Sorry for the non-descriptive title… couldn’t think of what to call this.
But here’s the deal. I have a client who purchased a closed-source PHP script. He wants a feature added, but the jack*** developer won’t let me edit the source to the script.
But, I’ve been able to find an exploit in the script that allows me to manipulate it. Unfortunately, I hit a road block.
I have a query in the form
SELECT * FROM table WHERE something=something_else AND data=$1
I can add stuff to the end, for instance
SELECT * FROM table WHERE something=something_else AND data=$1 OR data=$2
But I can’t add or remove anything in the middle.
What I want to be able to do is this
SELECT * FROM table WHERE something=something_else AND (data=$1 OR data=$2)
But since the AND operator takes precedence over the OR operator, I can’t figure out how to do it.
Anyone have any ideas?
