Sorry for the non-descriptive title.. couldn't think of what to call this.

But here's the deal. I have a client who purchased a closed-source PHP script. He wants a feature added, but the jack*** developer won't let me edit the source to the script.

But, I've been able to find an exploit in the script that allows me to manipulate it. Unfortunately, I hit a road block.

I have a query in the form


SELECT * FROM table WHERE something=something_else AND data=$1

I can add stuff to the end, for instance


SELECT * FROM table WHERE something=something_else AND data=$1 OR data=$2

But I can't add or remove anything in the middle.

What I want to be able to do is this


SELECT * FROM table WHERE something=something_else AND (data=$1 OR data=$2)

But since the AND operator takes precedence over the OR operator, I can't figure out how to do it.

Anyone have any ideas?

SELECT * FROM table WHERE something=something_else AND data=$1 OR something=something_else AND data=$2

The problem is I don't know what "something" and "something_else" are. They're computed by the code I don't have and for me to generate those values I may as well just rewrite the whole thing from scratch.

I haven't tried it and honestly don't know how PHP handles it, but what if you just end the query with a semicolon and then start a new query.

SELECT * FROM table WHERE something=something_else AND data=$1; SELECT * FROM table WHERE ...

The problem there is that I still need to know "something" and "something_else"

Because I still want "...; SELECT * FROM table WHERE something=something_else AND data=$data2"

SELECT * FROM table WHERE where_expression AND data=value

so you know the query string is in this format. where_expression is an unknown expression. and value is the only part you can modify.

what you are asking for is beyond my ability. if calling this query doesn't modify the database, you can call two queries then union two results in PHP.

another way is to test the thing on your computer. capture the query string when you run the thing. don't know if you can log query requests on mysql server.

just outta curiosity... what is a "closed" php script... if you have the script, and access to the actual php document... why can't you modify the query string? Also... what does the script do? Have you tried looking for an "open-source" version of it.

You do need to tell your client that what he's asking is not possible.

to simplistik, he had a post awhile back about encrypted php. and you even posted a reply.

Yeah it's that same encrypted PHP script. It's actually a PHP/mySQL powered calendar.

The developer responded to the support ticket and said that while purchasers of the script are allowed to edit whatever they want.. he won't provide the unencrypted source.

So what I have is a frontend with a bunch of PHP calling functions that I have no documentation of and no way of seeing what they are or what they do and then backend access to the database.

Edit: More in depth of what I'm trying to do:

The encrypted code obviously loops through each day of the month and selects

SELECT event FROM calendar WHERE date=something_from_the_loop AND event_type=a_type

The client wants to be able to generate a calendar with multiple event types. This functionality isn't built in, and the PHP just returns a full calendar (not individual dates).

Which would be

SELECT event FROM calendar WHERE date=something_from_the_loop AND (event_type=a_type or event_type=another_type)

(If I could put in that parenthesis somehow...)

i got it, this requires mysql 4.1 or above for subquery support



SELECT event FROM calendar
WHERE date=some_date
AND event_type=ANY(SELECT event_type FROM calendar)
AND event_type IN (type_a, type_b)

Thanks! I think we're on the right track. It looks like that's almost working (no errors) but I get no results returned.

I think it's because I had to make

ANY(SELECT...) a string so the query looks like this


SELECT event FROM calendar
WHERE date=some_date
AND event_type='ANY(SELECT event_type FROM calendar)'
AND event_type IN (type_a, type_b) AND event_type!=''

(The event_type!='' is to allow that final apostrophe to not cause a syntax error because it is concatenated on the end in the encrypted code)

*throw my hands up*

get a gun and go the jack*** developer's place?

Haha, I may just have to break down and rewrite it if the client needs it badly enough. Good thing I bill by the hour. :D

Thanks for all your help.

not sure what your post had to do with ANYTHING puppy so I deleted it