Is someone trying to hack the form?


When someone sign up, the system sends me an email. I should get following emails:

Fistname Lastname just submitted online form.

But I sometimes get following:

x\\\';\\ aeea09b3-d4a5-44ec-abab-fa40fd90f33d just submitted online form.


What do you think these scrambled characters Is someone trying to hack the system
Posted On: Thursday 25th of October 2012 11:11:39 PM Total Views:  145
View Complete with Replies

RELATED TOPICS OF MYSQL PROGRAMMING LANGUAGE




Resolved Problem trying to Update a mysql record

Hi , I am a complete beginner when it comes to coding, i cobbled my results system from varying websites, i run a small website for a local junior football team and am having trouble with a results ticker http://test.nethertonjfc.com/results/results.php that i am trying to implement into the site. It used to work but now with the new season about to get under way i retested to make sure it was all ok and the error as started . I can add a new record and also delete an existing record, i cannot for some reason edit a record even though the output from the form says it was successful. Any help with tracking down my problem will be greatly appreciated this is the page where the work is done. (A TEST PAGE) http://test.nethertonjfc.com/results/list_records.php These are the 2 files that are used in the update process. http://test.nethertonjfc.com/results/update.php Code:
VIEWS ON THIS POST

187

Posted on:

Monday 24th September 2012
View Replies!

Page 2 - Merging commands and trying to do a selective table merge

well, that's too bad, because the example in the manual is pretty simple -- UPDATE items,month SET items.price=month.price WHERE items.id=month.id; let's see what this would look like for your tables... UPDATE creature_proto, whydb_world SET creature_proto.mindamage = whydb_world.mindamage WHERE ... and that's where it breaks down for me, because i don't understand how your tables are related
VIEWS ON THIS POST

120

Posted on:

Friday 12th October 2012
View Replies!

Error when trying to update a database using PhP & Forms

Hi I've been trying to get this script working that alows a user to update his/her guild roster on a php page, that shows on a page where people can view all guild rosters at once. I have "SearchText" in the correct places and it all shows on amend1.php, but amend2.php shows this error: ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE reference='searchtext'' at line 2 When pressing the update button. Could anyone tell me where i am going wrong My PhP files are as follows: Amend1.php: PHP Code: \t
VIEWS ON THIS POST

127

Posted on:

Friday 12th October 2012
View Replies!

Can someone please help me with command.php

Hi all, Iam a new to mysql, I am making a game on facebook, and have created a databse using mysql, but now I dont know how to make a command.php file to query the database. I have searched and found nothing that can really help, so if there is anyone that can possibly help me with this common.php file it would be sooo appreciated.
VIEWS ON THIS POST

98

Posted on:

Friday 12th October 2012
View Replies!

PhpMyAdmin giving error when trying to run sql query

Hi im using phpMyadmin. I click the SQL tab and the try running the following query(which was created using a myslqdump) to create the table users_tbl Code: CREATE TABLE `users_tbl` ( `userID` int( 3 ) NOT NULL AUTO_INCREMENT , `email` varchar( 30 ) default NULL , `password` varchar( 30 ) default NULL , `first_name` varchar( 30 ) default NULL , `last_name` varchar( 30 ) default NULL , `country` varchar( 30 ) default NULL , `admin_level` int( 10 ) NOT NULL default '0', `date_added` timestamp NULL default CURRENT_TIMESTAMP , `added_by` int( 10 ) default '0', PRIMARY KEY ( `userID` ) ) However I keep getting the error when i try to run the query: Code: #1064 - You have an error in your SQL syntax near 'CURRENT_TIMESTAMP, `added_by` int(10) default '0', PRIMARY KEY (`userID`)' at line 10 Does anyone know what the cause for this is Cheers
VIEWS ON THIS POST

126

Posted on:

Friday 12th October 2012
View Replies!

