MySQL error...
 

Looks like the program is stumbling if a user's name contains an embedded apostrophe.

Whats your line 346-347 of adm-inc.php look like?

I have this which means slash is added to the name if an apostroshe is used

$username = addslashes($User['username']);
$query = "REPLACE INTO {$Globals['pp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('$username','$ipaddr','$date','$what')";

Here's what I have:
I cut and pasted it from my site. Looks the same to me....

Yep thats why I asked your query has this

'Liam's Herps' and since we addslashes it should be 'Liam\'s Herps'

I would not be able to say why your system does not do what the code is telling it to do as in add a slash.

Well, I am getting these every time this user deletes a product, and it is apparently a bug. SOMETHING is wrong somewhere, otherwise I wouldn't get this error message.

Now that makes more sense you never said when deleting a products. ;) Thats a whole separate script

In adm-product.php find this

$ipaddr = findenv("REMOTE_ADDR");
$date = time();
$what = "Deleted product: $filename ($ptitle)";
$what = addslashes($what);
$query = "REPLACE INTO {$Globals['pp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')";
$resultb = ppmysql_query($query,$link);

change to this

$username = addslashes($User['username']);
$ipaddr = findenv("REMOTE_ADDR");
$date = time();
$what = "Deleted product: $filename ($ptitle)";
$what = addslashes($what);
$query = "REPLACE INTO {$Globals['pp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('$username','$ipaddr','$date','$what')";
$resultb = ppmysql_query($query,$link);

I didn't think I needed to repeat what was already mentioned in the error message.
:)

LOL I dont read whole error messages. I read till I see the error and then post a fix.

OK, got some more errors for you:

and

Did I cause these as well?

Got another error:
Why is this program having such a difficult time with embedded slashes? Is this a problem stemming from taking user names from the vBulletin database instead of PhotoPost's own table?

Well this query is in line 232 of uploadproduct.php

$querya = "SELECT id FROM {$Globals['pp_db_prefix']}products WHERE userid='{$User['userid']}' AND cat='$defcat' AND bigimage='$realname'";


Your problem has nothing to do with slashes. Your cat variable is empty. It is looking for $defcat which is passed in the url

You can try replacing $defcat in the query with $category

The next one I will reserve comment till I think further on things

In pp-inc.php find:
And replace with:
In uploadproduct.php find:
And replace with:
EDIT: Just making this post agree with the code changes so far.

Now the main issue here has nothing to do with stripslashes as I note.

His $cat variable is empty which I posted a fix to try out.

I doubt your code is needed.

As far as the $realname issue The fixfilenames function strips the unwanted characters and I get no errors with Classifieds 2.3

Rich

Are you using Classifieds 2.3? I uploaded an image with a ' in the title and our fixfilenames actually will rename the image to say this

{useridhere}s Python.jpg

I turned on email errors as well and get no error

Note that the error is near 's pictures 101.jpg so IT IS a slashing issue. If you run the following query, you will NOT get an error (it has nothing to do with his $cat variable being empty):
If you look in uploadproduct.php for where $realname is used after is it addslashed, you should see that it won't cause a problem elsewhere, except for possibly echoing a slash in diewell, so fine, stripslash it there, big deal. Further note that $realname gets redefined by list soon after.

Right but I need to know what version of the software he is using. I work with the current version when looking at the code.

I have email errors turned on. I posted a ad in 2.3 and the image is renamed by the fixfilename function and I get no errors emailed.

Furthermore the query your posting will fail as noted by me because the $cat variable is empty. Hense more information is needed on what version of the software is being used.

In the code you posted you do not want to add slashes before the query as if you insert the image with a addslash you will break the display of the image as I noted. Since we will be looking for say

1kim\'s_pictures_101.jpg

Yet the fixfilenames will rename the image like so and it will not be found.

1s_pictures_101.jpg

Hense any correction in code must be placed in the proper place for things to work. Thus I stated I would get back to him after I did some testing.

So far as noted I can not get an error in 2.3 on this issue.

No, the addslashes to $realname does NOT insert a \' (as in literal backslash single quote) in the table. Also, in 2.3 look in uploadproduct.php for fixfilename and you will see it is not there, just checked.

that is in pp-inc.php

In 2.3 I upload a photo with a slash in the name and I have email error's turned on and I get no error. If you are running 2.3 can you recieve this error?

Seriously if you can replicate getting an error by email in 2.3 when trying to upload an image with a slash let me know.

I have tried 6 uploads now with no issues.

From http://www.php.net/features.file-upload...

So the fact that you cannot reproduce this MySQL slash problem is because of your version of PHP, not because the v.2.3 classifieds code is doing something special, because it is not. Look at the filenames is the data directory and the products table to see the truncations from PHP itself.

Now downgrade your PHP (who knows to what version) and you will get the same type of "error is near 's pictures 101.jpg" so again IT IS a slashing issue. Further, even though the function fixfilename is in pp-inc.php, the function fixfilename is NOT called on $realname in uploadproduct.php.