• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

AAC Znote small problem

Manigold

Manigold

Active Member
Joined
Nov 2, 2017
Messages
198
Solutions
8
Reaction score
48
I'm having a small problem with znote aac ,when some character has apostrophes in the name ,the characterprofile.php page shows some errors.
This part:
PHP: 
            <?php
                // pending deletion?($name)
                $deletion_time = mysql_select_single("SELECT `time` FROM `znote_deleted_characters` WHERE `character_name`='{$name}' AND `done` = '0' LIMIT 1;");
                if ($deletion_time !== false): ?>
                    , will be deleted at <?php echo $deletion_time['time']; ?>.
                <?php endif; ?>
                <!-- end deletion part -->
Returns this error:
Del'Toro string(105) "SELECT time FROM znote_deleted_characters WHERE character_name='Del'Toro' AND done = '0' LIMIT 1;"
(query - SQL error)
Type: select_single (select single row from database)

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Toro' AND done = '0' LIMIT 1' at line 1

And this part:
PHP: 
                        <!-- FRAGS LIST -->
                        <?php
                        $frags = mysql_select_multi("SELECT `pd`.`time`, `pd`.`level`, `pd`.`unjustified`, `pd`.`mostdamage_by`, `pd`.`mostdamage_unjustified`, `p`.`name` FROM `player_deaths` AS `pd` INNER JOIN `players` AS `p` ON `pd`.`player_id`=`p`.`id` WHERE `pd`.`killed_by` = '".$profile_data['name']."'  ORDER BY `pd`.`time` DESC LIMIT 10;");
                        if ($frags) {
                        ?>
                    <table class="stripped" cellpadding="4">
                    <table style="width: 100%;/*border:3px double #fff;*/box-shadow:1px 1px 10px #000;" border="0" cellpadding="10" cellspacing="1">
                      <td colspan="2" style="background-color: #505050;color: #f9f6f6;">Frags List</td>
                        <tbody>
                        <?php
                            foreach ($frags as $f) {
                                ?>
                                <tr><td width="20%"><i style="font-size:12px">
                            <?php
                                echo "".getClock($f['time'], true, true)."</td>";
                                echo "<td><i style='font-size:12px'>Killed <a href='characterprofile.php?name=".$f['name']."'>".$f['name']."</a> at level ".$f['level'];
                                echo ($f['unjustified']) === '1' ? "&nbsp;  <font color='red' style='font-style: italic;font-size:85%;'>(unjustified)</font>" : " <font color='green' span class='label label-success' style='font-style: italic;font-size:85%;'>(Justified)</font></span>";
                                echo ($f['mostdamage_by']) !== $profile_data['name'] ? "</br><font color='#5a2800' span class='label label-danger'>Most damage by <a href='characterprofile.php?name=".$f['mostdamage_by']."'>".$f['mostdamage_by']."</a> ".(($f['mostdamage_unjustified']) === '1' ? "<font color='red' span class='label label-danger'>(Unjustified)</span>" : "<font color='green' span class='label label-success' style='font-style: italic;font-size:85%;'>(Justified)</span>") : "";
                            }
                            ?>
                                </td>
                            </tr>
                            <?php
                        }
                        ?>
                        </tbody>
                    </table>
                <!-- END FRAGS LIST -->

Returns this error:
string(276) "SELECT pd.time, pd.level, pd.unjustified, pd.mostdamage_by, pd.mostdamage_unjustified, p.name FROM player_deaths AS pd INNER JOIN players AS p ON pd.player_id=p.id WHERE pd.killed_by = 'Del'Toro' ORDER BY pd.time DESC LIMIT 10;"
(query - SQL error)
Type: select_multi (select multiple rows from database)

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Toro' ORDER BY pd.time DESC LIMIT 10' at line 1

Hope someone can help me to solve this , thanks in advance.
 
