By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
431,805 Members | 1,202 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 431,805 IT Pros & Developers. It's quick & easy.

WordPress database error: help ?

P: 80
WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1]
SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND post_date_gmt <= '2011-04-13 08:52:59' AND (post_status = "publish") GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT -10, 10


can anyone help me with this error ?
Apr 13 '11 #1
Share this Question
Share on Google+
8 Replies


code green
Expert 100+
P: 1,726
The LIMIT -10, 10 looks wrong.
You are asking to start at row -10.
What are you trying to do?
Apr 14 '11 #2

P: 80
i ran a sql injection scan on my site and thats the result, is it a venerability ?
Apr 14 '11 #3

JKing
Expert 100+
P: 1,206
The scan told you there was a mysql error?

Is the error suppressed? Or is it printed to the page when the user navigates to the page in question?

If the error is being printed it could be a vulnerability by giving away details that would otherwise not be shown.
Apr 14 '11 #4

P: 80
yeah the error is being printed so do i fix this
Apr 14 '11 #5

JKing
Expert 100+
P: 1,206
Try this... I think the intent is to pull only 10 records.
Expand|Select|Wrap|Line Numbers
  1. SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND post_date_gmt <= '2011-04-13 08:52:59' AND (post_status = "publish") GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT 10
  2.  
Apr 14 '11 #6

P: 80
thats what gets printed on the site

WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1]
SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND post_date_gmt <= '2011-04-13 08:52:59' AND (post_status = "publish") GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT -10, 10
Apr 14 '11 #7

P: 80
this is the sql injection string that was used

index.php?paged=/archive/-1-5-2-Create Table

it was used at the end of a url
Apr 14 '11 #8

P: 80
and this to
index.php?paged=-25633&header.php?=-id
Apr 14 '11 #9

Post your reply

Sign in to post your reply or Sign up for a free account.