SQL QUERY ERROR , alpha-index

More
11 years 4 months ago #32054 by WarnerP
Replied by WarnerP on topic SQL QUERY ERROR , alpha-index
That's true; thus why we don't have any critical data on this system :) . However, if I understand regular expressions, using the "\" would discount the trailing character; which is "|". So I would imagine there might be a way to ignore some of the break down mechanism within the regular expression. I haven't done a lot of testing with it so I'm not sure of the feasibility or what good it would do at this point.

Please Log in or Create an account to join the conversation.

More
11 years 4 months ago #32055 by ggppdk
Replied by ggppdk on topic SQL QUERY ERROR , alpha-index
thanks for pointing out this,
but actually not possible
-- you see \ will not give you : \|
-- it will give you |\|

thus again breaking the query, but will disallow this character too

-- anyway inserting a character | every ONE character makes impossible to build a valid query by adding something at the alpha-index letter=....

i will disallow this character too,
if you have any further information or suggestions about security please don't hesitate to write

Regards

-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

More
11 years 4 months ago #32211 by kenmcd
Replied by kenmcd on topic SQL QUERY ERROR , alpha-index
Georgios,

The pipe character (|) is commonly used as a separator for the alpha-index.
Will this change affect that?

Ken
AllMedia4Joomla Project
Download AllMedia YouTube Feed Gallery module

Please Log in or Create an account to join the conversation.

More
11 years 4 months ago #32214 by ggppdk
Replied by ggppdk on topic SQL QUERY ERROR , alpha-index
Hello, Ken

the pipe character is used as display seperator, and is not related to OR seperator inside the SQL Query 's regular Expression

and there are no changes to the existing SQL query,

just some more code to makes sure that query can not be broken by adding quotes or slashes to the URL variable "&letter=somestring"

-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

Moderators: vistamediajoomlacornerggppdk
Time to create page: 0.268 seconds

Last FLEXI-site

Last Faq articles

Newsletter

Last Tutos about FLEXIcontent

Login

Save
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Essential
These cookies are needed to make the website work correctly. You can not disable them.
Display
Accept
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
Accept
Decline