[Clipart] Openclipart.org shows database error

Greg Bulmash oneminuteinspirations at gmail.com
Thu Jul 12 07:26:14 PDT 2007 

Short Answer: Maybe you need to upgrade the version of Bad Behavior.

Long answer: Yanked every PHP file from the Bad Behavior 2.0.10 (most
recent) distribution into a text editor and did a global search for
Selects.  Found the query, but it's commented out and they've got a
number where INF would be.

================================================

//		FIXME: This is b0rked, but why?
//		if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
//			return "c1fa729b";

		// Screen for user agent changes
		// User connected previously with blank user agent
//		$q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . "
WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "')
AND `user_agent` != '" . $package['user_agent'] . "' AND `date` >
DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
		// Damnit, too many ways for this to fail :(
//		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
//			return "799165c2"

=================================================

Last option is that INF is intended to be a constant (did not find any
defining of INF as a constant in the 2.0.10 code, but didn't find that
exact query either).

Problem is, INF in caps is protected in some way.

<?php

define("INF",5,true);

echo INF; // Output: INF
echo inf; // Output: 5

?>


- Greg


Stephan Beal wrote:
> Hiya!
> 
> This error has nothing to do directly with the db version, but the db 
> schema. The query clearly uses a field named INF which is not actually 
> in the db table being queried. The error says:
> 
>>>> A database error has occurred
>>>> Query: SELECT `ip` FROM `mw_bad_behavior_log` WHERE `ip` LIKE
>>>> '127.0.0.1' AND `http_response` = 403 AND `date` >
>>>> DATE_SUB('2007-07-10 22:05:19', INTERVAL INF MINUTE)
> 
> The query is just plain broken - it's refering to a field which is not 
> defined in the query. According to the docs for DATE_SUB/DATE_ADD:
> 
> http://dev.mysql.com/doc/refman/5.0/en/date-and-time-functions.html#function_date-add
> 
> INF field is used, there should a number should be. In this case it's 
> referring to a field. Normally that would be legal (assuming the field 
> is numeric), but the field doesn't exist. For example, the following 
> works:
> 
> mysql> select DATE_SUB('2007-07-10 22:05:19', INTERVAL 1 MINUTE);
> +----------------------------------------------------+
> | DATE_SUB('2007-07-10 22:05:19', INTERVAL 1 MINUTE) |
> +----------------------------------------------------+
> | 2007-07-10 22:04:19                                |
> +----------------------------------------------------+
> 1 row in set (0.08 sec)

More information about the clipart mailing list