bb
Сообщений: 8
Оценки: 0
Присоединился: 2006-11-04 19:24:30.693333
|
коректный запрос ….index_id=2
делаю …index_id=2'выдает:
quote:
DBD::Oracle::db prepare failed: ORA-01756: quoted string not properly terminated (DBD ERROR: OCIStmtPrepare) [for Statement "select section_id from forum_topic where id=2'"] at /web/**/perl/lib/***.pm line 1607.
[/quote]
делаю …index_id=9999999999 union select section_id from forum_topic where id=2
выдает:
[quote]
DBD::Oracle::db prepare failed: ORA-00904: invalid column name (DBD ERROR: error possibly near <*> indicator at char 490 in 'select * from (SELECT
id,
mes_author , mes_title , mes_text ,
to_char(mes_date,'DD.MM.YY | HH24:MI') , mes_user_id,
rownum as num
FROM
(SELECT
id,
mes_author , mes_title , mes_text ,
mes_date, mes_user_id
FROM
forum_message
WHERE
topic_id = 99999999 union select section_id from forum_topic where id=2
order by <*>mes_date desc)) where num between 0 and 20') [for Statement "select * from (SELECT
id,
mes_author , mes_title , mes_text ,
to_char(mes_date,'DD.MM.YY | HH24:MI') , mes_user_id,
rownum as num
FROM
(SELECT
id,
mes_author , mes_title , mes_text ,
mes_date, mes_user_id
FROM
forum_message
WHERE
topic_id = 99999999 union select section_id from forum_topic where id=2
order by mes_date desc)) where num between 0 and 20"] at /web/**/perl/lib/***.pm line 617.
[/quote]
в чем ошибка? что не так? и как это исправить? чтобы получилась SQL-injection.
|
что не так с SQL-injection в Oracle? - 
