <td width=\"25%\" align=\"center\"><a href=\"index.php?menu=showarticle&aid=$aid\">View</a></td>
    <td width=\"25%\" align=\"center\">
    <a href=\"index.php?menu=articles&editid=$aid\">Edit</a>
    </td>
    </tr>");
    }
    }

    ?>
    </table>
    <?php
    if (isset($editid)){
    $eredm = mysql_query("SELECT * FROM articles WHERE aid=$editid AND aowner='$usrid'") or die(mysql_error());
    if (mysql_num_rows($eredm)==0){
    print("<center>Invalid article id</center>");
    } else {
    extract(mysql_fetch_array($eredm));
    ?>
    <h1>Edit article</h1>

    <form action="index.php" method="post">
    <table align="center" width="90%" cellpadding="2" cellspacing="1">
    <tr>
    <td width="30%" align="right" style="padding-right: 10px;"><span class="red">*</span>Title: </td>
    <td width="70%" align="left"><input type="text" name="ntitle" style="width:97%" value="<?php echo stripslashes($atitle);?>" /></td>
    </tr>
    <tr>
    <td width="30%" align="right" style="padding-right: 10px;"><span class="red">*</span>Keywords: </td>
    <td width="70%" align="left"><input type="text" name="nkeywords" style="width:97%" value="<?php echo stripslashes($akeywords);?>" /></td>
    </tr>
    <tr>
    <td width="30%" align="right" valign="top" style="padding-right: 10px;"><span class="red">*</span>Short description: </td>
    <td width="70%" align="left"><textarea name="nabstract" style="width:97%" rows="3"><?php echo stripslashes($aabstract);?></textarea></td>
    </tr>
    <tr>
    <td width="30%" align="right" style="padding-right: 10px;" valign="top"><span class="red">*</span>Full article(you can use html here): </td>
    <td width="70%" align="left"><textarea name="narticle" style="width:97%" rows="20"><?php echo stripslashes($article);?></textarea></td>
    </tr>
    <tr>
    <td width="30%" align="right" valign="top" style="padding-right: 10px;"><span class="red">*</span>Resources: </td>
    <td width="70%" align="left"><textarea name="nresources" style="width:97%" rows="3"><?php echo stripslashes($aresource);?></textarea></td>
    </tr>
    <tr>
    <td width="100%" align="left" valign="top" style="padding-right: 10px;" colspan="2"><br /><b>Registration details:</b> <font size="1"><i></i></font><br /><br /></td>

    </tr>
    <tr>
    <td width="30%" align="right" style="padding-right: 10px;"><span class="red">*</span>First name: </td>
    <td width="70%" align="left"><input type="text" name="nfirstname" size="15" value="<?php echo stripslashes($afirstname);?>" /></td>
    </tr>
    <tr>
    <td width="30%" align="right" style="padding-right: 10px;"><span class="red">*</span>Last name: </td>
    <td width="70%" align="left"><input type="text" name="nlastname" size="15" value="<?php echo stripslashes($alastname);?>" /></td>
    </tr>
    <tr>
    <td width="30%" align="right" style="padding-right: 10px;"><span class="red">*</span>Your email: </td>
    <td width="70%" align="left"><input type="text" name="nemail" style="width:97%" value="<?php echo stripslashes($aemail);?>" /></td>
    </tr>
    <tr>
    <td width="30%" align="right" style="padding-right: 10px;"><span class="red">*</span>Password: </td>
    <td width="70%" align="left"><input type="text" name="npass" size="15" value="<?php echo $apassword;?>"/></td>
    </tr>
    <tr>
    <td align="center" width="100%" colspan="2">
    <input type="hidden" name="menu" value="articles" />
    <input type="hidden" name="updid" value="<?php echo $editid;?>" />
    <input type="submit" name="update_article" value="Update article" class="button" />
    </td>
    </tr>
    </table>
    </form>
    <?php
    }
    } else {

    ?>
    <?php if($new !=="yes") { ?>
    <h1>Add new article</h1>

    <form action="index.php" method="post">
    <table align="center" width="90%" cellpadding="2" cellspacing="1">
    <tr>
    <td width="30%" align="right" style="padding-right: 10px;"><span class="red">*</span>Title: </td>
    <td width="70%" align="left"><input type="text" name="ntitle" style="width:97%" value="<?php echo stripslashes($ntitle);?>" /></td>
    </tr>
    <tr>
    <td width="30%" align="right" style="padding-right: 10px;"><span class="red">*</span>Keywords: </td>
    <td width="70%" align="left"><input type="text" name="nkeywords" style="width:97%" value="<?php echo stripslashes($nkeywords);?>" /></td>
    </tr>
    <tr>
    <td width="30%" align="right" valign="top" style="padding-right: 10px;"><span class="red">*</span>Short description: </td>
    <td width="70%" align="left"><textarea name="nabstract" style="width:97%" rows="3"><?php echo stripslashes($nabstract);?></textarea></td>
    </tr>
    <tr>
    <td width="30%" align="right" style="padding-right: 10px;" valign="top"><span class="red">*</span>Full article(you can use html here): </td>
    <td width="70%" align="left"><textarea name="narticle" style="width:97%" rows="20"><?php echo stripslashes($article);?></textarea></td>


