I tend to fiddle around and mess with parameters to check if not-so-friendly-users can manipulate things they should not be able to, so I tested 0 and -1 for perPage parameter. While 0 ends in default perPage setting (15 for me), -1 creates a pretty SQL exception:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'offset 0' at line 1
Simplified, the resulting query looks like this:
SELECT *, FROM test ORDER BY name ASC OFFSET 0
As you can see some sanitizer removes LIMIT -1 but leaves OFFSET 0 in, which is invalid SQL syntax.
Hi,
I tend to fiddle around and mess with parameters to check if not-so-friendly-users can manipulate things they should not be able to, so I tested 0 and -1 for perPage parameter. While 0 ends in default perPage setting (15 for me), -1 creates a pretty SQL exception:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'offset 0' at line 1Simplified, the resulting query looks like this:
SELECT *, FROM test ORDER BY name ASC OFFSET 0As you can see some sanitizer removes LIMIT -1 but leaves OFFSET 0 in, which is invalid SQL syntax.
I am using version 2.0.0