Solution
B
The name Del'Toro includes an apostrophe(single quote) which is ending the string midway. I'm not sure which version of PHP you are using but you will need to escape the apostrophe in some way. Try escaping using mysql_real_escape_string or a more updated version of it if you are using PHP 5 or higher as this function is old and deprecated in new versions:
PHP: 
$deletion_time = mysql_select_single("SELECT `time` FROM `znote_deleted_characters` WHERE `character_name`='".mysql_real_escape_string($name)."' AND `done` = '0' LIMIT 1;");
PHP: 
$frags = mysql_select_multi("SELECT `pd`.`time`, `pd`.`level`, `pd`.`unjustified`, `pd`.`mostdamage_by`, `pd`.`mostdamage_unjustified`, `p`.`name` FROM `player_deaths` AS `pd` INNER JOIN `players` AS `p`...
Sort by date Sort by votes
The name Del'Toro includes an apostrophe(single quote) which is ending the string midway. I'm not sure which version of PHP you are using but you will need to escape the apostrophe in some way. Try escaping using mysql_real_escape_string or a more updated version of it if you are using PHP 5 or higher as this function is old and deprecated in new versions:
PHP: 
$deletion_time = mysql_select_single("SELECT `time` FROM `znote_deleted_characters` WHERE `character_name`='".mysql_real_escape_string($name)."' AND `done` = '0' LIMIT 1;");
PHP: 
$frags = mysql_select_multi("SELECT `pd`.`time`, `pd`.`level`, `pd`.`unjustified`, `pd`.`mostdamage_by`, `pd`.`mostdamage_unjustified`, `p`.`name` FROM `player_deaths` AS `pd` INNER JOIN `players` AS `p` ON `pd`.`player_id`=`p`.`id` WHERE `pd`.`killed_by` = '".mysql_real_escape_string($profile_data['name'])."'  ORDER BY `pd`.`time` DESC LIMIT 10;");
 
Upvote 0 Downvote
Solution
Manigold said:
I'm having a small problem with znote aac ,when some character has apostrophes in the name ,the characterprofile.php page shows some errors.
This part:
PHP: 
            <?php
                // pending deletion?($name)
                $deletion_time = mysql_select_single("SELECT `time` FROM `znote_deleted_characters` WHERE `character_name`='{$name}' AND `done` = '0' LIMIT 1;");
                if ($deletion_time !== false): ?>
                    , will be deleted at <?php echo $deletion_time['time']; ?>.
                <?php endif; ?>
                <!-- end deletion part -->
Returns this error:
Del'Toro string(105) "SELECT time FROM znote_deleted_characters WHERE character_name='Del'Toro' AND done = '0' LIMIT 1;"
(query - SQL error)
Type: select_single (select single row from database)

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Toro' AND done = '0' LIMIT 1' at line 1

And this part:
PHP: 
                        <!-- FRAGS LIST -->
                        <?php
                        $frags = mysql_select_multi("SELECT `pd`.`time`, `pd`.`level`, `pd`.`unjustified`, `pd`.`mostdamage_by`, `pd`.`mostdamage_unjustified`, `p`.`name` FROM `player_deaths` AS `pd` INNER JOIN `players` AS `p` ON `pd`.`player_id`=`p`.`id` WHERE `pd`.`killed_by` = '".$profile_data['name']."'  ORDER BY `pd`.`time` DESC LIMIT 10;");
                        if ($frags) {
                        ?>
                    <table class="stripped" cellpadding="4">
                    <table style="width: 100%;/*border:3px double #fff;*/box-shadow:1px 1px 10px #000;" border="0" cellpadding="10" cellspacing="1">
                      <td colspan="2" style="background-color: #505050;color: #f9f6f6;">Frags List</td>
                        <tbody>
                        <?php
                            foreach ($frags as $f) {
                                ?>
                                <tr><td width="20%"><i style="font-size:12px">
                            <?php
                                echo "".getClock($f['time'], true, true)."</td>";
                                echo "<td><i style='font-size:12px'>Killed <a href='characterprofile.php?name=".$f['name']."'>".$f['name']."</a> at level ".$f['level'];
                                echo ($f['unjustified']) === '1' ? "&nbsp;  <font color='red' style='font-style: italic;font-size:85%;'>(unjustified)</font>" : " <font color='green' span class='label label-success' style='font-style: italic;font-size:85%;'>(Justified)</font></span>";
                                echo ($f['mostdamage_by']) !== $profile_data['name'] ? "</br><font color='#5a2800' span class='label label-danger'>Most damage by <a href='characterprofile.php?name=".$f['mostdamage_by']."'>".$f['mostdamage_by']."</a> ".(($f['mostdamage_unjustified']) === '1' ? "<font color='red' span class='label label-danger'>(Unjustified)</span>" : "<font color='green' span class='label label-success' style='font-style: italic;font-size:85%;'>(Justified)</span>") : "";
                            }
                            ?>
                                </td>
                            </tr>
                            <?php
                        }
                        ?>
                        </tbody>
                    </table>
                <!-- END FRAGS LIST -->