    </tr>
    <tr>
    <td width="30%" align="right" valign="top" style="padding-right: 10px;"><span class="red">*</span>Resources: </td>
    <td width="70%" align="left"><textarea name="nresources" style="width:97%" rows="3"><?php echo stripslashes($nresources);?></textarea></td>
    </tr>
    <tr>
    <td width="100%" align="left" valign="top" style="padding-right: 10px;" colspan="2"><br /><b>Registration details:</b> <font size="1"><i>Submitterbot will try to register a new user for each article directory for you. You must enter your valid e-mail address</i></font><br /><br /></td>

    </tr>
    <tr>
    <td width="30%" align="right" style="padding-right: 10px;"><span class="red">*</span>First name: </td>
    <td width="70%" align="left"><input type="text" name="nfirstname" size="15" value="<?php echo stripslashes($nfirstname);?>"/></td>
    </tr>
    <tr>
    <td width="30%" align="right" style="padding-right: 10px;"><span class="red">*</span>Last name: </td>
    <td width="70%" align="left"><input type="text" name="nlastname" size="15" value="<?php echo stripslashes($nlastname);?>" /></td>
    </tr>
    <tr>
    <td width="30%" align="right" style="padding-right: 10px;"><span class="red">*</span>Your email: </td>
    <td width="70%" align="left"><input type="text" name="nemail" style="width:97%" value="<?php echo stripslashes($nemail);?>" /></td>
    </tr>
    <tr>
    <td width="30%" align="right" style="padding-right: 10px;"><span class="red">*</span>Password: </td>
    <td width="70%" align="left"><input type="text" name="npass" size="15" value="<?php echo stripslashes($npass);?>" /></td>
    </tr>
    <tr>
    <td align="center" width="100%" colspan="2">
    <input type="hidden" name="menu" value="articles" />

    <input type="submit" name="add_article" value="Add article" class="button" />
    </td>
    </tr>
    </table>
    </form>
    <?php
    } }
    ?>
    <br /><br />[/SIZE][/SIZE]
     
    nitrogen77, Dec 9, 2008 IP
  2. firman01

    firman01 Well-Known Member

    Messages:
    155
    Likes Received:
    2
    Best Answers:
    1
    Trophy Points:
    165
    As Seller:
    100% - 0
    As Buyer:
    100% - 0
    #2
    on addarticle part

    
if (isset($add_article)){
if (($ucredits<1) and ($mactive==0)){ $error.="You don't have enough credits to add new URL<br />"; }
if ((!$ntitle) or (!$nkeywords) or (!$nabstract) or (!$narticle) or (!$nresources) or (!$nfirstname) or (!$nlastname) or (!$nemail) or (!$npass)) { $error.="One or more fields are missing<br />"; }


$narticle=str_replace("'", "\'", "$narticle");
$narticle=str_replace('"', '\"', "$narticle");
$eredm = mysql_query("SELECT * FROM articles WHERE article='$narticle'") or die(mysql_error());
if (mysql_num_rows($eredm)>0) { $error.="This article already exists in our database"; }
if ($error){
errormess($error);
PRINT("<B R/>");
} else {
$ntitle = @mysql_real_escape_string($ntitle);
$nkeywords = @mysql_real_escape_string($nkeywords);
$nabstract = @mysql_real_escape_string($nabstract);
$narticle = @mysql_real_escape_string($narticle);
$nresources = @mysql_real_escape_string($nresources);
$nfirstname = @mysql_real_escape_string($nfirstname);
$nlastname = @mysql_real_escape_string($nlastname);
$nemail = @mysql_real_escape_string($nemail);
$npass = @mysql_real_escape_string($npass);

$eredm = mysql_query("INSERT INTO articles(atitle,akeywords,aabstract,article,aresource,afirstname,alastname,aemail,apassword,aowner) VALUES('$ntitle','$nkeywords','$nabstract','$narticle','$nresources','$nfirstname','$nlastname','$nemail','$npass','$usrid')") or die(mysql_error());
$eredm = mysql_query("UPDATE users SET ucredits=ucredits-1 WHERE username='$usrid'") or die(mysql_error());
successmess("Article added to our database");
$new = "yes";
}
}
    Code (markup):
    change to

    
if (isset($add_article)){
if (($ucredits<1) and ($mactive==0)){ $error.="You don't have enough credits to add new URL<br />"; }
if ((!$ntitle) or (!$nkeywords) or (!$nabstract) or (!$narticle) or (!$nresources) or (!$nfirstname) or (!$nlastname) or (!$nemail) or (!$npass)) { $error.="One or more fields are missing<br />"; }



$ntitle = @mysql_real_escape_string($ntitle);
$nkeywords = @mysql_real_escape_string($nkeywords);
$nabstract = @mysql_real_escape_string($nabstract);
$narticle = @mysql_real_escape_string($narticle);
$nresources = @mysql_real_escape_string($nresources);
$nfirstname = @mysql_real_escape_string($nfirstname);
$nlastname = @mysql_real_escape_string($nlastname);
$nemail = @mysql_real_escape_string($nemail);
$npass = @mysql_real_escape_string($npass);

$eredm = mysql_query("SELECT * FROM articles WHERE article='$narticle'") or die(mysql_error());
if (mysql_num_rows($eredm)>0) { $error.="This article already exists in our database"; }
if ($error){
  errormess($error);
  PRINT("<B R/>");
} else {
  $eredm = mysql_query("INSERT INTO articles(atitle,akeywords,aabstract,article,aresource,afirstname,alastname,aemail,apassword,aowner) VALUES('$ntitle','$nkeywords','$nabstract','$narticle','$nresources','$nfirstname','$nlastname','$nemail','$npass','$usrid')") or die(mysql_error());
  $eredm = mysql_query("UPDATE users SET ucredits=ucredits-1 WHERE username='$usrid'") or die(mysql_error());
  successmess("Article added to our database");
  $new = "yes";
}
}
    Code (markup):
    haven't tested the code, but it should work.
     
    firman01, Dec 9, 2008 IP
  3. nitrogen77

    nitrogen77 Active Member

    Messages:
    1,276
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    80
    As Seller:
    100% - 0
    As Buyer:
    62.5% - 10
    #3
    firman : you did it.

    Good job. money will be send ASAP
     
    nitrogen77, Dec 9, 2008 IP
  4. ads2help

    ads2help Peon

    Messages:
    2,142
    Likes Received:
    67
    Best Answers:
    1
    Trophy Points:
    0
    As Seller:
    100% - 0
    As Buyer:
    100% - 0
    #4
    Lol thats the same as what i sent u just now, at the same time too lol.

    anyway, your code is insecure and quite messy
     
    ads2help, Dec 9, 2008 IP
  5. xxKillswitch

    xxKillswitch Peon

    Messages:
    331
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    As Seller:
    100% - 0
    As Buyer:
    100% - 0
    #5
    Yea, you might wanna run the title and other input through htmlspecialchars as well, expecially if that will be output to the browser. Also, if the nspass is supposed to be a password, you might wanna try hashing that as well. Also, instead of adding the slash with str_replace, you might wanna try checking for magic quotes instead and deciding from there where to go...

    if(!get_magic_quotes_gpc()){
    array_map('addslashes', $_POST);
    }

    If you have magic quotes enabled, your quote strings will automatically be escaped. If not, this will run through all posted for data and addslashes to the values. When you output this data, you will probably want to stripslashes() on the content to remove the slashes added to it.

    All firman did was remove the code that actually was adding some slashes so now you have nothing at all.
     
    xxKillswitch, Dec 9, 2008 IP
  6. firman01

    firman01 Well-Known Member

    Messages:
    155
    Likes Received:
    2
    Best Answers:
    1
    Trophy Points:
    165
    As Seller:
    100% - 0
    As Buyer:
    100% - 0
    #6
    firman01, Dec 9, 2008 IP
  7. xxKillswitch

    xxKillswitch Peon

    Messages:
    331
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    As Seller:
    100% - 0
    As Buyer:
    100% - 0
    #7
    That's true in the fact that you have just prevented a MySQL injection and mysql_real_escape string has already escapeed certain characters, but you shoudl always check magic quotes and adjust accordingly not just on data that will be queried, but all data coming from $_GET, $_POST, $_REQUEST will need escaping too.

    While he definetly doesn't have to use the combination of both, it's safe practice to do so. I all reality, I should be recommending to use addcslashes with mysql_real_escape_string. Using mysql_real_escape_string doesn't stop the LIKE attacks, which is where addcslashes comes into play. I have a bookmarked PDF that explains this all...

    http://dev.mysql.com/tech-resources/articles/guide-to-php-security-ch3.pdf

    It's a quite a ways down, but it can explain the LIKE attack and using both addcslashes and mysql_real_escape_string.
     
    xxKillswitch, Dec 9, 2008 IP