If you run the following URL it will cause a DB error:

http://www.vbulletin.com/forum/memberlist.php?s=&action=getall&what=&perpage=30&orderby=username&ausername=&ahomepage=&aicq=&aaim=&ayahoo=&joindateafter=&joindatebefore=&lastpostafter=&lastpostbefore=&postslower=0&postsupper=0&direction=ANYTHING

Not sure if its a bug, just thought I'd bring it up.

Well, since "ANYTHING" isn't a valid sort direction and I have my doubts that it is actually linked anywhere in vBulletin, I would have to go with not a bug.

Here's the error to be precise:

<!-- Database error in vBulletin: Invalid SQL: SELECT *
FROM user,userfield
WHERE 1=1 AND
user.userid = userfield.userid
AND usergroupid NOT IN (1,3,4)
ORDER BY username ANYTHING
LIMIT 0,30
mysql error: You have an error in your SQL syntax near 'ANYTHING
LIMIT 0,30' at line 6
mysql error number: 1064
Date: Saturday 06th of October 2001 03:46:41 PM
Script: /forum/memberlist.php?s=&action=getall&what=&perpage=30&orderby=username&ausername=&ahomepage=&aicq=&aaim=&ayahoo=&joindateafter=&joindatebefore=&lastpostafter=&lastpostbefore=&postslower=0&postsupper=0&direction=ANYTHING
Referer: http://www.vbulletin.com/forum/showthread.php?s=&postid=182121#post182121
-->One question: where the heck did you come up with such a URL? :confused:

I'm surprised there's nothing like this in the file:
if ($direction!="DESC") {
$direction="";
} else {
$direction="DESC";
}
like done on all(?) of the other files.

Steve, do a search in the member list and then go to page 2.

Worked just fine for me...got this URL:

vbulletin.com/forum/memberlist.php?s=&action=getall&what=&perpage=30&orderby=username&ausername=&ahomepage=&aicq=&aaim=&ayahoo=&joindateafter=&joindatebefore=&lastpostafter=&lastpostbefore=&postslower=25&postsupper=0&direction=DESC&pagenumber=2

and then this URL for the next page:

vbulletin.com/forum/memberlist.php?s=&action=getall&what=&perpage=30&orderby=username&ausername=&ahomepage=&aicq=&aaim=&ayahoo=&joindateafter=&joindatebefore=&lastpostafter=&lastpostbefore=&postslower=25&postsupper=0&direction=DESC&pagenumber=3

Plus you can also sort ASC so you'd have to modify that code a bit but I get your idea. :)

No Kevin, I was just saying how Razzie came up with that URL. :)

And this should also do it:
if ($direction!="DESC") {
$direction="";
}
if $direction is DESC, everything is good - "... ORDER BY blabla DESC ..."
If it's not DESC, they query will just be "... ORDER BY blabla ..." without anything, so it would really be ASC. :)


But I do think this should be solved.
Some members that like to be *******s could just sit there and refresh the page all day.
Could easily cause a serious headache for the admin...

How I came upon this error:

I was extending fastforwards hack (spider friendly urls) to also include the pagenav section of the page. The hack worked perfectly for the threads and forum display, but I recieved an error message in the mail, when one of my members tried to navigate in the members list, as I had not included that in the modificiation.

Couldn't someone add in some extra SQL statements to be executed by replacing ANYTHING into something like an embedded query?

Anyways, I'm sure the VB team will fix that "bug" as everytime someone clicks on that link above, they are getting a DB error in the mail! :o :D :eek: