Simple Machines Community Forum

I have message Hacking attempt... on this query:

$db_result = $smcFunc['db_query']('',"SELECT DISTINCT *,(select GROUP_CONCAT(`tag_name`) as `tag_name` from {db_prefix}snippets_tags where {db_prefix}snippets_tags.snippet_id = {db_prefix}snippets.id) as tag_name
FROM {db_prefix}snippets
LEFT JOIN {db_prefix}snippets_syntax ON {db_prefix}snippets.syntax_id={db_prefix}snippets_syntax.id");

why?

and why if i do  print_r($context['all_snippets']);

i dont see only data  and query to


Array (

• => Array ( [id] => 1 [subject] => Eigenes Dashboard Widget In Wordpress [syntax_id] => 1 [author_id] => 1 [content] => $mysql = mysql_connect($db_hostname,$db_username,$db_password); mysql_select_db($db_database); mysql_query ("SET NAMES {$db_char_set}"); mysql_query ("set character_set_client='{$db_char_set}'"); mysql_query ("set character_set_results='{$db_char_set}'"); mysql_query ("set collation_connection='{$db_dbcollat}'"); [date] => 1286805969 [tag_name] => code [snippet_id] => 1 [GROUP_CONCAT(t.tag_name SEPARATOR ',')] => code,site,bug,xdebug ) [1] => Array ( [id] => 3 [subject] => Image Resizer (Thumbnail Generator) [syntax_id] => 1 [author_id] => 1 [content] => function snippets_main() {    $context; get_all_snippets(); loadTemplate('snippets'); } [date] => 1286805997 [tag_name] => var [snippet_id] => 2 [GROUP_CONCAT(t.tag_name SEPARATOR ',')] => var ) [2] => Array ( [id] => [subject] => Calculate Distance [syntax_id] => 1 [author_id] => 1 [content] => $context['articles_cat'] = array(); while ($row = $smcFunc['db_fetch_assoc']($db_result)) { $context['all_snippets'][] = $row; } $smcFunc['db_free_result']($dbresult);    [date] => 1286806008 [tag_name] => [snippet_id] => [GROUP_CONCAT(t.tag_name SEPARATOR ',')] => ) )
  
  
  

smf is strange
I just wrote

$result = mysql_query("SELECT *, GROUP_CONCAT(t.tag_name SEPARATOR ',') FROM smf_snippets AS p LEFT JOIN smf_snippets_tags as t ON p.id = t.snippet_id GROUP BY 1");
   if (!$result) {die('Invalid query: ' . mysql_error()); }
   while ($row = mysql_fetch_assoc($result)) {
         $f = $row;
   }         
   
print_r($f);

and I have

Array ( [id] => [subject] => Calculate Distance [syntax_id] => 1 [author_id] => 1 [content] => $context['articles_cat'] = array(); while ($row = $smcFunc['db_fetch_assoc']($db_result)) { $context['all_snippets'][] = $row; }    $smcFunc['db_free_result']($dbresult);    [date] => 1286806008 [tag_name] => [snippet_id] => [GROUP_CONCAT(t.tag_name SEPARATOR ',')] => )

******.... what is that ? why ?   


Array ( [id] => [subject] => Calculate Distance [syntax_id] => 1 [author_id] => 1 [content] => $context['articles_cat'] = array(); while ($row = $smcFunc['db_fetch_assoc']($db_result)) { $context['all_snippets'][] = $row; }    $smcFunc['db_free_result']($dbresult);    [date] => 1286806008 [tag_name] => [snippet_id] => [GROUP_CONCAT(t.tag_name SEPARATOR ',')] => )

Please do not triple post. Edit previous posts.

"Hacking Attempt..." might be file permission errors, syntax errors, or someone IS trying to hack your site.

also, What SMF version?

SMF does not allow sub queries by default unless you disable query check security.
Example add this line before you call your query

$modSettings['disableQueryCheck'] = 1;


What i have found sub queries are not allowed..
I have tried but the error is same..
Are they allowed..??

>also, What SMF version?

SMF 2.0 RC3

I posted two posts how to get around query restrictions. SMF restricts certain mysql functions that are not used in SMF's code base to help prevent sql injection.