Home/ Questions/Q 6470831
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T06:09:20+00:00

I have a problem with simple bit of script and it only seems to

  • 0

I have a problem with simple bit of script and it only seems to be happening on the INESERTING into the database.

I have a form that also uploads an image to the server as well as putting the upload filename into the database, however. It seems that if an apostrophe is used, or quotes that are in UTF8 format are thrown out and the data is not submitted.

I’ve tried using mysql_real_escape_string and addslashes but it has the same effect or either doesn’t post any information entered into the database.

Here is the form data (I’ve striped out the HTML coding to save space on this post)

<form method="post" action="inc/process-report.php" enctype="multipart/form-data">
<input name="Title" type="text" class="NormalTextBox" />
<input name="ShortTitle" type="text" class="NormalTextBox" maxlength="50" />
<select name="date_d" class="NoSetWidthSelectBox">
        <option value'<? echo"$day"; ?>' selected><? echo"$day"; ?></option>
        <option value='01'>01</option>
        <option value='02'>02</option>
        <option value='03'>03</option>
        <option value='04'>04</option>
        <option value='05'>05</option>
        <option value='06'>06</option>
        <option value='07'>07</option>
        <option value='08'>08</option>
        <option value='09'>09</option>
        <option value='10'>10</option>
        <option value='11'>11</option>
        <option value='12'>12</option>
        <option value='13'>13</option>
        <option value='14'>14</option>
        <option value='15'>15</option>
        <option value='16'>16</option>
        <option value='17'>17</option>
        <option value='18'>18</option>
        <option value='19'>19</option>
        <option value='20'>20</option>
        <option value='21'>21</option>
        <option value='22'>22</option>
        <option value='23'>23</option>
        <option value='24'>24</option>
        <option value='25'>25</option>
        <option value='26'>26</option>
        <option value='27'>27</option>
        <option value='28'>28</option>
        <option value='29'>29</option>
        <option value='30'>30</option>
        <option value='31'>31</option>
        </select>
        </select>
          &nbsp;/&nbsp;
          <select name="date_m" class="NoSetWidthSelectBox">
          <option value'<? echo"$month"; ?>' selected><? echo"$month"; ?></option>
        <option value='01'>01</option>
        <option value='02'>02</option>
        <option value='03'>03</option>
        <option value='04'>04</option>
        <option value='05'>05</option>
        <option value='06'>06</option>
        <option value='07'>07</option>
        <option value='08'>08</option>
        <option value='09'>09</option>
        <option value='10'>10</option>
        <option value='11'>11</option>
        <option value='12'>12</option>
          </select>
          &nbsp;/&nbsp;
          <select name="date_y" class="NoSetWidthSelectBox">
        <option value='11' selected>2011</option>
        <option value='12'>2012</option>
        <option value='13'>2013</option>
        <option value='14'>2014</option>
        <option value='15'>2015</option>
        <option value='16'>2016</option>
        <option value='17'>2017</option>
        <option value='18'>2018</option>
        <option value='19'>2019</option>
        <option value='20'>2020</option>
          </select>
<select name="Category" class="NormalSelectBox">
          <option selected="selected" value="">Please Select</option>
          <?php $SQL = "SELECT * FROM " . $match_reports_cats_table . " WHERE active = 'y' ORDER BY name"; 
$result = @mysql_query($SQL) or die("Error Getting Catergories 1"); 
while($row = @mysql_fetch_array($result)) {
$ID = $row["ID"];
$name = $row["name"]; ?>
          <option value="<?php echo stripslashes($row['name']); ?>"><?php echo stripslashes($row['name']); ?></option>
          <? } ?>
        </select>
<textarea name="Story" class="NormalTextArea"></textarea>
<input name="image" type="file" class="UploadTextBox">
        <input type="hidden" name="size" value="2048">
<select name="FrontPage" class="NoSetWidthSelectBox">
          <option selected='No' value='No'>No</option>
          <option value='Yes'>Yes</option>
        </select>
<input type="submit" name="btnSubmit" id="btnSubmit" value="Publish" class="publish_button" />
   <input type="submit" name="btnSubmit" id="btnSubmit" value="Save draft" class="NormalButton" />
    <input type="reset" value="Discard" class="NormalButton" />

and here is the process

if($_POST['btnSubmit'] == 'Save draft'){
//This gets all the other information from the form
    $target = "../../../images/matchreports/uploaded/";
    $target = $target . time() . '-' . basename( $_FILES['image']['name']);
    if(move_uploaded_file($_FILES['image']['tmp_name'], $target)){  
    $Title=$_POST['Title'];
    $ShortTitle=$_POST['ShortTitle'];       
    $Story=$_POST['Story'];
    $Category=$_POST['Category'];
    $FrontPage=$_POST['FrontPage'];
    $image=time() . '-' . basename( $_FILES['image']['name']);  
    $newdate = $_POST['date_y'].''.$_POST['date_m'].''.$_POST['date_d'];
    $user_ip=$_POST['user_ip']; 

//Writes the information to the database        
    mysql_query("INSERT INTO " . $match_reports_table . " (Title,ShortTitle,Story,Category,FrontPage,active,image,date,user_ip)VALUES ('$Title', '$ShortTitle', '$Story', '$Category', '$FrontPage', 'n', '$image', '$newdate', '" . addslashes($_SERVER['REMOTE_ADDR']) . "')") ;

    header("Location: /cms/matchreports/index.php?message=6");  
    exit;
 } else {

//This gets all the other information from the form
    $Title=$_POST['Title'];
    $ShortTitle=$_POST['ShortTitle'];       
    $Story=$_POST['Story'];
    $Category=$_POST['Category'];
    $FrontPage=$_POST['FrontPage'];
    $newdate = $_POST['date_y'].''.$_POST['date_m'].''.$_POST['date_d'];
    $user_ip=$_POST['user_ip'];
//Writes the information to the database        
    mysql_query("INSERT INTO " . $match_reports_table . " (Title,ShortTitle,Story,Category,FrontPage,active,date,user_ip)VALUES ('$Title', '$ShortTitle', '$Story', '$Category', '$FrontPage', 'n', '$newdate', '" . addslashes($_SERVER['REMOTE_ADDR']) . "')") ;

    header("Location: /cms/matchreports/index.php?message=7");  
    exit;}}

EDITED – Is this any better

$target = "../../../images/matchreports/uploaded/";
    $target = $target . time() . '-' . basename( $_FILES['image']['name']);
    if(move_uploaded_file($_FILES['image']['tmp_name'], $target)){
    $image=time() . '-' . basename( $_FILES['image']['name']);      
    $newdate = $_POST['date_y'].''.$_POST['date_m'].''.$_POST['date_d'];
$SQL = "INSERT INTO " . $match_reports_table . " (Title,ShortTitle,Story,FrontPage,active,image,date,user_ip) VALUES('" . addslashes($_REQUEST['Title']) . "','" . addslashes($_REQUEST['ShortTitle']) . "','" . addslashes($_REQUEST['Story']) . "','" . addslashes($_REQUEST['FrontPage']) . "','" . addslashes(y) . "','$image','$newdate','" . addslashes($_SERVER['REMOTE_ADDR']) . "')";
    $result = @mysql_query($SQL) or die("Error Publishing 1");
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As noted in the comments, holy sql injection batman. Regardless, what you need to do is recreate the issue, and echo out the SQL being generated and handed off to mysql, and see what it looks like. There is obviously a syntax error it and you will probably see it if you print out the query.

    EDIT:

    Change this: 

    mysql_query("INSERT INTO " . $match_reports_table . " (Title,ShortTitle,Story,Category,FrontPage,active,image,date,user_ip)VALUES ('$Title', '$ShortTitle', '$Story', '$Category', '$FrontPage', 'n', '$image', '$newdate', '" . addslashes($_SERVER['REMOTE_ADDR']) . "')") ;

    To this:

    $sql="INSERT INTO " . $match_reports_table . " (Title,ShortTitle,Story,Category,FrontPage,active,image,date,user_ip)VALUES ('$Title', '$ShortTitle', '$Story', '$Category', '$FrontPage', 'n', '$image', '$newdate', '" . addslashes($_SERVER['REMOTE_ADDR']) . "')";
mysql_query($sql) ;
echo $sql;
    • 0