THE POST BELOW IS MORE THAN 5 YEARS OLD. RELATED SUPPORT INFORMATION MIGHT BE OUTDATED OR DEPRECATED
On 22/07/2010 at 13:12, xxxxxxxx wrote:
There seems to be a bug in the forum search. I remembered starting a post asking a question about MSG_UPDATE and wanted to reread the replies. So I typed in MSG_UPDATE in the forum search looking for topics, and it listed 2 topics started by me, but when I selected either topic I get this error:
Server Error in Forum Application
WARNING: SQL Injection attack detected.
Please contact the forum administrator.
Support Error Code:- err_Access_SqlInjectionTest()
File Name:- functions_filters.asp
If I go back to the search and instead search for topics started by me, the 2 topics about MSG_UPDATE are included in the list, and when I click on them from that list, they're fine and I can read them.
I'm curious if the "_" character in "MSG_UPDATE" is causing a problem in the search?
On 22/07/2010 at 13:20, xxxxxxxx wrote:
Well, I tried other "MSG_" messages like "MSG_POINTS_CHANGED" and they seem to be fine in the search. Maybe it's just the "MSG_UPDATE" that causes the problem?
On 22/07/2010 at 23:59, xxxxxxxx wrote:
It seems to work fine here. Please try again.
On 23/07/2010 at 04:11, xxxxxxxx wrote:
Confirmed here. Do the search, click on a topic, and bang, server error as Dan posted.
On 23/07/2010 at 04:23, xxxxxxxx wrote:
A little more testing shows that this is because UPDATE is an SQL keyword. For some reason, it requires an underscore in front to cause the error. You can do a search for _SELECT or _DELETE (both SQL keywords) and get the same error. I guess any keyword will do it if it actually finds some search matches for that keyword.
Just a silly bug in the database code, I think.
On 23/07/2010 at 06:18, xxxxxxxx wrote:
Yep, the same thing happens with UNDO_DELETE. But it only affects the search when you choose to show "Topics". If you choose to show "Posts" then it's fine.
On 23/07/2010 at 06:40, xxxxxxxx wrote:
Ah, I missed the point that you had to click on one of the listed topics. I can now confirm this too.
On 23/07/2010 at 06:43, xxxxxxxx wrote:
I forwarded the issue.
On 23/07/2010 at 06:48, xxxxxxxx wrote:
Yeah, I normally like to list the topics so I can read the entire thread.
That error has popped up before, but I thought it was just a random error.