0

I downloaded a recommended help desk application called Ocomon and I use WAMP .

I installed everything. The database uses utf8_general_ci and the application is in Portuguese (BR) but when I try to put some data with accents, the record is saved, but the columns with accentuated text are not saved.

Anyone knows what I am doing wrong?

Example of code with the error:

    $qry = "UPDATE configusercall SET ".
            "conf_user_opencall= ".$_POST['useropencall'].", ".
            "conf_ownarea = ".$_POST['ownarea'].", ".
            "conf_scr_msg = '".noHtml($_POST['msg'])."' WHERE conf_cod = 1 ";
NaN
  • 8,596
  • 20
  • 79
  • 153
  • You have to encode the characters(htmlentities). When you are using a single quote and it is going wrong, you have identified a huge SQL injection ;) – GuyT Sep 23 '14 at 13:31
  • @GuyT I've putted an example of code now. – NaN Sep 23 '14 at 13:36
  • You are vulnerable to SQL injection. Use `htmlentities($var, ENT_QUOTES);` to insert this data. **note**: This does NOT solve the SQL injection problem. – GuyT Sep 23 '14 at 13:38
  • Could you elaborate an answer? – NaN Sep 23 '14 at 13:40
  • I could, but I'm not going to do that because I would recommend you to use another application. Check https://www.google.com/search?q=Ocomon&oq=Ocomon&aqs=chrome..69i57j0l5.805j0j8&sourceid=chrome&es_sm=93&ie=UTF-8#q=Ocomon+sql+injections why I won't provide an answer. – GuyT Sep 23 '14 at 13:45
  • But my use of this app will be only internal. Clients will request services via email and my colleagues will open the tickets here. – NaN Sep 23 '14 at 13:54
  • I will handle the injection problem manually. I just need to get this site into test phase asap :-/ – NaN Sep 23 '14 at 13:58
  • Like I already mentioned; use `htmlentities` and `htmlentities_decode` when you want to use the values. – GuyT Sep 24 '14 at 06:46

0 Answers0