SMF Development > Feature Requests

Allow UNION and sub selects

(1/1)

Mentalist:
Topic title says all  ;) the db layer kinda sucks..


--- Code: --- // We don't use UNION in SMF, at least so far.  But it's useful for injections.
if (strpos($clean, 'union') !== false && preg_match('~(^|[^a-z])union($|[^[a-z])~s', $clean) != 0)
$fail = true;
--- End code ---
and

--- Code: --- // Sub selects?  We don't use those either.
elseif (preg_match('~\([^)]*?select~s', $clean) != 0)
$fail = true;
--- End code ---
should be removed IMHO.

vbgamer45:
You can disable those checks if you are writing mods.

$modSettings['disableQueryCheck']=true;

And then it will allow you to run those selects.

青山 素子:
The older versions of MySQL that SMF supports didn't support those features. This will likely be changed in the future.

Also, keep in mind that using those features might break compatibility with Postgresql and sqlite.

Navigation

[0] Message Index