想取得Discuz!某个分区下的所有版块ID,包括二级版块的ID,用了下面的SQL语句,
SELECT * FROM `pre_forum_forum` where fup=1 or fup IN (SELECT fid FROM `pre_forum_forum` where fup=1)
但是DZ提示
(0) It is not safe to do this query
SELECT fid FROM `forum_forum` where fup=1 or fup IN (SELECT fid FROM `forum_forum` where fup=1)
SELECT * FROM `pre_forum_forum` where fup=1 or fup IN (SELECT fid FROM `pre_forum_forum` where fup=1)
但是DZ提示
(0) It is not safe to do this query
SELECT fid FROM `forum_forum` where fup=1 or fup IN (SELECT fid FROM `forum_forum` where fup=1)
这样的查询是不安全的这是 DZ 防注入警告
参考 http://www.freebuf.com/articles/web/8038.html你给 1 加上引号就应该可以了
是DZ不支持SQL语句嵌套。