Not really feasible with maria/mysql in this context.

Client-side arbitrary SQL like this still makes me queasy.
lsgs · Feb 28, 2024 · 0a7dca6 · 0a7dca6
1 parent 1f20b97
commit 0a7dca6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/ExtendedReports.php b/ExtendedReports.php
@@ -396,7 +396,7 @@ protected function saveReport($report_id) {
                 }
 
                 $_POST['rpt-sql'] = rtrim(trim($this->stripTabs($_POST['rpt-sql'])), ";");
-                if (!preg_match("/^select\s/i", $_POST['rpt-sql'])){ //TODO: Find out if we can break this into multiple SQL queries downstream and land an INSERT or something
+                if (!preg_match("/^select\s/i", $_POST['rpt-sql'])){ 
                     throw new \Exception('SQL is not a SELECT query \n<br> '.$_POST['rpt-sql']);
                 }
             } else {