xoops forums

redheadedrod

Home away from home
Posted on: 2016/4/22 2:51
redheadedrod
redheadedrod (Show more)
Home away from home
Posts: 1296
Since: 2008/2/26
#21

Re: animal pedigree database, problems moving to new server

mysql_real_escape_string is depreciated and really should be changed to the XOOPS function that calls the proper function.

ANY Mysql code will fail when running under PHP 7.

There are Xoops functions for just about every MySQL call for 2.5 and should be used instead. Calling mysql or mysqli directly is a bad idea and may not work with 2.6.

Using the Xoops functions will work in all 2.5.x versions of xoops. And will not only work with php 5 but should also work with php 7

ccpedigree

Just popping in
Posted on: 2016/4/22 6:58
ccpedigree
ccpedigree (Show more)
Just popping in
Posts: 9
Since: 2016/3/31
#22

Re: animal pedigree database, problems moving to new server

In the code is this:

$query "INSERT INTO ".$xoopsDB->prefix("mod_pedigree_temp")." VALUES ('".$random."','".unhtmlentities($name)."','".$id_eigenaar."','".$id_fokker."','".$user."','".$roft."','','','".$foto."', ''".$usersql.")";
        
//echo $query; die();
$xoopsDB->query($query);


So how can I prevent SQL Injection errors from Protector when I insert a field with a quote in the value?

unhtmlentities, mysql_real_escape_string, addslashes, all triggered Protector.

geekwright

Quite a regular
Posted on: 2016/4/23 4:46
geekwright
geekwright (Show more)
Quite a regular
Posts: 260
Since: 2010/10/15
#23

Re: animal pedigree database, problems moving to new server

In the insert cycle it will actually construct more than one sql string with the name input, one to check the name availability, and one to insert. Both of those need to be escaped. The same kind of issues hit other columns and tables, too, i.e. breeder names.

I've fixed those issues and more on the current development version on github:
https://github.com/XoopsModules25x/pedigree

All new efforts will be focused on this repository. Reports against this repository are more likely to get acted on. We don't have the bandwidth to support multiple versions, and this one already has a large number of changes which are essential to working in newer environments, as well as numerous security fixes.

Once this foundation work is complete, we can begin to address some of the UI issues that have been discussed.

Bleekk

Theme Designer
Posted on: 2016/4/24 14:08
Bleekk
Bleekk (Show more)
Theme Designer
Posts: 934
Since: 2002/12/14
#24

Re: animal pedigree database, problems moving to new server

I have submittet 2 small fixes to github

- The section "Temporary" was not working
- Display Welcome Message on the module index page

Also I have replaces the old php chart with the jquery canvasjs chart
Resized Image

Would you like to have this jquery chart in the module? Should I submit it?
It is much more modern then the old php chart

Mamba

Moderator
Posted on: 2016/4/24 14:42
Mamba
Mamba (Show more)
Moderator
Posts: 10733
Since: 2004/4/23
#25

Re: animal pedigree database, problems moving to new server

Quote:
Would you like to have this jquery chart in the module? Should I submit it?

Absolutely!!!!
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

Bleekk

Theme Designer
Posted on: 2016/4/24 18:59
Bleekk
Bleekk (Show more)
Theme Designer
Posts: 934
Since: 2002/12/14
#26

Re: animal pedigree database, problems moving to new server

submitted :)

Mamba

Moderator
Posted on: 2016/4/25 5:44
Mamba
Mamba (Show more)
Moderator
Posts: 10733
Since: 2004/4/23
#27

Re: animal pedigree database, problems moving to new server

Awesome!!! Thank you!
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

supergran

Friend of XOOPS
Posted on: 2016/4/25 22:35
supergran
supergran (Show more)
Friend of XOOPS
Posts: 25
Since: 2011/6/6 1
#28

Re: animal pedigree database, problems moving to new server

This discussion is really useful- Thank-you!!
I have been looking at some of the xoops presentations and developer information to try and improve and update my php /my sql & xoops knowledge up to date and be of more help in the future. Can you point me in the right direction for the best and most up to date material that you have?
In the meantime I'll make a small donation. Thanks again to all on the development team for taking the time to update this module.
Jan

Mamba

Moderator
Posted on: 2016/4/26 1:31
Mamba
Mamba (Show more)
Moderator
Posts: 10733
Since: 2004/4/23
#29

Re: animal pedigree database, problems moving to new server

Quote:
I have been looking at some of the xoops presentations and developer information to try and improve and update my php /my sql & xoops knowledge up to date and be of more help in the future. Can you point me in the right direction for the best and most up to date material that you have?


There are few books on XOOPS that you might find useful.

And of course, our library of tutorials:

https://www.gitbook.com/@xoops/
https://www.gitbook.com/@mambax7/

and few slide presentations:
http://www.slideshare.net/xoopsproject/

And of course, tons of responses here on these forums.

For the next version of XOOPS we'll need to create some updated tutorials for developers, as quite few things will change there.

FYI - I was working on Pedigree over the weekend, trying to merge some of the changes submitted by Zyspec and Bleekk, and some of the changes I've made recently, with the changes made by Geekwright.. Because there were quite few of them, this is probably only half done, and a lot of stuff is not working there, but if you want to take a look, the code is here:

https://github.com/mambax7/pedigree

For all the XOOPSers out there - fork it, make improvements, and submit back!
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

supergran

Friend of XOOPS
Posted on: 2016/4/26 5:45
supergran
supergran (Show more)
Friend of XOOPS
Posts: 25
Since: 2011/6/6 1
#30

Re: animal pedigree database, problems moving to new server

Thank you. I've downloaded the latest presentations and will take a look at the books.

I reloaded the latest master core for 2.5.8 on php7 today. Access to templates etc now works great. It seems some of the pedigree issues I had were bootstrap theme specific. After making changes to the module I couldn't view the site and got an error of:
Error: Call to a member function dirname() on null
- Hope that's useful.
Changing the theme to Suico restored my view and I was also able to see the welcome page and menu etc. which I couldn't with the bootstrap theme.
I'll mark the repository in your link now as the definitive repository?
I am so glad to see the progress not just on this module but Xoops too. Thanks again. Much appreciated.
Jan