PhotoPost Community - View Single Post

Frost · April 24th, 2005, 02:51 PM

Try sticking PHP_VALUE magic_quotes_gpc 0 in an htaccess file (do not stick $realname = fixfilenames($realname); in uploadproduct.php at this point) and then upload a filename containing an apostrophe. You will then get an "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource" error, which is caused because of the apostophe in the filename, and you will get the subsequent email error message.

Now I see what you mean that addslashes does not help with duplicate image checks, so in this latter case (magic quotes off) the $realname = fixfilenames($realname); changes the apostrophe to an underscore. However, if magic quotes is on (no htaccess file to turn it off) then you still have a problem becasue PHP truncates the filename regardless of whether or not $realname = fixfilenames($realname); is in uploadproduct.php.

April 24th, 2005, 02:51 PM	#22 (permalink)
Frost Registered User Join Date: Apr 2005 Posts: 148	Try sticking PHP_VALUE magic_quotes_gpc 0 in an htaccess file (do not stick $realname = fixfilenames($realname); in uploadproduct.php at this point) and then upload a filename containing an apostrophe. You will then get an "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource" error, which is caused because of the apostophe in the filename, and you will get the subsequent email error message. Now I see what you mean that addslashes does not help with duplicate image checks, so in this latter case (magic quotes off) the $realname = fixfilenames($realname); changes the apostrophe to an underscore. However, if magic quotes is on (no htaccess file to turn it off) then you still have a problem becasue PHP truncates the filename regardless of whether or not $realname = fixfilenames($realname); is in uploadproduct.php.