MySQL Syntax Error (while trying SQL UPDATE) using PHP

I am really having hard time figuring out what's wrong with the code below which isn't working. PHP Code: if(isset($_POST['privacy_submit'])){ \tif(($_SERVER['REQUEST_METHOD']=="POST")) \t\t\t\t{ \t\t\t\t\t\t$privacy_upd=mysql_query("UPDATEprivacy_termsSET \t\t\t\t\t\t'p_bannerads'='".$_POST['p_bannerads']."', \t\t\t\t\t\t'p_shareinfo'='".$_POST['p_shareinfo']."', \t\t\t\t\t\t'p_crossmarketing'='".$_POST['p_crossmarketing']."', \t\t\t\t\t\t'p_tacking'='".$_POST['p_tacking']."', \t\t\t\t\t\t'p_sendcommunication'='".$_POST['p_sendcommunication']."', \t\t\t\t\t\t'p_under13'='".$_POST['p_under13']."', \t\t\t\t\t\t'p_internationally'='".$_POST['p_internationally']."', \t\t\t\t\t\t'p_discloselegal'='".$_POST['p_discloselegal']."', \t\t\t\t\t\t'p_server_country'='".$_POST['p_server_country']."', \t\t\t\t\t\t'p_forums'='".$_POST['p_forums']."', \t\t\t\t\t\t'p_newslettermodule'='".$_POST['p_newslettermodule']."', \t\t\t\t\t\t'p_membershipmodule'='".$_POST['p_membershipmodule']."' \t\t\t\t\t\t")ordie(mysql_error()); \t\t\t\t$msg="SuccessfullyUpdated!"; \t\t\t\t} \t\t} else\t\t{ \t\t\t\t$msg="Incorrectmethodofsubmission.Pleasetryagain."; } > PrivacyPolicy ......................................................................................... ........................ MySQL Error returns the following: Quote: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''p_bannerads' = 'do not', 'p_shareinfo' = 'do not', 'p_cross' at line 2 Let me know if any of your can solve it for me, I would appreciate since I am not able to solve it for last two days already. My brain isn't working anymore.... Thank you...
VIEWS ON THIS POST

105

Posted on:

Friday 12th October 2012
View Replies!

Please help! trying to do an import - FAIL

, I'm almost practically begging for help on this one, I'm really hoping the community can shed some light on my issue here. I have two servers one called tai01: (production) and tai02: (slave)... The two were replicating, by accident, 01 was blown away, we do nightly dumps of the db, so no worries right well when i tried to do an import i got not half way through on 01 and got this error: ERROR 1005 (HY000) at line 25: Can't create table './leadforward_prod/campaigns.frm' (errno: -1) we use innodb, now importing campaigns.sql on the second server works just fine but not on the primary server! if i remove this line below out of the import on the master server it works, however, it turns it into a myisam db not innodb, if i turn default engine into innodb all together on the master server it fails as well. ENGINE=InnoDB AUTO_INCREMENT=910 DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; Can anyone or is anyone willing to help Thank you for any idea's.... i have included both my.cnf's on both servers below: server01: [mysqld] #have-bdb=0 #innodb-safe-binlog #log-output=TABLE #max_connect_errors #myisam_recover_options=BACKUP basedir=/usr/ datadir=/var/lib/mysql innodb_checksums=0 innodb_concurrency_tickets=10000 innodb_file_per_table innodb_flush_log_at_trx_commit=0 innodb_flush_method=O_DIRECT innodb_log_buffer_size=32M innodb_log_file_size=512M innodb_max_dirty_pages_pct=20 innodb_support_xa=0 default-storage-engine=innodb log-bin=/var/lib/mysql/ta01-binlog log-slave-updates log-slow-queries=/var/log/mysql/ta01-slow-queries.log log_warnings=2 max_heap_table_size=16777216 pid-file=/var/lib/mysql/mysql.pid query_cache_limit=512K query_cache_type=1 relay-log-index=/var/lib/mysql/ta01-relay-index relay-log-info-file=/var/lib/mysql/ta01-relay-info relay-log=/var/lib/mysql/ta01-relay-log server-id=1 skip-name-resolve slave_net_timeout=60 socket=/var/lib/mysql/mysql.sock sort_buffer_size=32M sync_binlog=1 thread_cache_size=4 tmp_table_size=16777216 user=mysql init_connect='SET NAMES utf8' character-set-server=utf8 collation-server=utf8_general_ci transaction-isolation=REPEATABLE-READ # wait_timeout=30 interactive_timeout=720 # query_cache_size=50M join_buffer_size=1M table_cache=36 innodb_buffer_pool_size=1G [mysqld_safe] log-error=/var/log/mysql/mysqld.log pid-file=/var/run/mysqld/mysqld.pid server 02: [mysqld] max_connections=16384 # query_cache_limit= #log-output=TABLE datadir=/var/lib/mysql innodb_buffer_pool_size=2G innodb_checksums=0 innodb_concurrency_tickets=10000 innodb_file_per_table innodb_flush_log_at_trx_commit=0 innodb_flush_method=O_DIRECT innodb_log_buffer_size=32M innodb_log_file_size=512M innodb_max_dirty_pages_pct=20 innodb_support_xa=0 join_buffer_size=1M log-bin=/var/lib/mysql/ta02-binlog log-slave-updates log-slow-queries=/var/log/mysql/ta02-slow-queries.log log_warnings=2 long_query_time=5 max_heap_table_size=16777216 pid-file=/var/lib/mysql/mysql.pid query_cache_limit=512K query_cache_size=50M query_cache_type=1 relay-log-index=/var/lib/mysql/ta02-relay-index relay-log-info-file=/var/lib/mysql/ta02-relay-info relay-log=/var/lib/mysql/ta02-relay-log skip-name-resolve slave-skip-errors=1062 slave_net_timeout=60 socket=/var/lib/mysql/mysql.sock sort_buffer_size=32M ssl ssl-ca=/etc/mysql/certs/ca_9866b8f90f21f46abd2df0e3a31424fe.crt.pem ssl-capath=/etc/mysql/certs ssl-cert=/etc/mysql/certs/server_c82f44f6f7fc6cef183df2b57c6171ba.crt.pem ssl-cipher=DHE-RSA-AES256-SHA ssl-key=/etc/mysql/certs/server_2170cba23eac561543d79d682439e6a3.key.pem sync_binlog=1 table_cache=36 thread_cache_size=4 tmp_table_size=16777216 user=mysql wait_timeout=999 init_connect='SET NAMES utf8' character-set-server=utf8 collation-server=utf8_general_ci [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid any help or suggestions i would apperciaite it.
VIEWS ON THIS POST

