I have searched in xoops.org the string "pagenav select".
I have obtained the result, but when i have clicked on them i have received an sql injection error.
This is the code of the link:



The "select" in keywords don't are sanitized in newbb module.

In my newbb version don't have this problem.
My newbb is a mix from alfred and irmtfan module.

This has nothing to do with your version of NewBB, but with Protector, which is checking _SERVER for SQL Injections.

Some servers always enable DB Layer trapping. It causes wrong detections as SQL Injection attack. This seems to be the case here with our server.

We could turn off the checking, but this would weaken the security of DB Layer trapping anti-SQL-Injection. Since searches like yours for "pagenav select" are very seldom, we probably leave it as it is to make sure that don't weaken our security checks.

It might work on your server because your server didn't enable DB Layer trapping.

i am confused
My server is able to DB Layer trapping and i able the control in the protector.
In my forum result i don't have query string:



No problem if is not a real security risk