On Sun, Jun 21, 2015 at 9:19 AM, Lester Caine <lester@xxxxxxxxxxx> wrote: > OK - this had no chance of success since publish_date_desc is processed > using the _desc ( or _asc ) and any invalid data stripped > > > &sort_mode=publish_date_desc%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3D1 > > The question is more of interest in just what it was trying to achieve? > I presume hack MySQL? So Firebird would barf anyway, but just trying to > something that has generated some several hundred error log entries in > the last two days ... > > -- > Lester Caine - G8HFL > ----------------------------- > Contact - http://lsces.co.uk/wiki/?page=contact > L.S.Caine Electronic Services - http://lsces.co.uk > EnquirySolve - http://enquirysolve.com/ > Model Engineers Digital Workshop - http://medw.co.uk > Rainbow Digital Media - http://rainbowdigitalmedia.co.uk > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > The sub-query is invalid, if valid it would've been equivalent to: or (1,2)=(select*from(select 'b2xvbG9zaGVy' as 1, 'b2xvbG9zaGVy' as 1))a) -- and 1=1 Seems non threatening to me.