ClassifiedAdzS MySQL Error Report

[Johnbmtl]

I am getting the following email (3 at a time) several times a day:


SELECT id,catname,template FROM pp_categories WHERE id=last14?ABCDEFGH

The query returned with an errorcode of:

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '?ABCDEFGH' at line 1

If you need assistence or feel this is a 'bug'; please report it to our support forums at: http://www.photopost.com/members/forum/f66/index.html

To turn off these emails, set $debug=0 in your config-inc.php file.

[Chuck S]

Well I don't think it would be possible with what your showing. What version of classifieds you have. See that query is only in one spot in the program on line 159 of showcat.php

Code:

Content visible to verified customers only.

You error states the $cat variable is this last14?ABCDEFGH and the query there will only be executed if cat is a numeric variable and it is not in your example

I will do some more testing but looking at the code and the example since it is not a numeric variable that query would never be run.

[Johnbmtl]

Quote:

Originally Posted by Chuck S

Well I don't think it would be possible with what your showing. What version of classifieds you have.

Are you saying that you don't think it is possible for me to receive these messages??? I get them at least once a day.

I have only been using the software for a few weeks, so I assume that I have the latest version.

Where do I find the version number?

[Chuck S]

You can see the version number in admin

What I am saying is in PHP there are certain functions and we surround that query with a conditional statement meaning the query is only ran if the variable is numeric

elseif ( is_numeric($cat) ) {

I am not doubting you I am merely pointing out that this is not numeric at all

last14?ABCDEFGH

From a coding standpoint quite impossible to understand why the query would run. Hense my statement I would have to do some more testing

[Johnbmtl]

Version 2.42.

[Mikan]

I'm having this same problem (I have v. 2.42)

-------------
An error was encountered during execution of the query:

SELECT id,catname,template FROM categories WHERE id=http:/www.bysimplicity.host.sk/cmd.gif?

The query returned with an errorcode of:

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ':/www.bysimplicity.host.sk/cmd.gif?' at line 1

--------

You are saying that you have this "elseif ( is_numeric($cat) ) " there to check if it's numeric.

Well, yes, but that mysql query is in line 159 and your is_numeric check is in line 254 so that mysql query runs before any checks are being made so this bug is real and is a security problem.

[Chuck S]

Check showcat.php and change this

Code:

Content visible to verified customers only.

to this

Code:

Content visible to verified customers only.