SimpleMachines /
SMF2.1
| @@ 365-366 (lines=2) @@ | ||
| 362 | $db_count = !isset($db_count) ? 1 : $db_count + 1; |
|
| 363 | $db_replace_result = 0; |
|
| 364 | ||
| 365 | if (empty($modSettings['disableQueryCheck']) && strpos($db_string, '\'') !== false && empty($db_values['security_override'])) |
|
| 366 | smf_db_error_backtrace('Hacking attempt...', 'Illegal character (\') used in query...', true, __FILE__, __LINE__); |
|
| 367 | ||
| 368 | if (empty($db_values['security_override']) && (!empty($db_values) || strpos($db_string, '{db_prefix}') !== false)) |
|
| 369 | { |
|
| @@ 396-397 (lines=2) @@ | ||
| 393 | // One more query.... |
|
| 394 | $db_count = !isset($db_count) ? 1 : $db_count + 1; |
|
| 395 | ||
| 396 | if (empty($modSettings['disableQueryCheck']) && strpos($db_string, '\'') !== false && empty($db_values['security_override'])) |
|
| 397 | smf_db_error_backtrace('Hacking attempt...', 'Illegal character (\') used in query...', true, __FILE__, __LINE__); |
|
| 398 | ||
| 399 | // Use "ORDER BY null" to prevent Mysql doing filesorts for Group By clauses without an Order By |
|
| 400 | if (strpos($db_string, 'GROUP BY') !== false && strpos($db_string, 'ORDER BY') === false && preg_match('~^\s+SELECT~i', $db_string)) |
|
