News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Why is this SQL query triggering a hacking attempt?

Started by marcinikj, May 21, 2008, 10:36:08 AM

Previous topic - Next topic

marcinikj

Is it the sub query?  Something else?

FROM {$db_prefix}crawl AS crawl, {$db_prefix}members
WHERE crawl.ID_MEMBER = {$db_prefix}members.ID_MEMBER
AND score = (SELECT MAX(score) FROM smf_crawl WHERE endclass = crawl.endclass)
GROUP BY endclass
ORDER BY HighScore DESC
LIMIT 0 , 10

Ben_S

Yep, SMF doesn't use sub queries and they were considered as an ever so slight security risk for injection, you can undo it in Subs.php.
Liverpool FC Forum with 14 million+ posts.

marcinikj

Thank you for the reply.

For anyone else that stumbles across this, I also found the answer in the Coding Guidelines doc and I am now using "$modSettings['disableQueryCheck'] = 1;" to disable the check before I run these types of queries.

Advertisement: