I can't post code with MySQL command like below.
"SELECT * FROM `table` WHERE B = B"
When I try post this I get alert error:
codoforum error undefined
Nope here's OK as you see - full command is sent without issue.
Maybe this code is faulty?
var CODOF = {
hook: {
hooks: [],
add: function (myhook, func, weight, args) {
var i = 0;
if (typeof weight === "undefined") {
weight = 0;
}
if (typeof args === "undefined") {
args = {
};
}
if (typeof CODOF.hook.hooks[myhook] !== "undefined") {
i = CODOF.hook.hooks[myhook].length;
} else {
CODOF.hook.hooks[myhook] = [];
}
CODOF.hook.hooks[myhook][i] = {
func: func,
args: args,
weight: weight
};
}
}
}
Hi,
The code you posted is a generic code for creating and listening to hooks so it's not related.
Can you check in chrome network tab(developer tools) for the request being made when you post, what response are you getting for that request?
index.php?u=/Ajax/topic/edit show me Status Code: 403
When I delete last letter from SELECT it's working OK. Some of functions which one controls post filter probably catching "SELECT" as SQL attack.
@admin or @adesh
Thank You very very much @MESSIAH for that important report. It would be great if You would mention @admin or @adesh in important aswers of posts - otherwise it can happen that such important things are overlooked.
THx again and stay healthy mate,
Andy
https://net-twin.de/ Community for creative people - JOIN it Now please
https://github.com/WebCrew My GitHub account
https://sell-co.de/ Lots of Web-Tools and Utilities for free
Hi,
We are not able to replicate this in our localhost.
Is it possible that your hosting has some security filters installed in your server for all the requests?
Because codoforum does not have any filters to prevent SQL queries in posts.
Can you check if there any errors in PHP/server error logs?
@admin
Nope it's seems to be a javascript alert
After when I type:
SELECT * FROM
Server probably don't have any mods for filtering content sending by POST and take interaction with javascript. But when I type this SQL command with typo then all date are accepted.
Oh, I get it! It's frustrating when technology throws errors at unexpected moments. It's like trying to find the perfect phone case Sometimes, it needs to fit better. Hang in there!
Your previous draft for topic is pending
If you continue, your previous draft will be discarded.