Discussion
NiceCupOfTea said:
Just had this error posting a new thread.
After reading this thread and a bit of guesswork I realised it didn't like the word "delete" so I had to post it as "dlete" instead
What is it, amateur hour!?
Its likely to be delete + something else used in SQL in the same line.After reading this thread and a bit of guesswork I realised it didn't like the word "delete" so I had to post it as "dlete" instead
What is it, amateur hour!?
Edited to add, this post was fine, so "delete" on it's own doesn't trigger it
Edited by 98elise on Friday 28th April 09:40
98elise said:
NiceCupOfTea said:
Just had this error posting a new thread.
After reading this thread and a bit of guesswork I realised it didn't like the word "delete" so I had to post it as "dlete" instead
What is it, amateur hour!?
Its likely to be delete + something else used in SQL in the same line.After reading this thread and a bit of guesswork I realised it didn't like the word "delete" so I had to post it as "dlete" instead
What is it, amateur hour!?
Edited to add, this post was fine, so "delete" on it's own doesn't trigger it
Edited by 98elise on Friday 28th April 09:40
jammy-git said:
98elise said:
NiceCupOfTea said:
Just had this error posting a new thread.
After reading this thread and a bit of guesswork I realised it didn't like the word "delete" so I had to post it as "dlete" instead
What is it, amateur hour!?
Its likely to be delete + something else used in SQL in the same line.After reading this thread and a bit of guesswork I realised it didn't like the word "delete" so I had to post it as "dlete" instead
What is it, amateur hour!?
Edited to add, this post was fine, so "delete" on it's own doesn't trigger it
Edited by 98elise on Friday 28th April 09:40
98elise said:
NiceCupOfTea said:
Just had this error posting a new thread.
After reading this thread and a bit of guesswork I realised it didn't like the word "delete" so I had to post it as "dlete" instead
What is it, amateur hour!?
Its likely to be delete + something else used in SQL in the same line.After reading this thread and a bit of guesswork I realised it didn't like the word "delete" so I had to post it as "dlete" instead
What is it, amateur hour!?
Edited to add, this post was fine, so "delete" on it's own doesn't trigger it
Edited by 98elise on Friday 28th April 09:40
[and obviously I got a 403 forbidden when I posted this so had to had some brackets!)
NiceCupOfTea said:
98elise said:
NiceCupOfTea said:
Just had this error posting a new thread.
After reading this thread and a bit of guesswork I realised it didn't like the word "delete" so I had to post it as "dlete" instead
What is it, amateur hour!?
Its likely to be delete + something else used in SQL in the same line.After reading this thread and a bit of guesswork I realised it didn't like the word "delete" so I had to post it as "dlete" instead
What is it, amateur hour!?
Edited to add, this post was fine, so "delete" on it's own doesn't trigger it
Edited by 98elise on Friday 28th April 09:40
[and obviously I got a 403 forbidden when I posted this so had to had some brackets!)
Select
Insert
Update
Delete
Truncate
Add
Create
Etc
...are all valid SQL commands.
I suspect that some serious exploits have been found in the forum code, and this is their solution to circumvent any exploits.
I recall some years ago (must be about 12 years ago!) that some astute PHer(s) found some pretty bad exploits and reported it back then.
Maybe those have long since been fixed and maybe others have been found....
I recall some years ago (must be about 12 years ago!) that some astute PHer(s) found some pretty bad exploits and reported it back then.
Maybe those have long since been fixed and maybe others have been found....
I'm sure the forum code is well behind what it now should be, behind the scenes as well as in terms of user interface.
I guess the issue is, how much time and money do you invest in that that? For what return? Especially due to the integration with articles on the wider site which mean an off the shelf solution wouldn't be instantly plug and play.
Equally, what is a website without a website, and the forum is a large part of what draws people in and keeps them here.
I guess the issue is, how much time and money do you invest in that that? For what return? Especially due to the integration with articles on the wider site which mean an off the shelf solution wouldn't be instantly plug and play.
Equally, what is a website without a website, and the forum is a large part of what draws people in and keeps them here.
98elise said:
SQL is used to filter and manipulate data so words like...
Select
Insert
Update
Delete
Truncate
Add
Create
Etc
...are all valid SQL commands.
This is quite interesting. I have just fallen foul of this myself with this reply :Select
Insert
Update
Delete
Truncate
Add
Create
Etc
...are all valid SQL commands.
"180??!!
OFF WITH HIS HEAD!
<insertdefault "you should have set off earlier" comment here>
<insert detault whataboutery "what if a small child ran out into the road" comment here>"
I get 403 if I put the proper space between 'insert' and 'default'. It will only post if I remove the space so it's no longer 'insert' on its own. However it works ok with the other sentence.
Gassing Station | Website Feedback | Top of Page | What's New | My Stuff