Usernames with Spaces not Receiving Quotes

[mrmaiko]

Hi Euan! Thank you for all of your great work with My Alerts.

I'm having a problem where if the user has a space in their name, they don't receive quotes.

IS there a solution for this flying around?

For some reason this line in the myalerts_alert_quoted() function:

$query = $db->simple_select('users', 'uid, username', "username IN({$userNames})");

Returns 0 for usernames with spaces.

For example if the username is a Rec

query = username IN('a Rec')

the Result is:

mysqli_result Object ( [current_field] => 0 [field_count] => 2 [lengths] => [num_rows] => 0 [type] => 0 )

[euantorano]

Hi,

Odd. I know there's an issue with quotes in usernames thanks to the MyBB editor. Hadn't noticed any issues with spaces. I'll have to test it.

On 12 Jul 2015, at 02:46, Maiko notifications@github.com wrote:

Hi Euan! Thank you for all of your great work with My Alerts.

I'm having a problem where if the user has a space in their name, they don't receive quotes.

IS there a solution for this flying around?

— Reply to this email directly or view it on GitHub.

[mrmaiko]

Yes!

The user could would only receive Like alerts if their user name was spelled as "Red Velvet"

I then removed the space and changed it to "RedVelvet" and the user received all of their alerts.

[mrmaiko]

For some reason this line in the myalerts_alert_quoted() function:

$query = $db->simple_select('users', 'uid, username', "username IN({$userNames})");

Returns 0 for usernames with spaces.

For example if the username is a Rec

query = username IN('a Rec')

the Result is:

mysqli_result Object ( [current_field] => 0 [field_count] => 2 [lengths] => [num_rows] => 0 [type] => 0 )

Any idea what that may be happening?

[euantorano]

Weird. I'll have to look into that. If you run the created query from phpMyAdmin do you get the expected results?

On 18 Aug 2015, at 09:18, Maiko notifications@github.com wrote:

For some reason this line in the myalerts_alert_quoted() function:

$query = $db->simple_select('users', 'uid, username', "username IN({$userNames})"); Returns 0 for usernames with spaces.

For example if the username is a Rec

query = username IN('a Rec')

the Result is:

mysqli_result Object ( [current_field] => 0 [field_count] => 2 [lengths] => [num_rows] => 0 [type] => 0 )

Any idea what that may be happening?

— Reply to this email directly or view it on GitHub.

[mrmaiko]

Yes I do receive the proper results in PhpMyAdmin. It's so strange. I looked through the simple_select function and I didn't see anything that would cause that.

I also changed the query to

$usql = "SELECT uid, username FROM users WHERE username IN(".$userNames.")";
$query = $db->query($usql);

and received 0 rows. Yet running the query directly in PhpMyAdmin returned a row.

[mrmaiko]

So i think I solved it. I have to escape the white space with a '%' or it won't return anything.

I'm doing more tests then this can be marked as resolved.

[euantorano]

Hm, that's weird. I'll have a look properly when I'm at home, as I'm one. Business trip at the minute.

On 31 Aug 2015, at 09:10, Maiko notifications@github.com wrote:

So i think I solved it. I have to escape the white space with a '%' or it won't return anything.

I'm doing more tests then this can be marked as resolved.

— Reply to this email directly or view it on GitHub.

[mrmaiko]

Awesome enjoy Euan! On Aug 31, 2015 7:03 AM, "Euan T." notifications@github.com wrote:

Hm, that's weird. I'll have a look properly when I'm at home, as I'm one. Business trip at the minute.

On 31 Aug 2015, at 09:10, Maiko notifications@github.com wrote:

So i think I solved it. I have to escape the white space with a '%' or it won't return anything.

I'm doing more tests then this can be marked as resolved.

— Reply to this email directly or view it on GitHub.

— Reply to this email directly or view it on GitHub https://github.com/MyBBStuff/MyAlerts/issues/156#issuecomment-136335850.

[mrmaiko]

Hi Euan! Anytime to look at this yet? I can't figure out what it might be :D

[mrmaiko]

Could this possible have something to do with Character Collation?

[mrmaiko]

So I just ended up doing this

$users = preg_replace('/\s+/', '%', $users); //str_replace(" ","%",$users);

            $userNames = array_map('stripslashes', $users);
            $userNames = array_map(array($db, 'escape_string'), $userNames);

           // $userNames = "'" . implode("','", $userNames) . "'"; // TODO: When imploding, usernames with quotes in them might be breaking the query...

            $q = "";
            $i = 0;
            foreach($userNames as $u) {
                if($i == 0) {

                    $q = "username LIKE '" . $u . "'";
                    $i = 1; 

                    }
                    else {

                        $q.= " OR username LIKE '" . $u. "'";
                    }

            }

           $query =  $db->simple_select('users', 'uid, username', $q);

at least its working now. but i still don't know what the problem is.

[euantorano]

That will work, but I can't figure out why the spaces don't. I haven't yet been able to reproduce the problem across several MySQL versions on different hosts. What version of MySQL are you using and which character set?

[AlvaroFranco]

This is still a problem on 2.0.2, not working under our mybb install (tried also on a fresh install with no luck). I've tried @mrmaiko fix but it's not working neither.

Any chance of getting this fixed? It's only failing on quotes

[euantorano]

I've tried tracking this down a few times, but will have another look. The issue is also problematic in the MyBB core too from what I remember.

On 26 Jan 2017, at 21:46, Álvaro Franco notifications@github.com wrote:

This is still a problem on 2.0.2, not working under our mybb install (tried also on a fresh install with no luck). I've tried @mrmaiko fix but it's not working neither.

Any chance of getting this fixed? It's only failing on quotes

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[AlvaroFranco]

Ok @euantorano, so no temporary fix for this?

Thanks!