 |
 |
try $request = addslashes($request); otherwise, you are vulnerable to sql injection attacks j Rich Wiggins wrote: >Chris, > >It looks like form handler is choking on a single quote in your >submission. If you have info on patched and disinfected computers >you need to submit, please don't enter single quotes until we >have a chance to do some better parsing. (This is a very simple >form that was put together so that we would track all requests >through our Remedy system). > >Thanks, > >/rich > > > > >><html> >><body> >>I just tried to submit to this and got the following:<br><br> >><b>Warning</b>: Sybase error: Line 10: Incorrect syntax near 's'. >>(severity 15) in >><b>/home/contact/documents/netblock/unblock/admin/admin_submit.php</b> on >>line <b>75<br><br> >>Warning</b>: Sybase error: Unclosed quotation mark before the character >>string ',2)'. (severity 15) in >><b>/home/contact/documents/netblock/unblock/admin/admin_submit.php</b> on >>line <b>75<br><br> >><br> >></b>At 10:32 AM 8/27/2003, you wrote:<br> >><blockquote type=cite class=cite cite><font face="arial" size=2><a >> >>href="http://help.msu.edu/netblock/admin/">http://help.msu.edu/netblock/admin/< >>/a><br> >></font> <br> >><font face="arial" size=2>has been setup to allow system administrators >>to provide us with a list of blocked systems that need to have their >>network connection restored because they have applied the appropriate >>security patches<br> >>and cleaned the systems.<br> >></font> <br> >><font face="arial" size=2>This URL has a login and captures the netid of >>the person who files the report but does not have a list of id's that are >><br> >>"validated" as network admins so we will simply be doing our >>best to recognize the submitter and submit the lists to the network group >>for unblocking. <br> >>Please make sure you fill in all requested information to insure proper >>handling of your requests.<br> >>After your request has been submitted, the submitter will receive an >>email message and tracking number for the request.<br> >></font> <br> >><font face="arial" size=2>Progress of the request can be checked by >>clicking on the status link at >><a href="http://help.msu.edu/virus/">http://help.msu.edu/virus/</a> >>.<br> >></font> <br> >> <br> >><font face="arial" size=2>/sgt<br> >></font> <br> >> <br> >><font face="arial" size=2>Scott G. Thomas<br> >>Division Mgr, Computing Services<br> >>408A Computer Center<br> >>Michigan State University<br> >>517-355-4500 x142<br> >></font> <br> >> </blockquote></body> >><br> >><br> >><div>--Chris</div> >><div>==============================================</div> >><div>Chris >> >>Wolf &nb >>sp; Computer Service Manager</div> >><div>Agricultural Economics >>[log in to unmask]</div> >>Michigan State University 517 353-5017 >></html> >> >>