Returns this error:
string(276) "SELECT pd.time, pd.level, pd.unjustified, pd.mostdamage_by, pd.mostdamage_unjustified, p.name FROM player_deaths AS pd INNER JOIN players AS p ON pd.player_id=p.id WHERE pd.killed_by = 'Del'Toro' ORDER BY pd.time DESC LIMIT 10;"
(query - SQL error)
Type: select_multi (select multiple rows from database)

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Toro' ORDER BY pd.time DESC LIMIT 10' at line 1

Hope someone can help me to solve this , thanks in advance.
Click to expand...

how did you manage to create a character with > ' ?

in createcharacter.php(2.0 and 1.6 version) has a function that does not allow characters with '

PHP: 
            if (!preg_match("/^[a-zA-Z_ ]+$/", $_POST['name'])) {
                $errors[] = 'Your name may only contain a-z, A-Z and spaces.';
            }
 
Upvote 0 Downvote
Boy67 said:
The name Del'Toro includes an apostrophe(single quote) which is ending the string midway. I'm not sure which version of PHP you are using but you will need to escape the apostrophe in some way. Try escaping using mysql_real_escape_string or a more updated version of it if you are using PHP 5 or higher as this function is old and deprecated in new versions:
PHP: 
$deletion_time = mysql_select_single("SELECT `time` FROM `znote_deleted_characters` WHERE `character_name`='".mysql_real_escape_string($name)."' AND `done` = '0' LIMIT 1;");
PHP: 
$frags = mysql_select_multi("SELECT `pd`.`time`, `pd`.`level`, `pd`.`unjustified`, `pd`.`mostdamage_by`, `pd`.`mostdamage_unjustified`, `p`.`name` FROM `player_deaths` AS `pd` INNER JOIN `players` AS `p` ON `pd`.`player_id`=`p`.`id` WHERE `pd`.`killed_by` = '".mysql_real_escape_string($profile_data['name'])."'  ORDER BY `pd`.`time` DESC LIMIT 10;");
Click to expand...
I'm using php version 7.1.1
The error is gone ,but it does not load anything after deletion part.
 
Upvote 0 Downvote
Boy67 said:
Is the page loading?

View the page source and see where if you can see any errors there, or where the page stops rendering.
Click to expand...
Yes its loading ,i changed mysql_real_escape_string to mysql_znote_escape_string and loaded correctly ,is this ok or can cause some problem?
mano368 said:
how did you manage to create a character with > ' ?

in createcharacter.php(2.0 and 1.6 version) has a function that does not allow characters with '

PHP: 
            if (!preg_match("/^[a-zA-Z_ ]+$/", $_POST['name'])) {
                $errors[] = 'Your name may only contain a-z, A-Z and spaces.';
            }
Click to expand...
I created directly in database just to test.
 
Upvote 0 Downvote

Similar threads

ralke
  • Question
AAC ZnoteAAC show killing assists at characterprofile deathlist
Replies
0
Views
163
ralke
ralke
J
  • Question
Problem Myacc (Guild War
Replies
3
Views
712
jareczekjsp
J
ghunalma
  • Question
AAC [Znote AAC] admin_news dont upload images
Replies
3
Views
311
ghunalma
ghunalma
OTcreator
  • Question
MyACC [ONI TEMPLATE] Outfit on TOP5.
Replies
1
Views
345
Addams
Addams
blokerzinha
  • Question
Problem with the wrong player appearing as top even though he is not. Znote
Replies
1
Views
323
blokerzinha
blokerzinha
O
  • Question
Solved Problem after ssl Myaac
Replies
2
Views
229
slaw
slaw
V
  • Question
AAC reset system geisor
Replies
0
Views
277
vitorelias1
V
Back
Top