124

Posted on:

Friday 12th October 2012
View Replies!

Query missing details from one column [was: Pls i need someone to check this out!]

i have an sql statement which has been given me sleepless nights. the staments is suppose to pull records but it pulls the records and omits the debit detail this is the code :SELECT users.username,users.account,users.amount,money.credit,money.Debit,money.date FROM users INNNER JOIN money ON users.username = money.username WHERE users.username = '$username'" pls i need someone to help me with it or am i doing sometin wrong here
VIEWS ON THIS POST

220

Posted on:

Friday 12th October 2012
View Replies!

Newbie here, trying to interface with MySQL server with c++

, I am working on a project that requires accessing a MySQL database on the local machine. After some research it seems the least complicated way to do this is through use of mysql.h. I found an extremely simple sample program on the web that just established a connection to the DB: Code: #include #include #include using namespace std; MYSQL *connection, mysql; MYSQL_RES *result; MYSQL_ROW row; int query_state; int main() { mysql_init(&mysql); connection = mysql_real_connect(&mysql, "localhost", "root", "frontrow", "WIDGET", 0, 0, 0); if (connection == NULL) { cout Linking... 1>LINK : fatal error LNK1104: cannot open file 'C:\Program.obj' 1>Build log was saved at "file://c:\Users\Brad\Documents\Visual Studio 2008\Projects\DBTest\DBTest\Debug\BuildLog.htm" 1>DBTest - 1 error(s), 0 warning(s) ========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ========== I have the MySQL server installed correctly, as I can go in through the command prompt interface and manipulate the data manually. I have added C:\ Program Files\MySQL\MySQL Server 5.1\bin to the executable files directory list, C:\Program Files\MySQL\MySQL Server 5.1\include to the include directories, and C:\Program Files\MySQL\MySQL Server 5.1\lib\opt to the libraries directories. I don't even know what Program.obj is. Does anyone have any ideas
VIEWS ON THIS POST

104

Posted on:

Friday 12th October 2012
View Replies!

Getting Error 1064 when trying to insert a row with 0 value

I'm getting Error #1064 when i try to insert a record with 0 in a decimal field (the field name is "estimation") into my table. This is my query: Code: insert into needs(id_org,date_created,date_required,place_required,description,contact,phone,email, remarks, cur_id,estimation,user_id) values(2,'2011-01-31','2011-02-07','Place','test','Tom Jones','111-1234','','test',,0,2) This query works if the 'estimation' field has any other value except 0. Note that 'estimation' is set to DECIMAL(10,2) Can anyone assist\t
VIEWS ON THIS POST

108

Posted on:

Sunday 21st October 2012
View Replies!

error trying to get form data into mysql

I'm using this code to get my post data into my database Code: $sql="INSERT INTO nproducts (title, ref, desc, imgloc, keywords, price) VALUES ('$_POST[title]','','$_POST[dec]','$_POST[imgloc]','$_POST[keywords]','$_POST[price]')"; but im getting this error msg, ref is set as auto inc, do I even need to include this with the insert I have tried with and without it but same problem. Code: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc, imgloc, keywords, price) VALUES ('Oven34','','Variables are one of the cor' at line 1 be helpful if someone can point me in the right direction, I'm not sure how to find out where my problem lies.
VIEWS ON THIS POST

124

Posted on:

Sunday 21st October 2012
View Replies!

