So today I monitoring my applications I run into this error generated by an user:
"message": "PDOStatement: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DESC2cw390h2re LIMIT 8' at line 1"
The orderby specified on the GET request was "id DESC2cw390h2re" which of course is an invalid one.
One way to maybe prevent this by having it inherited by all models could be the following:
File -> /fatfree/lib/db/cursor.php
/**
* Map to first record that matches criteria
* @return array|FALSE
* @param $filter string|array
* @param $options array
* @param $ttl int
**/
function load($filter=NULL,array $options=NULL,$ttl=0) {
$this->reset();
if ($options && $options['order']) {
if (!array_key_exists($options['order'], $this->fields)) {
throw new \InvalidArgumentException("Order by column ({$options['order']}) doesn't exists in the fields");
}
}
return ($this->query=$this->find($filter,$options,$ttl)) &&
$this->skip(0)?$this->query[$this->ptr]:FALSE;
}
Hello,
So today I monitoring my applications I run into this error generated by an user:
"message": "PDOStatement: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DESC2cw390h2re LIMIT 8' at line 1"
The orderby specified on the GET request was "id DESC2cw390h2re" which of course is an invalid one. One way to maybe prevent this by having it inherited by all models could be the following: File -> /fatfree/lib/db/cursor.php
Or something similar.
Thanks in advance.