User input in comments containing mysql keywords breaks site
-
So this is really weird. For hours I tried to troubleshoot how one person and only that person could not post a comment on a blog. It always led to a 404 page, pointing to wp-comments-post.php. When I exhausted everything, I tried inputting her comment word by word and found it would work until certain words were hit in a specific sequence. Specifically, her comment say “select 5 from 59 numbers” and “drop to 35 from 39.”
I finally realized that this could be because “select” “drop” and “from” are mysql commands. So I reworded her comment to not use those words in that sequence. And lo and behold, it works!
So my question is, how to make an exception in the comments to not treat those words as commands and let them post? Or is the solution everytime to reword the comments to not use those words???
- The topic ‘User input in comments containing mysql keywords breaks site’ is closed to new replies.