You are not logged in. Please login or register.
PunBB Forums → General discussion → A SQL question
Just been having a peek through the SQL logs, and noticed several entries along this line:
<2008-04-05 13:49:38 GMT>ERROR: 22001: value too long for type character varying(2000)
<2008-04-05 13:49:38 GMT>LOCATION: varchar, varchar.c:608
<2008-04-05 13:49:38 GMT>STATEMENT: UPDATE punbb_online SET logged=1207403378, prev_uri='[snipped]downloads.php?cat_id=6+and+1=2+union+select+concat[rest of line snipped for brevity]Was this a case of someone trying to exploit the db?
Yes, that was someone trying an SQL inject. The reason it's logged there is because the URL was too long for the field and PostgreSQL choked on it.
It's times like this when I'm glad I've heeded your advice to triple check and sanitise all input. 
Btw, that length restriction is the same one that bit me on the backside the other day with that new function. 
That's why it's up at 2000 now.
Just whilst on this subject, is there a certain string that would always be used when someone is attempting something like this? Just thought it might be worthwhile settting up a special redirect, for any muppets who decide to try again.
Not necessarily.
Not necessarily.
Did a Google on the subject to try and get an idea of things. It's a very expansive subject, ain't it? One doesn't appreciate just how many possibilities there are until you actually start researching the subject. It's a veritable minefield.
in the SQL Data base the maximum length of the field is 255 means if you enter the string whose length is grater then 255 then these type of error are occurred.
PunBB Forums → General discussion → A SQL question
Powered by PunBB, supported by Informer Technologies, Inc.