j0ze
25.08.2007, 08:14
$qry = "SELECT c.id, c.name, COUNT(q.question) total
FROM {$TBL['category']} c
LEFT JOIN {$TBL['question']} q
ON c.id = q.category_id
WHERE c.parent_id=$parentId <=========
$filter
GROUP BY c.id, c.name
ORDER BY c.rank, c.name";
$rsl = mysql_query($qry) or die(mysql_error());
кто как думает.. возможна ли тут mysql inj если параметр $parentId не фильтруется ???
на всякий случай кидаю запрос который получается и ответ на него
SELECT c.id, c.name, COUNT(q.question) total
FROM odfaq_category c
LEFT JOIN odfaq_question q
ON c.id = q.category_id
WHERE c.parent_id=9999 union select 1,2,3/*
AND (IFNULL(c.active, 'Y') = 'Y'
AND IFNULL(q.active, 'Y') = 'Y')
GROUP BY c.id, c.name
ORDER BY c.rank, c.name
Mixing of GROUP columns (MIN(),MAX(),COUNT(),...) with no GROUP columns is illegal if there is no GROUP BY clause
FROM {$TBL['category']} c
LEFT JOIN {$TBL['question']} q
ON c.id = q.category_id
WHERE c.parent_id=$parentId <=========
$filter
GROUP BY c.id, c.name
ORDER BY c.rank, c.name";
$rsl = mysql_query($qry) or die(mysql_error());
кто как думает.. возможна ли тут mysql inj если параметр $parentId не фильтруется ???
на всякий случай кидаю запрос который получается и ответ на него
SELECT c.id, c.name, COUNT(q.question) total
FROM odfaq_category c
LEFT JOIN odfaq_question q
ON c.id = q.category_id
WHERE c.parent_id=9999 union select 1,2,3/*
AND (IFNULL(c.active, 'Y') = 'Y'
AND IFNULL(q.active, 'Y') = 'Y')
GROUP BY c.id, c.name
ORDER BY c.rank, c.name
Mixing of GROUP columns (MIN(),MAX(),COUNT(),...) with no GROUP columns is illegal if there is no GROUP BY clause