Dedecms自定义执行sql: SELECT body FROM dede_addonarticle WHERE aid = (select max(aid) fromdede_addonarticle WHERE typeid=11) 时出现错误Safe Alert:Request Error step 2!
这是dedecms防sql注入的原因
可以修改dedesql.class.php文件,找到构造函数,将
function__construct($pconnect=FALSE,$nconnect=FALSE)
{
$this->isClose = FALSE;
$this->safeCheck = TRUE;
$this->pconnect= $pconnect;
if($nconnect)
{
$this->Init($pconnect);
}
}
修改为
function__construct($pconnect=FALSE,$nconnect=FALSE)
{
$this->isClose = FALSE;
$this->safeCheck = FALSE;
$this->pconnect= $pconnect;
if($nconnect)
{
$this->Init($pconnect);
}
}
或者为了安全性考虑,可以修改dedesql.class.php文件的if(!function_exists('CheckSql'))代码块,看情况注释相应的代码
我这里注释的是
elseif (preg_match('~([^)]*?select~is',$clean) != 0)
{
$fail = TRUE;
$error="sub select detect";
}