Great Ideas. Always Flowing.

We are not happy until you are happy. Client satisfaction guaranteed. Whatever your needs and requirements, we have the skills and resources for the job!

Quick login...


Or... now make it easy with Facebook Integration
Connect via Facebook



Top Sellers

Frustrated over the lack of customization for your user's registration fields? Dynamically setup your DNN Portal with custom registration fields, layout, questions, and other core integration options......

Ultra Video Gallery is a brother product of Ultra Media Gallery, UVG allows you to upload videos in various format and automatically encode them to flv or H264 format, you also can add videos from internet or record live videos from your webcam.

Build high performance, completely customizable data-entry forms and views driven by your DNN and external databases. New built-in tools make it a snap to quickly create data entry forms, data views, and even database tables. Plus, add your own HTML, CSS, Javascript, SQL commands, stored procedures,

The most advanced DotNetNuke shopping cart on the planet. Easy to use e-Commerce, Secure Shopping Cart Software and SEO friendly. B2C / B2B Ecommerce Sites.

One stop solution for events calendar and events registration! FREE DOWNLOAD is available now!

HTML edit bug in 4.1
Last Post 07-11-2012 06:26 AM by Chad Nash. 2 Replies.
AddThis - Bookmarking and Sharing Button Printer Friendly
  •  
  •  
  •  
  •  
  •  
Sort:
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages Not Resolved
NathanWUser is Offline
going with the flow
going with the flow
Posts:45
Avatar

--
07-10-2012 07:34 AM
    I have been using DF for a while and everything has been working fine but I have upgraded to 4.1 and whenever one of my users edits their details (which uses an HTML edit field) we get "###,###" embedded all over the place. We have multiple HTML edit fields on the page and on other forms and they all do the same thing since 4.1.

    Any ideas why this is happening as it is currently totally screwing my data.

    Thanks

    Nathan
    Ryan BakerinkUser is Offline
    river guide
    river guide
    Posts:1900
    Avatar

    --
    07-10-2012 10:27 AM
    Hello Nathan,

    Can you please provide me a URL to your page as well as a short set of steps on how to invoke the Dynamic Form issue?

    If you feel uncomfortable providing the information in this forum thread then you can email it to me at:

    rbakerink (at) datasprings (dot) com

    Thanks,

    Ryan
    Chad NashUser is Offline
    Posts:5260
    Avatar

    --
    07-11-2012 06:26 AM
    Hi guys - Just some quick feedback on this.

    There was a security issue related to SQL Events / SQL Injection.. The data should never be saved into our tables like ###'### or ###$### but... IF you are using a SQL Event and storing the data within your own tables, we are using a few routines to replace all ' marks along with a few others such as works like DELETE, INSERT, COUNT, and -- which represents comments in SQL. We identified a few methods from a client who brought this to our attention as a security risk. Once verified we added this code in place, so you could easily replace this BACK within your SQL Event. We might later make this optional as a configuration option to "Protect against SQL Injection". Technically if you are using stored procedures and you are not using direct SQL/Insert statements then there wouldn't be any harm. In this case though we had to implement something right away.

    So... Within your SQL statement I can give you the correct SQL you would need to replace ###'### or ###--### with just -- and therefore this would fix you up.

    Thanks,

    Chad
    You are not authorized to post a reply.


     
     

    Join our mailing list...

    Get current news and events the easy way
     
     
       
    Subscribe Me

    Recent Blogs...

     
    Copyright 2005 - 2011 by Data Springs, Inc.
     
  • film izle
  • 720 izle
  • film
  • sinema izle
  • film makinesi
  • T�rk�e dublaj film
  • film izle
  • film izle
  • baglan film izle
  • sinema izle
  • 1080 film izle
  • film mercegi