21
redheadedrod
Re: animal pedigree database, problems moving to new server

mysql_real_escape_string is depreciated and really should be changed to the XOOPS function that calls the proper function.

ANY Mysql code will fail when running under PHP 7.

There are Xoops functions for just about every MySQL call for 2.5 and should be used instead. Calling mysql or mysqli directly is a bad idea and may not work with 2.6.

Using the Xoops functions will work in all 2.5.x versions of xoops. And will not only work with php 5 but should also work with php 7

22
ccpedigree
Re: animal pedigree database, problems moving to new server
  • 2016/4/22 6:58

  • ccpedigree

  • Just popping in

  • Posts: 9

  • Since: 2016/3/31


In the code is this:

$query "INSERT INTO ".$xoopsDB->prefix("mod_pedigree_temp")." VALUES ('".$random."','".unhtmlentities($name)."','".$id_eigenaar."','".$id_fokker."','".$user."','".$roft."','','','".$foto."', ''".$usersql.")";
        
//echo $query; die();
$xoopsDB->query($query);


So how can I prevent SQL Injection errors from Protector when I insert a field with a quote in the value?

unhtmlentities, mysql_real_escape_string, addslashes, all triggered Protector.

23
geekwright
Re: animal pedigree database, problems moving to new server

In the insert cycle it will actually construct more than one sql string with the name input, one to check the name availability, and one to insert. Both of those need to be escaped. The same kind of issues hit other columns and tables, too, i.e. breeder names.

I've fixed those issues and more on the current development version on github:
https://github.com/XoopsModules25x/pedigree

All new efforts will be focused on this repository. Reports against this repository are more likely to get acted on. We don't have the bandwidth to support multiple versions, and this one already has a large number of changes which are essential to working in newer environments, as well as numerous security fixes.

Once this foundation work is complete, we can begin to address some of the UI issues that have been discussed.

24
Bleekk
Re: animal pedigree database, problems moving to new server
  • 2016/4/24 14:08

  • Bleekk

  • Theme Designer

  • Posts: 940

  • Since: 2002/12/14


I have submittet 2 small fixes to github

- The section "Temporary" was not working
- Display Welcome Message on the module index page

Also I have replaces the old php chart with the jquery canvasjs chart
Resized Image

Would you like to have this jquery chart in the module? Should I submit it?
It is much more modern then the old php chart

25
Mamba
Re: animal pedigree database, problems moving to new server
  • 2016/4/24 14:42

  • Mamba

  • Moderator

  • Posts: 11366

  • Since: 2004/4/23


Quote:
Would you like to have this jquery chart in the module? Should I submit it?

Absolutely!!!!
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

26
Bleekk
Re: animal pedigree database, problems moving to new server
  • 2016/4/24 18:59

  • Bleekk

  • Theme Designer

  • Posts: 940

  • Since: 2002/12/14


submitted :)

27
Mamba
Re: animal pedigree database, problems moving to new server
  • 2016/4/25 5:44

  • Mamba

  • Moderator

  • Posts: 11366

  • Since: 2004/4/23


Awesome!!! Thank you!
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

28
supergran
Re: animal pedigree database, problems moving to new server
  • 2016/4/25 22:35

  • supergran

  • Friend of XOOPS

  • Posts: 25

  • Since: 2011/6/6 1


This discussion is really useful- Thank-you!!
I have been looking at some of the xoops presentations and developer information to try and improve and update my php /my sql & xoops knowledge up to date and be of more help in the future. Can you point me in the right direction for the best and most up to date material that you have?
In the meantime I'll make a small donation. Thanks again to all on the development team for taking the time to update this module.
Jan

29
Mamba
Re: animal pedigree database, problems moving to new server
  • 2016/4/26 1:31

  • Mamba

  • Moderator

  • Posts: 11366

  • Since: 2004/4/23


Quote:
I have been looking at some of the xoops presentations and developer information to try and improve and update my php /my sql & xoops knowledge up to date and be of more help in the future. Can you point me in the right direction for the best and most up to date material that you have?


There are few books on XOOPS that you might find useful.

And of course, our library of tutorials:

https://www.gitbook.com/@xoops/
https://www.gitbook.com/@mambax7/

and few slide presentations:
http://www.slideshare.net/xoopsproject/

And of course, tons of responses here on these forums.

For the next version of XOOPS we'll need to create some updated tutorials for developers, as quite few things will change there.

FYI - I was working on Pedigree over the weekend, trying to merge some of the changes submitted by Zyspec and Bleekk, and some of the changes I've made recently, with the changes made by Geekwright.. Because there were quite few of them, this is probably only half done, and a lot of stuff is not working there, but if you want to take a look, the code is here:

https://github.com/mambax7/pedigree

For all the XOOPSers out there - fork it, make improvements, and submit back!
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

30
supergran
Re: animal pedigree database, problems moving to new server
  • 2016/4/26 5:45

  • supergran

  • Friend of XOOPS

  • Posts: 25

  • Since: 2011/6/6 1


Thank you. I've downloaded the latest presentations and will take a look at the books.

I reloaded the latest master core for 2.5.8 on php7 today. Access to templates etc now works great. It seems some of the pedigree issues I had were bootstrap theme specific. After making changes to the module I couldn't view the site and got an error of:
Error: Call to a member function dirname() on null
- Hope that's useful.
Changing the theme to Suico restored my view and I was also able to see the welcome page and menu etc. which I couldn't with the bootstrap theme.
I'll mark the repository in your link now as the definitive repository?
I am so glad to see the progress not just on this module but Xoops too. Thanks again. Much appreciated.
Jan

Login

Who's Online

259 user(s) are online (145 user(s) are browsing Support Forums)


Members: 0


Guests: 259


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits