Jump to content

SQL Toolbox, move 'select * from' out of the URL.


Wolfie

Recommended Posts

Some hosting companies are using Modsecurity or other security measures to safeguard against SQL injections and as a result, when in the ACP, SQL Toolbox and clicking on the number to view the records for a db table, instead of viewing the list an error will result. Since I'm using .htaccess to catch failed URL's, I'm getting a community message. However I can click to view the table structure and I can also do the query manually at the bottom of the page and have it work (select * from table_name) as the query isn't in the URL directly.

So either setting the record number to submit differently should fix it so that it won't create an issue on servers that have this security measure in place.

Link to comment
Share on other sites

  • 2 weeks later...

As an alterative to making the number do a submit, in case that would make it more work just to fix, perhaps including a couple of special commands that would get parsed to get around the issue. Such as the query being 'selectall table_name' would be converted to 'select * from table_name'. The 'selectall' would be a special command and would just be converted to 'select * from'. Gets around the security and should be a minimal code change to implement inside of the SQL toolbox.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...