Having trouble with query and $smcFunc

Randem · joulukuu 30, 2013, 02:58:52 AP

Having a tough time with this one query. It states "Hacking Attempt...". I change the variables and get other errors. A straight query gets a hacking attempt. What must be done to this query to get it accepted. the query works in mySQL.

Koodi [Valitse]


function GetTopicVisitsDownloadsPerHour($selecteddate)
{
	global $smcFunc,$context;

	$query = "Select  a.Segment as Segment, Count(a.Segment) as Downloads from 
				(Select hour(`updated`) as Segment FROM {db_prefix}log_downloads 
				   where updated = {date:selected})) `a`
							group by Segment";


	$segment_result = $smcFunc['db_query']('',
						$query,
						array('selected' => $selecteddate
							)
	);

Original Query

Koodi [Valitse]


function GetTopicVisitsDownloadsPerHour($selecteddate)
{
	global $smcFunc,$context;

$query = "Select  a.Segment as Segment, Count(a.Segment) as Downloads from 
				(Select hour(`updated`) as Segment FROM {db_prefix}log_downloads 
				   where (cast(`updated` as date) = '" . $selecteddate . "')) `a`
							group by Segment";

emanuele · joulukuu 30, 2013, 04:14:30 AP

$smcFunc doesn't allow sub SELECTs (unless (maybe, at the moment I don't remember the details) you disable the security checks).

Randem · joulukuu 30, 2013, 04:23:01 AP

How would one disable the security checks for one call? I did not see anything on the $smcFunc page about this.

Sorck · joulukuu 30, 2013, 07:14:20 AP

Koodi [Valitse]

$disableQueryCheckBack = $modSettings['disableQueryCheck'];

$modSettings['disableQueryCheck'] = true;

// do query here

$modSettings['disableQueryCheck'] = $disableQueryCheckBack;

Line 301 of Subs-Db-mysql.php is where the checks start. The sub-query check is on lines 345-347.

Randem · joulukuu 30, 2013, 11:41:51 IP

Thanks Sorck. That worked.

Thanks emanuele for your help.

Simple Machines Community Forum

Uutiset:

Having trouble with query and $smcFunc

Randem

emanuele

Randem

Sorck

Randem