You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So today I monitoring my applications I run into this error generated by an user: "message": "PDOStatement: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DESC2cw390h2re LIMIT 8' at line 1"
The orderby specified on the GET request was "id DESC2cw390h2re" which of course is an invalid one.
One way to maybe prevent this by having it inherited by all models could be the following: File -> /fatfree/lib/db/cursor.php
/**
* Map to first record that matches criteria
* @return array|FALSE
* @param $filter string|array
* @param $options array
* @param $ttl int
**/
function load($filter=NULL,array $options=NULL,$ttl=0) {
$this->reset();
if ($options && $options['order']) {
if (!array_key_exists($options['order'], $this->fields)) {
throw new \InvalidArgumentException("Order by column ({$options['order']}) doesn't exists in the fields");
}
}
return ($this->query=$this->find($filter,$options,$ttl)) &&
$this->skip(0)?$this->query[$this->ptr]:FALSE;
}
Or something similar.
Thanks in advance.
The text was updated successfully, but these errors were encountered:
Hello,
So today I monitoring my applications I run into this error generated by an user:
"message": "PDOStatement: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DESC2cw390h2re LIMIT 8' at line 1"
The orderby specified on the GET request was "id DESC2cw390h2re" which of course is an invalid one.
One way to maybe prevent this by having it inherited by all models could be the following:
File -> /fatfree/lib/db/cursor.php
Or something similar.
Thanks in advance.
The text was updated successfully, but these errors were encountered: