"Hacking attempt..."

[lelekins]

"mysite.com/forum/index.php?action=shop;do=inv3;id=648 
Hacking attempt...

UPDATE smf_members
SET
usertitle = ριяαтє »« ωяєиçн©
WHERE ID_MEMBER = 2658
LIMIT 1
File: mysiteblabla.com/user/htdocs/forum/Sources/Subs.php
Line: 634 "


I found this error in my log today :S  It appeared about 3 times.  Any idea on what caused this or what I should do?



Edit: Turns out that the change usertitle is not working at all since I replaced it with the updated one :/
I tried with a test account and got the database error screen
"Database Error
Please try again. If you come back to this error screen, report the error to an administrator."

In the log, however, I recieved a different error from the first "hacking attempt..." one:
"mysite.com/forum/index.php?action=shop;do=inv3;id=649 
Database Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Rawks
WHERE ID_MEMBER = 74
LIMIT 1' at line 3
File: mysite.com/forum/Sources/Subs.php
Line: 634 "

I'm not sure if any other items are affected either, I'll have to check it out but how do I sort this out? 
Thanks!

[Daniel15]

Sorry about that, it was a mistake on my part. Basically, someone is trying to change their user title, but there is a code error which is causing that problem.
This is the fix:
In Sources/shop/items/ChangeUserTitle.php:

Find:

Code: [Select]

updateMemberData($context['user']['id'], array('usertitle' => $_POST['newtitle']));

Replace with:

Code: [Select]

updateMemberData($context['user']['id'], array('usertitle' => '"' . $_POST['newtitle'] . '"'));


[lelekins]

Thank you very much I'll try that =)

[lelekins]

Sorry to double post but the last post was on the 9th so hopefully you won't mind.

I'm not sure if this is related but I found another hacking attempt error:

"mysite.com/forum/index.php?action=shop;do=inv3;id=735 
Hacking attempt...

UPDATE smf_members
SET
usertitle = "Don\'t Bring Me Down!!"
WHERE ID_MEMBER = 1193
LIMIT 1
File: mysite.com/user/htdocs/forum/Sources/Subs.php
Line: 634"

Members are having a bit of trouble using this item, I was wondering if it has anything to do with apostrophes and other symbols members put in their titles.  The same member managed to use the item by missing out the apostrophe.

[Daniel15]

Hmmm... Looks like it has to do with apostrophes and stuff. The fix I did to solve the problems with that item were only a quick fix, I'll need to implement a proper one. Sorry about that.