$this->db->limit accepts negative number |
[eluser]ngkong[/eluser]
if (is_numeric($this->ar_limit)) { $sql .= "\n"; $sql = $this->_limit($sql, $this->ar_limit, $this->ar_offset); } negative number will be passed, however mysql doesn't accept negative for limit function. this is bad, i dont think there are many people who sanitized their pagination variables. if db_debug set true, visitors are able to see query just by giving a negative to the URL: http://example.com/news/all/-1 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-1, 20' at line 6 turning db_debug false will bring: Call to a member function result() |
Welcome Guest, Not a member yet? Register Sign In |