You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jun 27, 2024. It is now read-only.
I tend to fiddle around and mess with parameters to check if not-so-friendly-users can manipulate things they should not be able to, so I tested 0 and -1 for perPage parameter. While 0 ends in default perPage setting (15 for me), -1 creates a pretty SQL exception:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'offset 0' at line 1
Simplified, the resulting query looks like this: SELECT *, FROM test ORDER BY name ASC OFFSET 0
As you can see some sanitizer removes LIMIT -1 but leaves OFFSET 0 in, which is invalid SQL syntax.
Hi,
I tend to fiddle around and mess with parameters to check if not-so-friendly-users can manipulate things they should not be able to, so I tested 0 and -1 for perPage parameter. While 0 ends in default perPage setting (15 for me), -1 creates a pretty SQL exception:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'offset 0' at line 1Simplified, the resulting query looks like this:
SELECT *, FROM test ORDER BY name ASC OFFSET 0As you can see some sanitizer removes LIMIT -1 but leaves OFFSET 0 in, which is invalid SQL syntax.
I am using version 2.0.0