'Select *' is evil I hear. Could someone enlighten me with details?

I have been told it is bad by people whose opinions I trust. I have heard it was evil on this very board many a time. I have not heard WHY it was evil. Let me demonstrate with an example where I am using it right now and probably should not be. I have an item database for a complex game. Each item has 70 some fields associated with it (most of them optional and empty). There are many times when I need all 70 fields (item display, creating hover 'tiptext' for inline stat viewing, loading up the admin edit form for that item id number, etc...). When this happens I use the following statement: select * from items where `id`='$item_id' Then I have 70 some lines of code handling the resulting data. Is * bad form here Should I really be listing all 70 fields separately It seems like a very fertile grounds for typos, and one more place to forget to add a new field into the code in the event that one has to be added. Or is this one of those cases where it would be okay Would 'items.*' be better, or just as bad
VIEWS ON THIS POST

77

Posted on:

Monday 22nd October 2012
View Replies!

trying to pull id, count and title but lose rows when i add extra join

i'm trying to extract some information from my database, the query being PHP Code: \t\t\t\t\t\tSELECTgrps_c.catid,grps_c.title,COUNT(grps.groupid)ASCOUNT \t\t\t\t\t\tFROMgrps \t\t\t\t\t\tRIGHTJOINgrps_categorygrps_cON(grps_c.catid=grps.catid) \t\t\t\t\t\tGROUPBYgrps_c.catid \t\t\t\t\t\tORDERBYgrps_c.title which works fine. however some of the groups (grps.groupid) are hidden and i don't want to count them, so my thinking was add PHP Code: LEFTJOINgrps_settinggrps_sON(grps_s.groupid=grps.groupidANDgrps_s.hidden_group!='1') however adding that removes the rows that have a 'count' or NULL or Zero. What am i doing wrong
VIEWS ON THIS POST

99

Posted on:

Monday 22nd October 2012
View Replies!

Merging commands and trying to do a selective table merge

Ok, the first problem is this. I have a large section of SQL commands to do, and I wish to know if there's a more efficient solution to do this. Background: I am working with multiple databases, each one is the same general format, but the data is dissimilar. It's incorrect in varying ways. The code below is intended to iron out some of those issues by pulling in fresh data from a second DB that is more accurate regarding aspect of the database as a whole. [MYSQL]DELETE FROM vendors WHERE entry=30239; INSERT INTO vendors SELECT * FROM ncdb_world.vendors WHERE entry=30239;[/MYSQL] The second issue is more complicated. I need a script that goes through the given table (in this case creature_proto) and selectively pulls in fresh data from another table when mindamage and maxdamage are both 1 or are both 0. The workaround I'm doing right now is manually looking at each entry in a table 36k entries long, and repeating the process every time there's a mass update. The code I'm using when I find a bad line is: [MYSQL]UPDATE creature_proto SET mindamage=11, maxdamage=14.19 WHERE entry=1721;[/MYSQL] Any assistance on these matters would be greatly appreciated. Thank you. - Aaron, Head Developer of MagicWoW Edit: Forgot to mention, I'm using MySQL 5.0.51b (comes standard with the version wampserver I'm using for MagicWoW)
VIEWS ON THIS POST

117

Posted on:

Wednesday 24th October 2012
View Replies!

Can someone explain this: CURDATE() - INTERVAL 8 HOUR

Code: SELECT CURDATE(), CURTIME(), CURDATE() - INTERVAL 8 HOUR CURDATE() CURTIME() CURDATE() - INTERVAL 8 HOUR 2007-10-12 14:13:52 2007-10-11 16:00:00 I thought that CURDATE() - INTERVAL 8 HOUR would subtract 8 hours from the current time and return it. Instead it returns 2007-10-11 16:00:00. What's up with that
VIEWS ON THIS POST

84

Posted on:

Wednesday 24th October 2012
View Replies!

trying for multiplication in query

I think someone may tell me to do this post-process but here goes. querying a table for several records and two cols from each - quantity and price. eg Code: | id | quantity | price | | 2 | 34 | 11.68 | | 3 | 3 | 5.48 | I would like the returned result to the multiplication of quantity and price, totalled over all records. ie 34 * 11.68 + 3 * 5.48 ___________ result returned 413.56 do-able\t bazz
VIEWS ON THIS POST

142

Posted on:

Thursday 25th October 2012
View Replies!

