+ Post New Thread
Results 1 to 4 of 4
Web Development Thread, OneOrZero / PHP Hack needed in Coding and Web Development; Need some help with this one.. Using LDAP to authenticate users in One||Zero, but come across a problem with a ...
  1. #1

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,724
    Thank Post
    867
    Thanked 666 Times in 438 Posts
    Rep Power
    501

    OneOrZero / PHP Hack needed

    Need some help with this one..

    Using LDAP to authenticate users in One||Zero, but come across a problem with a couple of users who have apostrophe's in their names.. (eg: O'Connor) and email addresses..

    I need to know how to get PHP to ignore the apostrophe's as its refusing to allow them to logon with the following errors:

    LDAP server did not return any users for the specified Username! ... Check the 'LDAP User Search Attribute' in the Moorside High School Server Settings!
    and

    Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'neill',user_name='joneill',email='jo'neill@staff. internal',password='d41d8cd98f0' at line 1

  2. #2
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    take a look at addslashes() to escape the single quotes before you try to use the variable to query the db.

  3. #3

    Join Date
    Feb 2008
    Location
    UK
    Posts
    44
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    As contink said, addslashes should do it for you.

    You might want to check over the script for any other instances of that query, as allowing characters like that in the query unescaped is pretty dangerous - depending on your situation.

    Best Regards,

  4. #4

    Join Date
    Feb 2008
    Location
    Stevenage, Hertfordshire
    Posts
    111
    Thank Post
    3
    Thanked 8 Times in 5 Posts
    Rep Power
    15
    as said above, you should really be stripping all HTML and using addslash() to all your inputs fields, i usualy do it first thing, about a year ago my mate managed to SQL inject the virgin media website. its risky stuff. and in secondary schools and colleges students are becomming more and more clever!

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 2
    Last Post: 1st February 2008, 10:24 AM
  2. Check your Telephone systems - Hack Issue.
    By Benji1 in forum Hardware
    Replies: 4
    Last Post: 27th November 2007, 08:57 AM
  3. URGENT - YouTube hack needed
    By alan-d in forum How do you do....it?
    Replies: 12
    Last Post: 16th October 2007, 05:24 PM
  4. Replies: 1
    Last Post: 14th June 2007, 07:50 AM
  5. advice needed on weather a new server is needed
    By projector1 in forum Hardware
    Replies: 3
    Last Post: 24th February 2006, 09:20 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •