SimpleMachines /
SMF2.1
| @@ 378-379 (lines=2) @@ | ||
| 375 | $db_count = !isset($db_count) ? 1 : $db_count + 1; |
|
| 376 | $db_replace_result = 0; |
|
| 377 | ||
| 378 | if (empty($modSettings['disableQueryCheck']) && strpos($db_string, '\'') !== false && empty($db_values['security_override'])) |
|
| 379 | smf_db_error_backtrace('Hacking attempt...', 'Illegal character (\') used in query...', true, __FILE__, __LINE__); |
|
| 380 | ||
| 381 | if (empty($db_values['security_override']) && (!empty($db_values) || strpos($db_string, '{db_prefix}') !== false)) |
|
| 382 | { |
|
| @@ 376-377 (lines=2) @@ | ||
| 373 | // One more query.... |
|
| 374 | $db_count = !isset($db_count) ? 1 : $db_count + 1; |
|
| 375 | ||
| 376 | if (empty($modSettings['disableQueryCheck']) && strpos($db_string, '\'') !== false && empty($db_values['security_override'])) |
|
| 377 | smf_db_error_backtrace('Hacking attempt...', 'Illegal character (\') used in query...', true, __FILE__, __LINE__); |
|
| 378 | ||
| 379 | // Use "ORDER BY null" to prevent Mysql doing filesorts for Group By clauses without an Order By |
|
| 380 | if (strpos($db_string, 'GROUP BY') !== false && strpos($db_string, 'ORDER BY') === false && preg_match('~^\s+SELECT~i', $db_string)) |
|