Can someone help with a join SQL statement

Hi I've got a Wordpress powered site but I've also got a few php pages outside of my WP installation which I need to query the database that powers my WP site. Everything is fine apart from the fact that I don't really know how to write a particular SQL statement which involves a join. I was wondering if someone could help me. Basically what I want is to be able to get the ID, post_title, post_excerpt, post_content from the wp_posts table and then the meta_value from the table wp_postmeta table but where the meta_key = "large_download_button" and the ID from wp_posts matches the post_id on wp_postmeta Of course wp_posts.ID and wp_postmeta.post_id are the common fields between the two tables. These are the two tables wp_posts and wp_postmeta wp_posts ID post_author post_date post_date_gmt post_content post_title post_excerpt post_status comment_status pint_status post_password post_name to_ping pinged post_modified post_modified_gmt post_content_filtered post_parent guid menu_order post_type post_mine_type comment_count wp_postmeta meta_id post_id meta_key meta_value many
VIEWS ON THIS POST

130

Posted on:

Thursday 25th October 2012
View Replies!

Sound easy I hope someone can help?

I have a website built on Drupal CMS, it has a blog and forum, but that's really not the real content of my site. I was contacted by Founder/Admin of a major Forum running Vbulletin. The Admin of that forum wants me to integrated my current pedigree database onto his website, can this be done
VIEWS ON THIS POST

108

Posted on:

Thursday 25th October 2012
View Replies!

Deciphering site hack

One of the websites that I own runs MS SQL Server and today it was hacked (like a lot of others). I've fixed the problem and found that they were running this code: Code: DECLARE @S VARCHAR(4000); SET @S = CAST(0x4445434C41524520blah AS VARCHAR(4000)); Now I've purposely removed the end of the CAST function but how do I translate this to realise exactly what they were doing
VIEWS ON THIS POST

34

Posted on:

Thursday 25th October 2012
View Replies!

Error trying to import to mysql...help please

I exported a small database to my computer Desktop. A .sql file. I asked my new web host to help me import it my new web mysql. I uploaded it and they attempted it directly to mysql(no phpmyadmin) and they replied "the importing of the backuped file to your database gives errors, and overwrites existing settings" and then provided the foloowing information below. Can someone help me tell me what this means and explain what went wrong and how this can be remedied Thank you. Query: CREATE TABLE `accounts` ( `account_id` bigint(20) NOT NULL auto_increment, `user_name` varchar(50) NOT NULL, `first_name` varchar(100) NOT NULL default '', `middle_initials` varchar(10) NOT NULL default '', `last_name` varchar(100) NOT NULL default '', `password` varchar(100) NOT NULL, `security_question` varchar(250) NOT NULL default '', `security_question_answer` varchar(250) NOT NULL default '', `email` varchar(200) NOT NULL, `phone` varchar(100) NOT NULL default '', `mobile_phone_number` varchar(100) NOT NULL default '', `account_type_id` int(11) NOT NULL default '1', `address` varchar(255) NOT NULL default '', `address_second` varchar(255) NOT NULL default '', `state` varchar(150) NOT NULL default '', `city` varchar(150) NOT NULL default '', `zip_code` varchar(150) NOT NULL default '', `country_id` int(11) NOT NULL default '0', `country_name` varchar(100) NOT NULL default '', `status_id` int(11) NOT NULL default '1', `status_title` varchar(50) NOT NULL, `date_creation` date NOT NULL, `date_last_login` date NOT NULL, `user_agreement` varchar(20) NOT NULL, `last_ip_address` varchar(20) NOT NULL, `activation_code` varchar(100) NOT NULL default '', `date_last_payment` date default NULL, `terms` varchar(3) default 'yes', `login_count` int(11) NOT NULL default '0', PRIMARY KEY (`account_id`), UNIQUE KEY `ix_accounts_email` (`email`), UNIQUE KEY `ix_accounts_user_name` (`user_name`), KEY `ix_accounts_first_name` (`first_name`), KEY `ix_accounts_family_name` (`last_name`), KEY `ix_accounts_country_id` (`country_id`), KEY `ix_accounts_status_id` (`status_id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=23 Error occured at:2007-10-01 19:26:42 Line no.:59 Error Code: 1050 - Table 'accounts' already exists
VIEWS ON THIS POST

444

Posted on:

Thursday 25th October 2012
View Replies!