I'm working with phpnuke 6.5. Sorry if this is already fixed in later versions.
I added a new block to download recent news from Slashdot. I've encountered a problem that every time I load a page on my site, it always calls the Slashdot site, even though the refresh is set for 1 hour. It turns out that some of the slashdot headlines have apostrophes and this breaks the SQL statement to update the content.
In the mainfile.php, you have lines like this:
$sql = "UPDATE ".$prefix."_blocks SET content='$content', time='$btime' WHERE bid='$bid'";
When this line gets called and $content has an apostrophe, it breaks the SQL statement, and the time doesn't get updated. So it keeps calling the site. The line should be updated to use the mysql_escape_string function to escape certain special characters:
$sql = "UPDATE ".$prefix."_blocks SET content='".mysql_escape_string($content)."', time='$btime' WHERE bid='$bid'";
Once I put this fix in, everything worked as expected. The database now updates properly. This mysql_escape_string should be used anywhere that the content may vary. (It should really be used everywhere.)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
