My favorites | Sign in
Project Home Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
  Advanced search   Search tips   Subscriptions
Issue 67: group-page prints SQL-error when no arguments are provided
1 person starred this issue and may be notified of changes. Back to list
 
Project Member Reported by trenchcoat.philosopher@gmail.com, Jul 21, 2009
What steps will reproduce the problem?
1. Go to www.mandragon.be/service/.groupy or
test.mandragon.be/service/.groupy (the flaw exists in version 3 and
higher). Don't provide any arguments in the URL.
2. Notice that the page spits out a SQL-error.

What is the expected output?
Either a page that lets you add a group, or the add-a-group form. 

What do you see instead?

The following error:

ERROR: You have an error in your SQL syntax.  Check the manual that
corresponds to your MySQL server version for the right syntax to use near
'' at line 6

ON QUERY:

SELECT
	GROUPY.*, MEMBER.nick AS admin_nick, 0
FROM
	GROUPY INNER JOIN MEMBER ON GROUPY.admin = MEMBER.user_id
WHERE
	groupy_id = 

Picture 10.png
116 KB   View   Download

Powered by Google Project Hosting