Okay, I'm now quite curious.
Apparently, Wordpress is powered by MySQL, but as I posted above, SELECT 1 construction doesn't work; it will return all rows, displaying same value '1' for each row. I wonder if this could actually be a stored procedure or something like that?
EDIT: I think I'm just slow. It looks like SELECT 1 is supposed to replace SELECT * to provide better performance when we need to know how many rows or something else that doesn't really depend on actual data in table, which was why Brad used an subquery example, right?
And
Turtle, just so you know...
Quote:
|
Originally Posted by The Wikipedia Article on Wordpress
BlogSecurity currently maintains a list of WordPress vulnerabilities.[8]
In January 2007, many high-profile Search engine optimization (SEO) blogs, as well as many low-profile commercial blogs featuring Adsense, were targeted and attacked with a WordPress exploit.[9]
A separate vulnerability on one of the project site's web servers allowed an attacker to introduce exploitable code in the form of a back door to some downloads of WordPress 2.1.1. The 2.1.2 release addressed this issue; an advisory released at the time advised all users to upgrade immediately.[10]
In May 2007, a study revealed that 98% of WordPress blogs being run are exploitable.[11]
In a June 2007 interview, Stefen Esser, the founder of the PHP Security Response Team, spoke critically of WordPress's security track record, citing problems with the application's architecture that make it unnecessarily difficult to write code that is secure from SQL injection vulnerabilities, as well as other problems.[12]
|