Welcome Guest, Not a member yet? Register   Sign In
$this->db-update() problem

Hi Guntars,
Thanks for posting this. May I add more information as this happened on my server? Smile
I made simple CMS where you can update website pages. Like Guntars already told there is strange issue after I submit form with changes for DB update.

Strange behaviour starting if I put in CMS content relative path to image then I can not save (submit) anything on server. Let me show example:

<p><img src="../../images/img_system/contact_us.jpg" alt="" /></p>
Under 'not working' I mean, you will not be able to save the changes on server and also you will be kicked out to root of the server as this is testing server.

<p><img src="..& # 4 7 ;../images/img_system/contact_us.jpg" alt="" /></p>
Yes, if I replace [/] with [& # 4 7 ;] then it works but only one time. After you will try to do submit again (without any changes to text) will happened previous scenario.

After that I started to check out what you can submit whatever you like, slash , code samples anything, even [ ../ ] will be ok. Only if there are row with
two dots and slash something is happening.

Not to mention all my inputs I am doing with FCKeditor which already change all in safe way.
I am wrapping all input like you can see here:
$foo = utf8_encode($_POST['foo']);

Still no results. One more strange thing. I am using same Data Base for local tests and for live tests. So basically from local host I can save everything and all works good. Why this not working on live webserver? Can anyone give some advice?

Just last thoughts. Because I am using same DB for local and live enviroment and I can save updates from local machine then maybe there is some security rules for some characters in some special row like (../../)?

Any help would be appreciate!

Messages In This Thread
$this->db-update() problem - by El Forum - 07-03-2009, 07:55 AM
$this->db-update() problem - by El Forum - 07-03-2009, 08:45 AM
$this->db-update() problem - by El Forum - 07-03-2009, 09:41 AM

Theme © iAndrew 2016 - Forum software by © MyBB